The ongoing need to protect key nodes of network infrastructure has been a pressing issue since the outburst of modern Internet threats. This paper presents ideas on building a novel network-based intrusion prevention system combining the advantages of different types of latest intrusion detection systems. Special attention is also given to means of traffic data acquisition as well as security policy decision and enforcement possibilities. With regard to recent trends in PaaS and SaaS, common deployment specific for private and public cloud platforms is considered.