In this chapter, we have discussed the approaches to detecting security policy violations without using specialized automated tools for detecting unauthorized activities. We have also considered the aspects that deserve special attention. However, in large corporate networks, "manual" detection becomes rather inefficient and, quite often, even impossible. From the purely physical point of view, it is impossible to control the integrity of thousands of files manually or, for example, analyze network traffic in real-time. This is the point where the automated intrusion detection systems become invaluable. Such systems will be covered in detail in the following chapters.