Also known as IPS. A network security and threat prevention technology that typically sits behind the firewall and examines the flow of network traffic to detect vulnerabilities – malicious activity or policy violations – and prevent their exploitation. That exploitation is usually in the form of malicious inputs into a target application or service.
The goal of attackers is to gain control of a machine or application and then disable or access it. Unlike an intrusion detection system (IDS), which passively scans traffic and reports back on the threats it detects, an IPS actively analyzes and takes automated actions on network traffic flows. Those actions include dropping malicious packets, sending an alert to the administrator, blocking traffic from the source address, and resetting the network connection.
Most network-based IPSes detect malicious activity by comparing traffic patterns to pre-defined signatures or by using heuristics to detect deviations from known normal behavior.