A modern Intrusion Detection and Prevention system not only localizes attacks, but also learns and visualizes the network with all its connected clients and servers. That is how one can learn what devices and software is in use, what communication relationship exist, and eventually more easily determine what security measures must be taken.
In terms of security policies applications, and the user groups can also be taken into account in addition to IP-addresses and protocols. In this manner flexible policies develop, that also function in the modern, mobile world
It is particularly interesting to be able to not only see what threats can be found today, but also look back into the past. Imagine if an unknown attack took place last Monday (for examply through O-Day Exploit). It is discovered today and one can retrace what systems were attacked and how the infection spreads in the internal net.