IDS vs IPS Concepts

Network Security Monitoring (NSM) is the practice of collecting, analyzing, and acting on network traffic to detect intrusions. Two foundational tools are the IDS and the IPS.

Both inspect packets for signs of attack, but they differ in one decisive way: an IDS watches and alerts, while an IPS watches and blocks. That difference shapes how and where you deploy each.

An Intrusion Detection System passively inspects a copy of network traffic. When traffic matches a signature or anomaly, it raises an alert for an analyst to investigate. It does not alter or stop the traffic.

Because it is out-of-band, an IDS cannot slow or break legitimate flows, and an IDS failure does not take the network down. The tradeoff: it detects after the fact, so the malicious packet has already reached its target.