What if malware on your network has never been seen before? Malware writers are getting better and better about creating custom software to steal data from your network. The malware at Home Depot had never been seen before. Therefore, it could not be detected by traditional anti-malware programs. IDS programs would not be able to detect it. In fact the only way you could detect the attacks would have been through reviewing the log data and uncovering the suspicious activity.

Anti-virus, Anti-malware, IPS, and IDS systems rely on known signatures to detect know vulnerabilities, or their variants. They cannot, by design, detect something they don't know about.

Reviewing logs from all network sources (servers, firewalls, switches, desktops, SAN's) is the only way to know what is really happening on your network.