I
IPS (Intrusion Prevention System)
A network security technology that monitors traffic for threats and automatically takes action to block or prevent malicious activities.
What is an IPS?
An Intrusion Prevention System (IPS) is a network security technology that monitors network traffic in real-time, identifies potentially dangerous activity, and automatically takes action to prevent threats. IPS operates inline, actively blocking malicious traffic.
IPS vs. IDS
| Feature | IDS | IPS |
|---|---|---|
| Position | Out of band | Inline |
| Action | Alert only | Block and alert |
| Latency | None | Minimal impact |
| Failure Mode | Network unaffected | Bypass or fail-closed |
Detection Methods
- Signature-based: Known attack patterns
- Anomaly-based: Statistical deviation detection
- Policy-based: Predefined security policies
- Reputation-based: Known malicious sources
IPS Actions
- Drop malicious packets
- Reset connections
- Block source IP addresses
- Quarantine affected systems
- Alert security teams
- Log events for analysis
Deployment Considerations
- Must handle network throughput without bottleneck
- Tuning required to minimize false positives
- High availability configuration needed
- Regular signature updates essential
- Integration with SIEM for correlation