Intrusion Detection Systems

TrustRadius Top Rated for 2023

Top Rated Products

(1-1 of 1)

CrowdStrike Falcon

CrowdStrike offers the Falcon Endpoint Protection suite, an antivirus and endpoint protection system emphasizing threat detection, machine learning malware detection, and signature free updating. Additionally the available Falcon Spotlight module delivers vulnerability assessment…

All Products

(1-25 of 55)

AlienVault USM

AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises…

CrowdStrike Falcon

CrowdStrike offers the Falcon Endpoint Protection suite, an antivirus and endpoint protection system emphasizing threat detection, machine learning malware detection, and signature free updating. Additionally the available Falcon Spotlight module delivers vulnerability assessment…

SolarWinds Security Event Manager (SEM)

SolarWinds LEM is security information and event management (SIEM) software.

Explore recently added products

Zscaler Internet Access

Zscaler Internet Access is delivered as a security stack as a service from the cloud, and is designed to eliminate the cost and complexity of traditional secure web gateway approaches, and provide easily scaled protection to all offices or users, regardless of location, and minimize…

AlienVault OSSIM

OSSIM leverages the power of the AlienVault Open Threat Exchange by allowing users to both contribute and receive real-time information about malicious hosts. AlienVault OSSIM is an open source Security Information and Event Management (SIEM) product. It is a unified platform providing:…

Juniper SRX

Juniper SRX is a firewall offering. It provides a variety of modular features, scaled for enterprise-level use, based on a 3-in-1 OS that enables routing, switching, and security in each product.

Cisco Secure IPS

Cisco Secure IPS (formerly Firepower Next-Generation Intrusion Prevention System, or NGIPS) is an intrusion detection response system that produces security data and enhances the analysis by InsightOps. The technology replaces the former Sourcefire 3D IPS. Cisco acquired Sourcefire…

Proofpoint Advanced Threat Protection

Proofpoint Advanced Threat Detection is a suite of threat detection products including Attack Protection for Email, SaaS applications, Mobile Defense, Threat Response, and Threat Intelligence.


Sourcefire developed Snort, an open source intrusion prevention system capable of real-time traffic analysis and packet logging. Snort was acquired (and is now supported) by Cisco in 2013.

Cynet 360

New York based Cynet offers their XDR platform Cynet 360, which monitors endpoints and networks, correlates and analyzes suspicious behavior, and provides automated remedial protection and manual remediation guidance to contain and eliminate cyber attackers.

Palo Alto Networks Advanced Threat Prevention

Palo Alto Networks Advanced Threat Prevention is an intrusion prevention system (IPS) used to stop zero-day attacks inline in real-time. In addition to the prevention of known threats, the solution helps to stop never-before-seen exploit attempts and command and control with its…

RackFoundry Total Security Management (discontinued)

RackFoundry was a firewall solution with VPN, SIEM, automated vulnerability scanning and log management features scaled for SME’s. It has been discontinued and is no longer available.

Cybereason Defense Platform

Cybereason EDR consolidates intelligence about each attack into a Malop (malicious operation), a contextualized view of the full narrative of an attack. Each Malop organizes the relevant attack data into an easy-to-read, interactive graphical interface, providing a complete timeline,…

Cisco IPS Sensor (Discontinued)

Cisco IPS Sensors have reached EOL, and EOS.

Trend Micro TippingPoint Threat Protection System (TPS)

The TippingPoint Threat Protection System (TPS) from Trend Micro is an intrusion detection and prevention system.

Trellix Intrusion Prevention System

Trellix Intrusion Prevention System (replacing the former McAfee Network Security Platform) is an intrusion detection and prevention system (IDPS) for on-prem or virtual networks.

Powertech Exit Point Manager for IBM i

Powertech Exit Point Manager for IBM i from HelpSystems allows users to reduce the risk of unauthorized and unaudited server access with system access monitoring, tracking and control software for IBM i.

Amazon GuardDuty

Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts and workloads.

Trellix Network Security

Trellix Network Security (formerly FireEye Network Security and Forensics products) combines network traffic analysis and network forensics for attack analysis .

SonicWall Capture Advanced Threat Protection (ATP)

SonicWall Advanced Threat Protection (ATP) provides sandboxing and intrusion detection for unknown or anomalous network traffic.

Security Onion

Security Onion is a free and open source Linux distribution for threat hunting, enterprise security monitoring, and log management, developed by the company of the same name in Evans. Their products include both the Security Onion software and specialized hardware appliances that…

ManageEngine EventLog Analyzer

ManageEngine's EventLog Analyzer provides log management, auditing, and IT compliance management. It can be downloaded for Windows or Linux.

