The Securepoint Unified Threat Management (UTM) security solutions provide all important security applications (firewall, VPN gateway, virus scanner, spam filter, Web filter, IDS, etc.) within a corresponding server environment, to ensure smooth updates of all systems and to make the everyday usage of these systems successful and secure for companies. They are available as UTM hardware appliances, as virtual appliances, and as a pure software solution which can be installed on standard computer systems and may be adjusted according to individual requirements. Securepoint is Windows 7-ready and supports IKEv1 and IKEv2.
The Realeyes IDS captures and analyzes full sessions. When an incident is reported, the graphical user interface will display both halves of the session to determine what occurred. The GUI also provides management of application users, sensors, and a database. Realeyes is a replacement for the RenaissanceCore software.
LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. That can mean many things, but the only scenario in which LibHTP has been tested so far is the one when you need to parse a duplex HTTP stream that you have obtained by passively intercepting HTTP traffic. Just feed the raw TCP stream to LibHTP and it will do the rest.
TinyIDS is a distributed intrusion detection system (IDS) for Unix systems. It is based on the client/server architecture and has been developed with security in mind. The client, tinyids, collects information from the local system by running its collector backends. The collected information may include anything, from file contents to file metadata or even the output of system commands. The client passes all this data through a hashing algorithm and a unique checksum (hash) is calculated. This hash is then sent to one or more TinyIDS servers (tinyidsd), where it is compared with a hash that had previously been stored in the databases of those remote servers for this specific client. A response indicating the result of the hash comparison is finally sent back to the client. Management of the remotely stored hash is possible through the client's command line interface. Communication between the client and the server can be encrypted using RSA public key infrastructure (PKI).
NSIA (Network System Integrity Analysis) is a Web application monitoring system that scans sites for potentially unwanted context such as defacements, unauthorized changes, errors, information leaks, profanity, and compliance issues. It operates as an IDS (Intrusion Detection System) for Web sites.
Suricata is an Intrusion Detection and Prevention (IDS/IPS) engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support, file extraction capabilities, and many more features. It's capable of loading existing Snort rules and signatures, and supports many frontends through Barnyard2.
WormTrack is a network IDS that allows detection of scanning worms on a LAN by monitoring anomalous ARP traffic. This allows detection of scanning threats on the network without having privileged access on a switch to set up a dedicated monitor port. It does not require constant updating of the rules engine to address new threats.
Hawk IDS/IPS is a lightweight log analyzer which was designed to be fast and efficient. It scans log files on the fly and bans IPs which make too many password failures. It adds iptables rules to reject the IP addresses. You can define the logfiles. Hawk provides a unique Web interface and flexibility, and supports sshd, dovecot, courier, pure-ftpd, proftpd, cPanel, and DirectAdmin.
StopHack is a simple to use and easy to install intrusion prevention system. It is fully adaptable and easily customized to your environment. It is built on top of proven bandwidth arbitration technology so the traffic passing through it won't be slowed down. Every packet is analyzed with regular expression-based behavior anomaly detection, and hackers are blocked immediately. It prevents reflected cross-site scripting, SQL injection, directory traversal, reflected URL redirects, login brute forcing, remote shell execution, and more.