Security expert: “I didn’t mean to imply that ‘the investigative role should preclude the protective role’ I support products which protect targets from exploitation. However, I believe the detection role should not be combined with the protection role. How can a single product that performs protection know when it has failed to provide protection? Only a separate detection product, focused on network audit, can do that.” This advice stands in stark contrast to researchers at Gartner and elsewhere who advocate removing IDS in favor of “deep inspection firewalls””]
Source: https://taosecurity.blogspot.com/2004/08/comments-on-firewalls-new-security.html