Today's client side attack threats represent a boon for the attacker in ways to obfuscate, evade, and hide their attacks methods. Adobe PDF, Flash, Microsoft Office documents, and Javascript require a very deep understanding of the file format, how its interpreted in the Browser, and understanding of the byte code paths that some of these formats can generate. To effectively handle some of these types of attacks it requires processing of these files multiple times to deal with compression, obfuscation, program execution, etc. This requires a new type of system to handle this type of inspection. The NRT system allows for this deep file format understanding and inspection.

Near Real-Time Detection (NRT) is the result of extensive research into detection of attacks hidden inside numerous layers of compression, obfuscation, and evasion techniques across multiple file formats. NRT in its current form operates with the Snort detection engine, early stages here, future versions won't rely on any one particular IPS for getting data from network traffic. NRT addresses the issues with file format parsing by separating selected file types from transmitted data, which are then passed to additional detection engines either on local or distributed remote system(s). The intention is for the system to be extensible and not necessarily be a plugin for Snort.