Skip to content Skip to navigation Skip to footer

What Is An IPS (Intrusion Prevention System)?

Contact Us Take the Cybersecurity Quiz

Intrusion Prevention System (IPS) Definition

An Intrusion Prevention system (IPS) is helps organizations in identifying malicious traffic and proactively blocks such traffic from entering their network. Products using IPS technology can be deployed in-line to monitor incoming traffic and inspect that traffic for vulnerabilities and exploits, and if detected then take appropriate action as defined in the security policy such as blocking access, quarantining hosts or block access to external websites that might result in a potential breach.

FortiGate IPS: Protect Against Known and Zero-day Threats | Intrusion Prevention System

FortiGuard offers a comprehensive security-driven network security service that delivers an industry-validated IPS service to enterprises. Purpose-built for enterprises and designed to deliver superior security efficacy and the industry’s best IPS performance. Powered by the AI/ML-driven threat intelligence from FortiGuard Labs.

Смотри сейчас

How Intrusion Prevention Systems Work

An IPS security service is typically deployed “in-line” where they sit in the direct communication path between the source and the destination, where it can analyze in “real-time” all the network traffic flow along that path and take automated preventive action. The IPS can be deployed anywhere in the network but their most common deployments are:

  • Enterprise Edge, Perimeter
  • Enterprise Data Center

An IPS can be deployed as a best of breed, standalone IPS or the same capability can be turned on in the consolidated IPS function inside a next-generation firewall (NGFW). An IPS uses signatures which can be both vulnerability or exploit specific to identify malicious traffic, Typically, these are either signature-based detection or statistical anomaly-based detection to identify malicious activity. 

  1. Signature-based detection uses uniquely identifiable signatures that are located in exploit code. When exploits are discovered, their signatures go into an increasingly expanding database. Signature-based detection for IPS involves either exploit-facing signatures, which identify the individual exploits themselves, or vulnerability-facing signatures, which identify the vulnerability in the system being targeted for attack. Vulnerability-facing signatures are important for identifying potential exploit variants that haven’t been previously observed, but they also increase the risk of false positive results (benign packets mislabeled as threats).
  2. Statistical anomaly-based detection randomly samples network traffic and then compares samples to performance level baselines. When samples are identified as being outside of the baseline, the IPS triggers an action to prevent potential attack.

Once IPS identifies the malicious traffic that can be network exploitable it deploys what is known as a virtual patch for protection. Virtual patch, acts as a safety measure against threats that exploit known and unknown vulnerabilities. Virtual patch works by implementing layers of security policies and rules that prevent and intercept an exploit from taking network paths to and from a vulnerability, thereby offering coverage against that vulnerability at the network level rather than the host level.

Secure Remote Access

FortiGate IPS Product Demo

Request Demo


While IDS systems monitor the network and send alerts to network administrators about potential threats, IPS systems take more substantial actions to control access to the network, monitor intrusion data, and prevent attacks from developing.



IPS was the evolution of Intrusion Detection System (IDS). IDS technology uses the same concept of identifying traffic and some of the similar techniques with the major difference being that IPS are deployed “in-line” and IDS are deployed “off-line” or on tap where they still inspect a copy of the entire traffic or flow but cannot take any preventive action. IDS are deployed to only monitor and provide analytics and visibility into the threats on the network.

How Fortinet Can Help

FortiGuard IPS security service is available for NGFW (hardware, virtual machine, as-a-service) FortiClient, FortiProxy, FortiADC and our Cloud Sandbox. Add our OT and IoT services to get even more granular protection for operational technology and IoT devices.

FortiGuard IPS with NGFW offers the following:

  1. Network-based virtual patching for business applications that are hard to patch or can’t be patched. This ensures protection against vulnerabilities without interrupting operations.
  2. Accelerated FortiGuard IPS capabilities thanks to Fortinet’s purpose-built content processor (CP9) on the FortiGate, to deliver the industry’s best IPS price and performance.
  3. Extended IPS to additional capabilities like SSL inspection (including TLS 1.3) to detect hidden malware, ransomware, and other HTTPS-borne attacks.

Cybersecurity Quiz