Cybersecurity
IPS
Definition
An Intrusion Prevention System (IPS) is a network security technology that examines network traffic flows to detect and prevent vulnerability exploits. It is an active system that can block malicious traffic in real-time.
Why It Matters
An IPS goes a step beyond an IDS by not only detecting threats but also actively stopping them. This provides a more proactive defense against network attacks.
Contextual Example
An IPS sits in-line with network traffic. When it detects a packet that is part of a known exploit, it can immediately drop that packet, preventing the attack from reaching its target.
Common Misunderstandings
- An IPS can be thought of as an IDS with the ability to take action.
- Because it sits in-line, a faulty IPS can accidentally block legitimate traffic or become a bottleneck if not configured properly.