Apparently Microsoft’s NIS made some sparkles on the web the other days.
It all seems to have started with a somehow badly formulated blog entry that touched a little bit of pride somewhere . 
This prompted Robert Graham to chip in and draw some missing lines. 
The thing is that NIS is not particularly here to solve false or positives negatives with a “state-of-the-art” IPS incorporating protocol analysis.
The missing link. 
The original blog entry looks to miss one piece of information(although linked into another document used as reference) that seems to have had as a result the “state-of-the-art” label misplaced.
The only “state-of-the-art” + protocol analysis combination that Microsoft itself originally mentioned(to my current knowledge) refers to the ability of creating easily protocols analyzers, without developing them using languages like C, see .
Regarding NIS and TMG a couple of things must be noted:
- currently it only provides protection for MS products.
- small database of signatures –> small threat coverage; many of them are exploit based, fewer are vulnerability based.
- as writing does not provide generic vulnerability based signatures for class of attacks.
- it does provide protocol anomaly detection for a number of protocols.