We can recommend a few intrusion detection systems (IDS), depending on your cloud service provider (CSP). These recommendations are the native solutions for these CSPs. If these choices don’t meet your needs, there are third-party tools available in each CSP’s marketplace that should be compatible.
If you are serverless and entirely in the AWS ecosystem, we recommend using AWS GuardDuty.
If you are using Microsoft Azure, use Azure Firewall for alerts and to block traffic to and from malicious IP addresses and domains. These are sourced from the Microsoft Threat Intelligence feed.
When payload inspection is required, you can use Azure Firewall’s Premium IDPS feature or choose a third-party intrusion detection/intrusion prevention system (IDS/IPS) from the Azure Marketplace with payload inspection capabilities.
Alternatively, you can use a host-based IDS/IPS or a host-based endpoint detection and response (EDR) solution alongside or instead of these network-based solutions.
If you are using Google Cloud Platform (GCP), Cloud IDS provides cloud-native network threat detection.