Faced with today's sophisticated cyberattacks, classic intrusion detection systems often leave defenders with playing games of whack-a-mole. Offering an alternative, the open-source network security monitor Bro has become a driver behind a recent paradigm shift inside the incident response community: By facilitating data-driven, site-specific network traffic analyses, Bro empowers operators to defend their organizations against a broad range of attacks, from indiscriminate to highly targeted. This talk will recap Bro's evolution from a niche software developed by a small academic research group into a widely deployed system that's now protecting some of the world's largest organizations. We will examine Bro's scientific foundation, discuss experiences transitioning the system from a research platform to large-scale operational deployment, and present current research efforts that seek to further advance today's network defense capabilities.