KNOWLEDGE — THREAT DETECTION & MONITORING

IDS / IPS — Intrusion Detection and Prevention

An IDS detects known attack patterns on the network; an IPS goes a step further and blocks them.

Both work primarily from signatures — known patterns. That makes them fast against documented threats but blind to novel activity for which no signature exists yet.

Modern detection combines signatures with behavioral analysis to close that gap.

RELATED TERMS

NDR — Network Detection and Response
Threat Intelligence