I've been researching Intrusion Detection Systems (IDS) and am trying to get a better grasp on their functionalities and the most effective ways to deploy them in a small to medium-sized business environment. I've come across a few different types, like network-based IDS and host-based IDS, but I'm not entirely sure how to determine which is more suitable for my needs or if a combination of both is recommended.
Additionally, I'm a bit concerned about false positives and how they might impact our operations. How do you typically achieve a balance between sensitivity and accuracy in detecting intrusions? Are there specific strategies or best practices for minimizing false positives?
Lastly, any suggestions on open-source vs. commercial IDS solutions? I've seen tools like Snort and Suricata mentioned frequently, but I'm open to other recommendations as well. Any insights or experiences would be greatly appreciated!