Intrusion Detection Systems
Intrusion Detection Systems Overview
Top Rated Intrusion Detection Products

These products won a Top Rated award for having excellent customer satisfaction ratings. The list is based purely on reviews; there is no paid placement, and analyst opinions do not influence the rankings. Read more about the Top Rated criteria.
Intrusion Detection Products
(1-25 of 54) Sorted by Most Reviews
The list of products below is based purely on reviews (sorted from most to least). There is no paid placement and analyst opinions do not influence their rankings. Here is our Promise to Buyers to ensure information on our site is reliable, useful, and worthy of your trust.
AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises…
Key Features
- Centralized event and log data collection (5)68%6.8
- Event and log normalization/management (7)67%6.7
- Custom dashboards and workspaces (7)61%6.1
Key Features
- Centralized event and log data collection (18)85%8.5
- Event and log normalization/management (36)73%7.3
- Custom dashboards and workspaces (34)49%4.9
CrowdStrike offers the Falcon Endpoint Protection suite, an antivirus and endpoint protection system emphasizing threat detection, machine learning malware detection, and signature free updating. Additionally the available Falcon Spotlight module delivers vulnerability assessment…
Key Features
- Malware Detection (33)95%9.5
- Centralized Management (33)93%9.3
- Infection Remediation (33)92%9.2
OSSIM leverages the power of the AlienVault Open Threat Exchange by allowing users to both contribute and receive real-time information about malicious hosts. AlienVault OSSIM is an open source Security Information and Event Management (SIEM) product. It is a unified platform providing:…
Key Features
- Custom dashboards and workspaces (16)93%9.3
- Event and log normalization/management (18)83%8.3
- Correlation (11)79%7.9
RackFoundry was a firewall solution with VPN, SIEM, automated vulnerability scanning and log management features scaled for SME’s. It has been discontinued and is no longer available.
Key Features
- Event and log normalization/management (6)10%1.0
- Custom dashboards and workspaces (6)10%1.0
Learn More About Intrusion Detection Systems
What are Intrusion Detection Systems?
Intrusion detection systems (IDS) are software products that monitor network or system activities, and analyze them for signs of any violations of policy, acceptable use, or standard security practices. They then report any malicious activities or policy violations to system administrators.
IDS are often part of a broader digital security posture. Larger organizations and enterprises in particular will integrate intrusion detection systems into their security information and event management (SIEM) system. This integration is key at centralizing security alerts and management processes to make the business’s security systems more manageable.
A key benefit of intrusion detection systems is that they serve as an adaptable front line in a broader security alerting and management structure, particularly at enterprises with the resources and needs to maintain multiple lines of security. IDS also log suspected intrusion activity, which creates a paper trail that can be helpful for legal and regulatory reasons in some circumstances.
A common challenge for intrusion detection systems is the prevalence of false positives. IDSs tend to identify a lot of false positives in order to make sure that no intrusions slip by undetected. A key challenge and differentiator among IDSs is their ability to continually manage and reduce instances of false positives without compromising the core security offering of the product.
IDSs and IPSs
There has been an evolution in the IDS market to include a more “advanced” tier of systems that include prevention features specifically. Intrusion detection systems are concerned primarily with identifying potential incidents and logging information about them and notifying administrators of observed events.
However some systems, usually called instruction prevention systems, actively try to prevent intrusion threats from succeeding. They can do so by blocking traffic to or from certain IP addresses or block specific packets until an IT administrator validates it. The specific features offered will vary by product. As the market evolves, intrusion detection and prevention will likely converge into a single product as the norm, rather than the exception. Currently, there are still a large number of products that specialize into one or the other functionality.
Types of Intrusion Detection Software
There are two main types of intrusion detection systems:
Network-based systems: Network-based systems monitor network traffic for network segments or devices to identify suspicious activity
Host-based systems: Host-based systems monitor the characteristics of a single host, such as a computer, and events occurring within that host
Intrusion Detection Systems Comparison
When comparing intrusion detection systems, consider these factors:
Detection vs. Prevention Focus: Some IDS providers have expanded to include more native prevention capabilities as well. These features can be very helpful, but some with additional up front and overhead costs to manage. Consider whether native intervention tools are necessary and whether there are preexisting tools in the organization that can serve that purpose already.
Integrations with InfoSec Tech Stack: How well does each product integrate with the other network and application security products the organization uses? Consider reviewers’ experiences with those specific integrations, as well as any information vendors can provide about specific use cases.
Standalone IDS vs. Security Platform: Security technology has been trending towards unification and centralization for years. Consider whether it is more helpful to the enterprise to have a standalone, specialized tool for intrusion detection, or adopt a larger security platform that bundles intrusion detection with other features like firewalls or SIEM systems.
Pricing Information
Intrusion detection systems will vary in price depending on whether it is a standalone system or part of a larger security suite. In the former case, standalone systems start at $1,000-2,000 and can scale up to $10,000+.