IDS (Intrusion Detection System) and IPS (Intrusion Prevention System) both increase the security level of networks, monitoring traffic and inspecting and scanning packets for suspicious data. Detection in both systems is mainly based on signatures already detected and recognized.

The main difference between one system and the other is the action they take when an attack is detected in its initial phases (network scanning and port scanning).

  • The Intrusion Detection System (IDS) provides the network with a level of preventive security against any suspicious activity. The IDS achieves this objective through early warnings aimed at systems administrators. However, unlike IPS, it is not designed to block attacks.
  • An Intrusion Prevention System (IPS) is a device that controls access to IT networks in order to protect systems from attack and abuse. It is designed to inspect attack data and take the corresponding action, blocking it as it is developing and before it succeeds, creating a series of rules in the corporate firewall, for example.



Intrusion Prevention System


Intrusion Detection System

System Type

Active (monitor & automatically defend) and/ or passive

Passive (monitor and Notify)

Detection mechanism

  • Statistical anomaly based detection
  • Signature detection:
    • Exploit-facing signatures
    • Vulnerability-facing signatures
  • Signature detection:
    • Exploit-facing signatures


Inline to data communication

Out of band from data communication

Anomaly response

Drop, alert or clean malicious traffic

Sends alarm/alert of detecting malicious traffic

Network performance impact

Slows down network performance due to delay caused by inline IPS processing

Does not impact network performance due to non-line deployment of IDS.


Preferred by most organizations since detection and prevention are automatically performed

Does not block legitimate traffic which might be blocked by IPS at times.

Pin It on Pinterest

Share This