Well, i talked to our other lead here at work and it seems that our kernel modifications, modules, and watcher app is going into its first alpha cycle. We are hoping to ship a product by august. This may be a little rushed but we think we can manage if we don't run into any large snags.
Our product, called ARIA, is integrated into the linux kernel and monitors system health. Health is determined by a calibration set collected from the kernel during nominal activity. If the health of the system moves our of a range set by the user then the user is notified. Its works reasonably well. You can tell when you are being port scaned or dosed.
A follow up tool called RIDS will be released shortly after the relese of ARIA. RIDS is defensive and will try to stop any anomalous activity that it sees on the system. I like to think this tool is only for the truly paranoid. :)
I feel that i should start running it at home before posting these props. Maybe, i'll calibrate it at my home machine and see if i can't detect malicious activity, after i go rile up some L33T h4x0rs. :)