The Naval Surface Warfare Center has developed a system (SHADOW) for monitoring network traffic and detecting various kinds of intrusion attempts. This talk will discuss the SHADOW architecture, and some lessons learned in network monitoring. We will also discuss some statistical approaches to network monitoring and ID. Finally, we will discuss some of the new threats that we are seeing, and that we expect to be seeing more of in the months to come.