Network Security IDS vs NetFlow

[Daniel Foerst <foerst () CUA EDU>]

Hey all,

So we are looking into augmenting and increasing our network security. 
We already have a number of security appliances and solutions in place, 
but recently there has been a push for an Intrusion Detection System. 
Now without going into all our preventative measures, I will say that we 
have at least an IPS solution that is used in several locations on our 
network, but not a IDS.

I recently attended a webinar by LanCope and their strategy for 
increasing network visibility and security is to leverage NetFlow in our 
routers and switches (those that are capable) to baseline and then 
monitor traffic flows.

Now an IDS, to my understanding, is a solution that would require 
multiple network sensors that listen and chirp when many false positives 
occur until we have had enough data received and man time to tune the 
system to our needs.

 Given these two scenarios, what are you thoughts and how would you 
suggest to proceed? I do not want to walk into a meeting (adhoc or 
structured) without enough understanding, but specifically I would like 
to know others in education that have implemented such solutions.

Personally I like the LanCope solution of leveraging technology we 
already have in place and only requiring one or two collectors vs the 
need to place multiple sensors all over the network. However I am 
cognizant enough that buzz words and naming schemes tend to hold a lot 
of weight and as such an "Intrustion Detection System (IDS)" will likely 
seem to be the "needed solution" over a "monitoring/ flow collection 
solution".

If any of you wouldn't mind sharing your solutions (I fully understand 
if you can't or don't) or recommend one vendor over another, that would 
be great too!

Thanks in advance for any help and guidance!

-dan