Detection: Events are analyzed to determine if they might be a security incident. If we do not have
strong detective capabilities in and around our systems, we will most likely not realize we have a
problem until long after it has happened. The earlier we detect the events, the earlier we can
respond, IDS' can help us detect, where IPS' can help us detect and prevent further compromise.