Polymorphic malware is designed to evade traditional signature-based security tools by constantly changing its code. A stateful firewall lacks the deep inspection capabilities to counter this. A heuristics-based Intrusion Prevention System (IPS) is the necessary technology to address this threat. Unlike signature-based systems that look for known malicious patterns, a heuristics-based IPS analyzes the behavior of network traffic and executable code. It identifies suspicious actions and characteristics (e.g., unusual port access, attempts to modify system files, communication with known command-and-control servers) that are common to malware, regardless of its specific signature. This behavioral analysis is effective at detecting and blocking previously unseen or polymorphic malware variants, fulfilling the company's goal.

A. A web application firewall is specialized for protecting web applications from attacks like SQL injection and XSS, not for general network malware detection.

B. Physical security controls protect against unauthorized physical access to equipment and facilities, which is irrelevant to defending against software-based malware threats.

C. A network performance monitor is designed to track operational metrics like latency and bandwidth utilization, not to perform security analysis or detect malicious code.

1. Cisco, Cisco Secure IPS (formerly Firepower NGIPS) Data Sheet: "Cisco Secure IPS provides multiple layers of advanced threat protection. It stops more threats, including both known and unknown attacks, with one of the industry’s most effective IPS... It continuously analyzes network activity for suspicious behavior to rapidly detect and stop stealthy attacks before they cause damage." This highlights the capability to stop unknown attacks through behavioral analysis, which is key to defeating polymorphic malware.

2. NIST Special Publication 800-94, Guide to Intrusion Detection and Prevention Systems (IDPS), Section 2.2.2, "Detection Methodologies": This document describes anomaly-based detection, a category that includes heuristics. It states, "The primary benefit of anomaly-based detection is that it can be effective at detecting previously unknown threats." This directly supports the use of such systems against new variants like polymorphic malware.

3. Cisco Press, CCNP and CCIE Security Core SCOR 350-701 Official Cert Guide, Chapter 20, "Intrusion Prevention and Content Security": The guide explains that Next-Generation IPS (NGIPS) goes beyond static signatures. It discusses how these systems use "policy and rule sets that can be based on traffic anomalies, compliance, or behavior," which is the principle behind using heuristics to identify and block threats like polymorphic malware that signature-based methods would miss.