
Nothing really new
This more ambitious approach, of looking for characteristic patterns in requests and data, has been used by top-end firewall manufacturers for at least 15 years and possibly longer. After all, it's the logical thing to do if you want to identify more attacks and thus have a chance of shutting them out, rather than having to clean up the damage afterwards.
However, like all "smart" software, I suspect it will turn out to have distinct limitations. The idea is somewhat similar, in the broadest terms, to that behind Web content filtering - and we know how well that works in practice. It always looks fairly straightforward, at first glance, to make software behave "intelligently" by making it carry out a set of rules. Trouble is, life tends to be a lot more complicated than any simple set of rules we can devise. There are exceptions, and the exceptions also have exceptions... and so on.