Although most organizations currently employ some form of network intrusion detection or prevention, they're typically using first-generation tools that lack the context needed to react and adapt in real-time. Without context, IDS/IPS will continue in its notoriety for an over-abundance of false-positives that keep administrators tracking down unimportant issues while missing those that are important.

Real-time adaptive intrusion systems integrate with network access controls and user data repositories for tracing events to systems and specific users, dynamically monitor traffic patterns to mitigate threats, leverage vulnerability assessment data to correlate with alerts to reduce false positives down to actionable alerts, and can be used to continuously tune sensors and rules.

All of these technologies and processes working together provides context that IDS/IPS needs to adapt to new threats in today's ever-changing network and threat environments. Real-time adaptive intrusion systems represent the next generation of IDS/IPS-adaptive, real-time, and accurately determining events, dropping non-events, and setting priorities.