• Anomaly detection systems. Aside from the actual packet data traveling on the wire,
there are also traffic trends that can be monitored on the switches and routers to
determine whether unauthorized or anomalous activity is occurring. With Net-flow
and S-flow data that can be sent to an appliance or server, aggregated traffic on the
network can be analyzed and can alert a monitoring system if there is a problem.
Anomaly detection systems are extremely useful when there is an attack for which
the IDS does not have a signature or if there is some activity occurring that is
suspicious.