Is network intrusion detection software being used correctly