Richard Bejtlich is one of the best sources of information and reasonable opinions about intrusion detection.