Definition
An Intrusion Prevention System (IPS) inspects network traffic for known attack signatures and anomalous patterns, blocking malicious traffic inline before it reaches the destination. Modern IPS combines signature matching (Snort/Suricata-style rule sets), protocol anomaly detection, and behavioral analytics. IPS is typically deployed at network choke points (perimeter, data center boundaries) and as a feature of NGFW. Endpoint security platforms including Symantec Endpoint Security Complete include host-based IPS (NIPS) for protocol-level protection at the endpoint. IPS is distinct from IDS (Intrusion Detection System), which only detects and alerts - IPS blocks.
Related terms
- IDS (Intrusion Detection System) - Network monitoring system that detects attacks and generates alerts - does not block inline.
- NGFW (Next-Generation Firewall) - Firewall with application-aware inspection, integrated IPS, URL filtering, and SSL decryption - beyond stateful packet filtering.
- EDR (Endpoint Detection and Response) - Endpoint security capability focused on detection, investigation, and response to threats that have evaded prevention.