A server-centric approach to security analysis can overwhelm a network and require large amounts of processing power. A sensor-centric approach, in which the bulk of an analysis is performed by sensors, requires more processing power and memory. But a split-analysis approach might prove just right.