Awareness of network vulnerability often comes by a system monitoring alert, log file review or vendor press release. As a security administrator, your job is to quickly decide if it poses a real threat to your network, how to remedy that threat, and the priority for action. Your operational challenge is linking an alarm to actual network activity by specific users. The lack of specific data often forces security professionals to guess at the degree of exposure, or whether a breach actually occurred. Without sufficient network forensics data, your ability to identify the scope of a security event or verify compliance with security policy is ineffective.