I sent a reply privately earlier to original request, about my own
personal preferences, but Gadi's reply prompted me to respond
publicly. 
All-in-all, I find that an IDS (NFR-style) has a quite useful
utility.
Your choice of such a utility is, of ourse, another matter
entirely.
- ferg
Edward W. Ray wrote:
Tipping Point IPS is the gold standard these days. Signature-based, which
annual fee to get the signatures. Signatures are usually weekly at a
minimum. I use the Unity 50, but they do have Gbps IPS. All of their IPSes
are "bump-in-the-wire" which means that you do not have to assign an address
(operates at layer2 instead of layer 3).
Not to say anything about Edward, but this thread is going to be mostly
full of commercial injections.
Except for one network I have been in charge with I have never found the
need for any I[DP]S product and find them an almost complete waste of
time and money.
Gadi.