Our walls of security prevention are actually being surmounted every day – we just don’t always know it. Assaults from within the network, as well as zero-day threats, are driving new types of solutions referred to as “advanced threat detection” (ATD). ATD brings in real-time packet capture and analysis in addition to monitoring of logs and NetFlow information, as well as recording of packet capture data for near-real-time and post-analysis. By analyzing data traffic, it is possible to build a profile of normal network behavior that can then be compared against real-time data or recorded data to detect anomalies. Alerts can be compared against security prevention solution data to assess if an attack is underway. Conversely, it can be used to determine “false positives.”