You will need some type of intrusion detection/prevention system. <a href=”http://www.snort.org/”>SNORT</a> is one that can help identify rogue traffic based on signatures and rules. For this system to properly work though, it will need to be on a TAP or mirrored port to see all traffic on the network. This will be a challenge in a distributed network. You may need a sensor at each distribution facility to detect traffic that just stays local to that DF.
In the IT trenches? So am I – read my <a href=”http://itknowledgeexchange.techtarget.com/it-trenches”>IT-Trenches blog</a>