The system intrusion at the Framingham, Mass.-based retailer occurred last May but wasn't until mid-December -- seven months later.

In a similar incident at Ohio University last year, a server break-in that exposed the personal data of about 137,000 alumni went unnoticed for more than a year until it -- and several other breaches -- were last spring.

The time gap between the intrusion at TJX and its discovery, though large, isn't entirely surprising given the myriad ways attackers can gain access to systems and then conceal their tracks, said Drew Maness, a senior security strategist at a large entertainment company that he asked not be named. "The reason it's so difficult [to discover a data breach] is because it can come at you from any angle," Maness said. "With physical security, it's very rare that someone breaks in through a side wall on the eighth floor. With computer security, they come in through that side wall."

To quickly and consistently detect such intrusions, IT managers need to be able to collect and analyze literally every transaction flowing through their networks in real time, according to Maness. "You've got to know what every single packet on the network is doing, where it's coming from, where it's going and which ones are bad."

That can be a huge challenge, considering the sheer number of transactions and the terabytes of storage space required on a daily basis to capture and store all of them, said David Jordan, chief information security officer for Virginia's Arlington County. It also requires comprehensive modeling of typical network behavior enterprisewide so any abnormal activity can be pinpointed, Jordan said.