The original network intruders were often misfit geeks operating from boredom or a need for thrills. As businesses went online, a new kind of intruder arose – a thief, poking around for credit card numbers or a chance to add another spam slave to the botnet.

This new breed of intruder brings a sophistication that takes the threat to the level of cyber attack. Well-funded and highly skilled criminal organizations can stake out a network for months – sometimes years, keeping constant watch and trying every trick they know until they find a way to slip past security. Many of these organizations aren't just looking for a single hit – they want to stay on the network for the long term and generate revenue by stealing financial data, medical data, and trade secrets.

This new style of attack is often classified under the general category of Advanced Persistent Threat (APT). In addition to sophisticated criminal organizations, some APT attackers are actually spy agencies for foreign governments. To counteract this kind of next-generation attack, networks need next-generation defense tools. In particular, if the attack is "always on," the defense has to be "always on." It isn't enough to monitor the perimeter and launch a forensic study when you happen on evidence that something is awry.