Intrusion Prevention System (IPS)
What is Intrusion Prevention System (IPS)?
Intrusion Prevention System (IPS)An inline security control that detects malicious traffic and actively blocks, resets, or scrubs it in real time.
An Intrusion Prevention System (IPS) sits inline in the data path and applies the same detection techniques as an IDS — signatures, anomaly models, protocol analysis, reputation lookups — but with the authority to drop packets, terminate sessions, quarantine flows, or trigger automated responses. Modern IPS are typically integrated into NGFWs or delivered as cloud SASE inspection. Because false positives can cause outages, IPS rules are rolled out in detection mode first, then promoted to blocking after tuning. Effective IPS deployments rely on up-to-date threat-intel feeds, encrypted-traffic inspection where appropriate, throughput sizing, fail-open vs fail-closed planning, and integration with SIEM/SOAR for response.
● Examples
- 01
A Snort or Suricata IPS dropping packets that match an EternalBlue exploit signature.
- 02
A Palo Alto Threat Prevention module blocking an outbound C2 beacon based on a URL category.
● Frequently asked questions
What is Intrusion Prevention System (IPS)?
An inline security control that detects malicious traffic and actively blocks, resets, or scrubs it in real time. It belongs to the Network Security category of cybersecurity.
What does Intrusion Prevention System (IPS) mean?
An inline security control that detects malicious traffic and actively blocks, resets, or scrubs it in real time.
How do you defend against Intrusion Prevention System (IPS)?
Defences for Intrusion Prevention System (IPS) typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Intrusion Prevention System (IPS)?
Common alternative names include: IPS.