You don’t have very difficult criteria (Price, management, etc.)
For price, you could use Snort. A cheap PC can be set up to run this.
To work with the PIX, you might consider the Cisco device, which also works as an Intrusion Prevention system.
For management, I would suggest an outsourced service model. ISS, CyberTrust, etc. They handle everything except escalations, which really cuts down on false alarms. Another less known service is Alert Logic www.alertlogic.net.
Obviously, you’ll need to make some choices based on which is the most important factor.