In the absence of context, IPS is an extremely event rich technology that can overwhelm a security team. Most IPS technologies -- not knowing what they are protecting – provide only a single data point upon which a complete forensic picture needs to be constructed before any action is taken. This process often takes a long time and costs organizations a lot of money. Making matters worse, determining which event will require close analysis is painstaking as well. In this presentation, Doug Hurd will show why a “contextual view” of the IPS process (which includes the state of assets and network activity before and after the attack) is essential to making peace with the IPS monster. Context has to be tightly integrated into the solution and real-time oriented to make today’s network security both effective and efficient.