Intrusion Prevention Systems

An Intrusion Prevention System is a network security technology designed to monitor network traffic and system activities for malicious activity and known threats.

Its primary function is to identify and prevent cyber attacks in real time.

Unlike an Intrusion Detection Systems|Intrusion Detection System that only detects and alerts on potential threats, an IPS is proactive; it can take actions to block or prevent the threat. It might include dropping malicious packets, blocking traffic from offending IP Address|IP addresses or resetting connections.

IPS can be deployed as a network-based system to protect a whole network or as a host-based system to protect individual devices. Network-based IPS typically sits directly behind the Firewall|firewall to inspect all traffic, while host-based IPS is installed on individual servers or workstations.

IPS systems analyze network traffic in real time. They filter out potentially harmful packets and can be configured to recognize and allow legitimate traffic, thereby minimizing false positives.

Many IPS solutions are part of broader security systems and can integrate with firewalls, Security Information and Event Management (SIEM)|security information and event management (SIEM) systems, and other security technologies for more comprehensive protection.