Definition

An Intrusion Prevention System (IPS) inspects network traffic for known attack signatures and anomalous patterns, blocking malicious traffic inline before it reaches the destination. Modern IPS combines signature matching (Snort/Suricata-style rule sets), protocol anomaly detection, and behavioral analytics. IPS is typically deployed at network choke points (perimeter, data center boundaries) and as a feature of NGFW. Endpoint security platforms including Symantec Endpoint Security Complete include host-based IPS (NIPS) for protocol-level protection at the endpoint. IPS is distinct from IDS (Intrusion Detection System), which only detects and alerts - IPS blocks.

Related terms