Commercial IDS / IPS Solutions

Gartner published its magic square for intrusion prevention systems ("Magic Quadrant for Intrusion Prevention Systems"), which can be a good benchmark for comparing different commercial IDS / IPS solutions. Some of the most notable are:

• Cisco (Sourcefire)
• McAfee Network Security Platform (NSP)
• Radware DefensePro IPS
• StoneSoft (McAfee)
• IBM Security Network Intrusion Prevention System

Keep in mind that there are Unified Threat Management - UTM solutions  that can contain IDS / IPS modules. Review with a QSA the validity of these platforms and their compliance with PCI DSS.

IDS / IPS Open Source Solutions

Listed below are some notable IDS / IPS solutions under OpenSource licensing:

• Meerkat
• Snort
• Bro

Technical reference: How to check if an IDS / IPS is generating alerts?

In order to ensure that the IDS / IPS solution implemented in the compliance environment generates the necessary alerts, it is necessary to develop periodic tests to validate the effectiveness and efficiency of intrusion detection. These tests can be linked to vulnerability scans (req. 11.2) and penetration tests (req. 11.3), using tools such as Nessus , Nmap or Metasploit .

On the other hand, a tool can be used that as such does not execute active attacks but injects in the network false (and harmless) traffic but belonging to real intrusions so that it is detected by the sensor, similar to how the antigens work in vaccines An example of these tools is IDSWakeUp . This script consists of two modules (IDSwakeup and iwu) that interact with hping2 and libnet to generate malicious traffic between two hosts.