Mike Fratto; Network Computing, Editor
Before you can prevent an attack, you have to detect it. Traditional signature based IDS’s are prone to false positives and can only detect malicious traffic it has signatures for. Network anomaly detection can point out strange traffic patterns, but the source may or may not be malicious. Detecting attacks means crafting a detection strategy that maximizes detection and minimized false positives and negatives.