To prevent all cyber attacks

To detect a wide range of security violations

To encrypt network traffic

To manage network bandwidth

Lower cost

More detailed logging

Wider range of detection

Easier deployment

It must be placed where outbound packets are invisible

It must be placed where inbound and outbound packets are visible

It must be placed after encryption points

It must be placed only at network endpoints

Pattern Matching

Stateful Pattern Matching

Protocol Decode based analysis

Heuristic based analysis (based on practical experience and knowledge)

Early detection

Deterrence

Network acceleration

Future improvement through information collection

More detailed logging

Lower cost of deployment

Better detection of unknown attacks

Increased recovery capabilities

High network performance

Easy configuration

Very granular policy setting

No need for updates