Observations on IDS / IPS

I have been involved in some IDS / IPS testing lately, and I recently saw a good presentation by Simple Nomad at a local Texas security conference on the subject.  Based on my observations and the presentation, a few things have struck me.

A lot of IDS's and IPS's use signatures that only see attacks on the ports they are likely to occur on. Now I know some say that you should know your environment well enough to know what ports you are using so that any other attack would be invalid, but that is not always a realistic scenario. I am thinking that signature writers should really not limit themselves in that regard. of course, if the hardware can't handle that, then you have some problems.

Somebody needs to get a 10 gig box out there. The client I have been dealing with this week is moving to 10 gig between their core and their distribution layers. Though they will not be using that much bandwidth, they are planning on the requirment now since they push A LOT of graphics. I know it ain't gonna be easy, but the first one is probably going to tear it up.

Why does the interface on these boxes need to be so nasty? I know a technical person can really get used to anything, but I don't want to have a huge learning curve to get used to an interface. Make it more logical. Just because you give a lot of granularity and options does not mean you can't put more thought into what the user has to see and work with.