Intrusion detection is far from a perfect science. Intrusion detection systems are meant to serve as an alerting system for security administrators. You cannot rely entirely on an IDS to detect all attacks directed at a network. Many vendors are selling IDS solutions that can proactively configure a firewall to block an attacker's traffic from the network. Such solutions sometimes create a false sense of security. Further work with IDS is required for more effective solutions than now exist.