A device used to monitor network traffic for signs of malicious activity. Uses: Signature detection Anomaly detection Behavioral analysis