I want to stop intrusion into our network. What security product do you use and like?

How large is your network?

What kind of traffic levels are you seeing?

Not all IDS/IPS's are created equally. I've had exposure to multiple vendor solutions and they are have their pro's and con's. Some are more effective than others at vafrying traffic levels. Some are more tunable than others.

How skilled are your security staff at tuning IDS/IPS policies, writing attack signatures for 0-day attacks/vulnerabilities, and analysing packet traces etc?

Lots to consider before spending the big bucks on a solution.

Personally, I'm liking the Endace NinjaProbe Snort-based Appliance. The rolling packet capture feature is awesome when it comes to analysing session traces to determine legitimate attacks, and false positives etc.

BTW, "stopping intrusions" is a lot more involved than deploying a good Firewall, or IPS solution. There are MANY other factors that need to be considered for effective defense in depth.

You need to take a layered approach to information security. Not ONE product/solution will solve your problem. You need appropriate policies, standards, procedures, user awareness/training in place to make it all work in unison.

Having an understanding of all the different types of attack vectors is crucial in effectively securing your environment.

.... and what does your Vulnerability & Patch Management program look like at your organisation? Does one even exist? Without such a program in place, any solution you deploy will be a futile exercise if your workstations/servers/switches/routers are plagued with serious vulnerabilities.

Lots to consider!