Originally we used intrusion detection systems (IDS) to detect security policy violations in networks. There are several concerns to keep in mind when it comes to implementing an IDS in a network. Those concerns include (a) the placement of the IDS, (b) false positives, (c) false negatives, (d) reactive or passive versus an active device.
Do you still see a need to use IDS in modern enterprise networks? Why/Why not? Please provide justification for your choice.