Malicious code threat environment continues to evolve with dramatic increases in data communication threats. Inbound data communication traffic such as hypertext transport protocol (http) data and inbound electronic mail attachments to such data dominates the traffic that an Intrusion Prevention System (IPS) appliance must process. Currently, the IPS vendors must make decisions weighing the complete threat coverage with throughput. In one approach, some vendors compromise level of detection for potential malicious contents to increase throughput.
Other IPS appliances with more complete threat coverage are implemented such that if the central processor utilization approaches in excess of a predetermined level, such as approximately 90%, the IPS appliance no longer checks for malicious code for specific protocol data traffic threat (for example, electronic mail traffic, file transfer protocol (ftp) traffic, or web (http) traffic). Still other IPS appliances have a mechanism which allows for certain type of data traffic to be passed through unchecked. These approaches typically trade off between throughput and risking potential for increased attack by malicious codes if undetected.