Network Security
Intrusion Prevention System (IPS)
Also known as: IPS
Definition
An inline security control that detects malicious traffic and actively blocks, resets, or scrubs it in real time.
Examples
- A Snort or Suricata IPS dropping packets that match an EternalBlue exploit signature.
- A Palo Alto Threat Prevention module blocking an outbound C2 beacon based on a URL category.
Related terms
Intrusion Detection System (IDS)
A passive security control that monitors network or host activity for malicious behaviour and raises alerts without blocking traffic.
Next-Generation Firewall (NGFW)
An advanced firewall that combines stateful inspection with application awareness, integrated IPS, user-identity controls, and TLS inspection to enforce richer policies.
Signature-Based Detection
A detection method that compares observed traffic, files, or behaviour against a database of known-bad patterns (signatures) to flag malicious activity.
Anomaly-Based Detection
A detection approach that builds a baseline of normal activity and flags deviations from it as potentially malicious.
Deep Packet Inspection (DPI)
An inspection technique that examines the full payload of network packets — not just headers — to identify applications, content, and threats.
Network-Based IDS (NIDS)
An intrusion-detection sensor that inspects traffic captured from a network segment to identify malicious patterns and policy violations.