Security has become one of the major concerns for today's networks. Network level defense mechanisms are of critical importance. They protect the enterprise as a whole including the users who do not apply host-based schemes for various reasons (reliability, overhead, conflicts, etc.). Three challenges need to be addressed for network level defense mechanisms: 1) highly accurate; 2) scalable to the high speed networks with a large number of users; and 3) adapt fast to the emerging threats. My research is to solve these challenges through building a high performance network defense and forensic system. Particularly, in this talk, I will present the design of NetShield, a new vulnerability signature based NIDS/NIPS which achieves high throughput comparable to that of the state-of-the-art regular expression based systems while offering much better accuracy. This is accomplished because of the following contributions: (i) we propose a candidate selection algorithm which efficiently matches thousands of vulnerability signatures simultaneously using a small amount of memory; (ii) we propose a parsing transition state machine that achieves fast protocol parsing. The core engine of NetShield achieves 1.9Gbps signature matching throughput for 794 HTTP vulnerability signatures on a 3.8GHz PC. We intend to implement the NetShield prototype as a better alternative for the popular NIDS Snort in terms of both accuracy and speed.