Apparently Microsoft’s NIS made some sparkles on the web the other days.
It all seems to have started with a somehow badly formulated blog entry that touched a little bit of pride somewhere 
. [1]
This prompted Robert Graham to chip in and draw some missing lines. [2]
The thing is that NIS is not particularly here to solve false or positives negatives with a “state-of-the-art” IPS incorporating protocol analysis.
The missing link. [3]
The original blog entry looks to miss one piece of information(although linked into another document used as reference) that seems to have had as a result the “state-of-the-art” label misplaced.
The only “state-of-the-art” + protocol analysis combination that Microsoft itself originally mentioned(to my current knowledge) refers to the ability of creating easily protocols analyzers, without developing them using languages like C, see [3].
Regarding NIS and TMG a couple of things must be noted:
- currently it only provides protection for MS products.
- small database of signatures –> small threat coverage; many of them are exploit based, fewer are vulnerability based.
- as writing does not provide generic vulnerability based signatures for class of attacks.
- it does provide protocol anomaly detection for a number of protocols.
References
[1] https://www.infosecisland.com/blogview/15029-Threat-Blocking-With-Network-Inspection-System-NIS.html
[2] http://erratasec.blogspot.com/2011/07/those-who-dont-know-state-of-art-are.html
[3] http://research.microsoft.com/pubs/70223/tr-2005-133.pdf