workload characterization: priorities

coral/ocXmons (OC3,12,48, gigE)

persistent, real-time, full-frame collection 

dynamic packet filtering triggered by attack precursors 

security policy 
compliance auditing (passive) 
enforcement (active) 

 obstacles
hardware expensive
privacy issues 
IPsec