Hornetsecurity Advanced Threat Protection

Hornetsecurity Advanced Threat Protection protects companies from Ransomware attacks, phishing, and ceo fraud. Hornetsecurity ATP enables users to protect their business against individually targeted attacks starting from the first malicious email. Its forensic analysis engines help…

Bitdefender Hypervisor Introspection

Bitdefender offers the Hypervisor Introspection (HVI) to provide zero-day threat and intrusion detection to enterprises, to detect suspicious activity by interacting directly with raw memory.

0 reviews

Salient CRGT headquartered in Fairfax offers Assure6i, an intrusion detection and prevention system dedicated to stopping malicious IPv6 traffic and attacks.

Learn More About Intrusion Detection Systems

What are Intrusion Detection Systems?

Intrusion detection systems (IDS) are software products that monitor network or system activities, and analyze them for signs of any violations of policy, acceptable use, or standard security practices. They then report any malicious activities or policy violations to system administrators.

IDS are often part of a broader digital security posture. Larger organizations and enterprises in particular will integrate intrusion detection systems into their security information and event management (SIEM) system. This integration is key at centralizing security alerts and management processes to make the business’s security systems more manageable.

A key benefit of intrusion detection systems is that they serve as an adaptable front line in a broader security alerting and management structure, particularly at enterprises with the resources and needs to maintain multiple lines of security. IDS also log suspected intrusion activity, which creates a paper trail that can be helpful for legal and regulatory reasons in some circumstances.

A common challenge for intrusion detection systems is the prevalence of false positives. IDSs tend to identify a lot of false positives in order to make sure that no intrusions slip by undetected. A key challenge and differentiator among IDSs is their ability to continually manage and reduce instances of false positives without compromising the core security offering of the product.

IDSs and IPSs

There has been an evolution in the IDS market to include a more “advanced” tier of systems that include prevention features specifically. Intrusion detection systems are concerned primarily with identifying potential incidents and logging information about them and notifying administrators of observed events.

However some systems, usually called instruction prevention systems, actively try to prevent intrusion threats from succeeding. They can do so by blocking traffic to or from certain IP addresses or block specific packets until an IT administrator validates it. The specific features offered will vary by product. As the market evolves, intrusion detection and prevention will likely converge into a single product as the norm, rather than the exception. Currently, there are still a large number of products that specialize into one or the other functionality.

Types of Intrusion Detection Software

There are two main types of intrusion detection systems:

  • Network-based systems: Network-based systems monitor network traffic for network segments or devices to identify suspicious activity

  • Host-based systems: Host-based systems monitor the characteristics of a single host, such as a computer, and events occurring within that host

Intrusion Detection Systems Comparison

When comparing intrusion detection systems, consider these factors:

  1. Detection vs. Prevention Focus: Some IDS providers have expanded to include more native prevention capabilities as well. These features can be very helpful, but some with additional up front and overhead costs to manage. Consider whether native intervention tools are necessary and whether there are preexisting tools in the organization that can serve that purpose already.

  2. Integrations with InfoSec Tech Stack: How well does each product integrate with the other network and application security products the organization uses? Consider reviewers’ experiences with those specific integrations, as well as any information vendors can provide about specific use cases.

  3. Standalone IDS vs. Security Platform: Security technology has been trending towards unification and centralization for years. Consider whether it is more helpful to the enterprise to have a standalone, specialized tool for intrusion detection, or adopt a larger security platform that bundles intrusion detection with other features like firewalls or SIEM systems.

Start an Intrusion Detection System comparison

Pricing Information

Intrusion detection systems will vary in price depending on whether it is a standalone system or part of a larger security suite. In the former case, standalone systems start at $1,000-2,000 and can scale up to $10,000+.

Related Categories

Frequently Asked Questions

What businesses benefit most from intrusion detection systems?

All businesses with an online presence can benefit from intrusion detection, as it can help them identify threats as quickly as possible. As these sites become more mission critical for businesses, or if they hold sensitive information, intrusion detection becomes more important.

Do intrusion detection systems provide any intrusion prevention tools?

Many IDS options provide features to help prevent intrusion in addition to detecting it. Similarly, many IDS tools are included in larger security platforms that provide preventative features. There are also some individual IDS tools that provide no intrusion prevention features.

Are there free or open source intrusion detection options?

There are some free intrusion detection options available, though they tend to be feature light, including only the essential intrusion detection features. These can be a good choice for businesses that already have intrusion prevention tools, or only need detection features.