In Information Security, intrusion detection is the act of detecting actions that attempt to compromise the confidentiality, integrity or availability of a resource.
In addition to using firewalls to block attacks, you can use intrusion detection systems to detect attacks and react to them. At some point you will have to let data into your internal network - otherwise, why bother having an Internet connection at all? No matter how heavily you firewall (even if you deny all by default), it is still possible for attacks to get through. By monitoring the content of data, you can detect attacks in progress, compromised machines behind the firewall sending out spurious data, and so on. Modern IDS systems typically consist of multiple monitoring stations connected to central servers that analyze the data. Thus, if an attacker probes for a weakness through one link and then tries to exploit it via another, there is a much better chance they will be detected. There are even companies that will handle the entire process for you, placing monitor stations at your location(s), collecting and analyzing the data, and providing assistance on how to deal with the attacks, etc. If you are on a tight budget, there are Open Source alternatives - Snort and Arachnids are one useful combination.
