Intrusion Prevention System (IPS)

Sec+ Glossary 📖 • Network Security 🌐 • Security Operations 🛡️ • Difficulty: free

What is Intrusion Prevention System (IPS)?

An Intrusion Prevention System is a security control that monitors traffic or activity and actively blocks or disrupts malicious behavior based on detection rules. Unlike an IDS, which primarily alerts, an IPS is placed in-line or tightly integrated so it can prevent suspicious traffic from reaching its target.

Examples

An IPS blocks a known exploit attempt against a vulnerable web server before it reaches the application.
A network IPS drops traffic from a host performing rapid port scanning across internal systems.

Discover 🔎

Detection is helpful, but prevention can stop damage before it starts. That is the promise of an Intrusion Prevention System. An IPS watches for suspicious traffic patterns and actively intervenes, typically by blocking or dropping the traffic. This makes IPS powerful, but it also introduces risk, because false positives can interrupt legitimate business activity.

Remember: IDS tells you something might be wrong. IPS tries to stop it. The tradeoff is that prevention must be accurate enough to avoid breaking normal traffic.

Summary 📝

An IPS detects and actively blocks malicious traffic or behavior, often by operating in-line within the network path. It uses similar detection methods to IDS, but it takes immediate action to prevent harm. IPS provides strong protection when tuned carefully and deployed with staged rollout, because inaccurate blocking can disrupt normal operations.

Open the interactive lesson Browse more topics

Tip: The interactive version includes progress tracking, decks, and premium deep dives.