Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) inspect network traffic to identify and in the case of IPS, block suspicious activity.
We undertake a wide range of services around IDS and IPS, from product selection and requirement capture, through to false-positive reduction and tuning. We are happy implementing products, monitoring their output or managing them as part of a managed service.
Services around IDS and IPS are some of our oldest offerings which we have seen evolve since the late 1990s. Our staff deployed the first Network IDS in use by the UK MOD 20 years ago and later installed Europe's largest IPS deployment with well over 1,000 sensors.
Such is the breadth and depth of our knowledge on the subject that our staff are regularly flown around the world by vendors to speak at conferences and to help improve the products and define the product roadmaps.
Open Source IDS. We are also extremely adept at deploying and configuring many of the open-source sensors such as Snort, Suricata, and Zeek (Bro). We have spoken at conferences about how to configure several commercial IDS to deploy Snort signatures and how to conduct advanced tuning on commercial IDS in order to turn on prevention without impacting service.