Network Intrusion Detection Systems have a sole purpose which is to analyze data packets entering a network while looking for signatures of known malware. These signatures are constantly updated as new threats are detected so they are always on the lookout for a growing number of threats that keep on getting better and better at what they do. A detection system checks for any suspicious activity and then notifies the right people who then do the desired actions that have been laid out. Much like a citizen who calls the cops to report a criminal, it works the same way with the system being the caller and the dispatcher in detection side, and the cops on the System Administration side who takes action and apprehends the suspected criminal. They are however quite dependent on the ability of their handlers (System Administrator’s) to handle the threat as it should be. Miscalculations or lack of action can render it useless defeating its purpose. A better solution will be discussed in the next post that is more pro-active in the quest to protect the corporate network.