Intrusion Prevention System (IPS) is a network security and threat prevention technology that examines network traffic to detect and prevent vulnerability exploits. The exploitation of security vulnerabilities often occurs in the form of hacking an application or a system and creating malicious input. After a successful attack, the target application can be disabled by the attacker (denial of service) or the attacker can gain access to all available rights and permissions on the compromised system/application.
IPS is placed directly in the network between source and destination, providing a complementary layer of analysis and security. In this way, it performs automatic actions for the network and systems, such as sending an alarm to the administrator, rejecting malicious packets, blocking traffic from the source address, and resetting the connection.
IPS detects a possible attack traffic to be blocked by different methods. Signature-based detection is one of these methods. Another method is Anomaly Detection. With the IPS anomaly detection feature, it can compare randomly observed network traffic samples using the previously calculated baseline performance level and takes action against network traffic activity outside of the baseline parameters.
Although IPSs are integrated into UTM and NGFW solutions, they are positioned alone not to compromise performance for enterprise structures, integration for an integrated security approach, and additional security measures that cannot be provided when operating as a component.