Intrusion Prevention System (IPS)

Security+ 🏆 • Network Security 🌐 • Security Operations 🛡️ • Difficulty: free

Definition

An Intrusion Prevention System is a security control that monitors traffic or activity and actively blocks or disrupts malicious behavior based on detection rules. Unlike an IDS, which primarily alerts, an IPS is placed in-line or tightly integrated so it can prevent suspicious traffic from reaching its target.

Examples

An IPS blocks a known exploit attempt against a vulnerable web server before it reaches the application.
A network IPS drops traffic from a host performing rapid port scanning across internal systems.

Discover 🔎

Detection is helpful, but prevention can stop damage before it starts. That is the promise of an Intrusion Prevention System. An IPS watches for suspicious traffic patterns and actively intervenes, typically by blocking or dropping the traffic. This makes IPS powerful, but it also introduces risk, because false positives can interrupt legitimate business activity.

Remember: IDS tells you something might be wrong. IPS tries to stop it. The tradeoff is that prevention must be accurate enough to avoid breaking normal traffic.

Open the interactive lesson Browse more topics

Tip: The interactive version includes progress tracking, decks, and premium deep dives.