Now, you have either opened ports on your firewall for your servers (for example, a web server and/or an e-mail server) to be accessed from outside, or you have internal users who access external sites and have returned traffic.
The traffic coming back to your network can be legitimate or malicious. An Intrusion Prevention System (IPS) scans the incoming traffic to detect, log, and block any malicious activities.
When we talk about IPS, it is unquestionable that we will also talk about the Intrusion Detection System (IDS). IPS and IDS are connected technologies. In fact, IPS has the IDS functionalities in addition to the ability to block malicious traffic. In the next section, we will cover the difference between IPS and IDS, how IPS/IDS can identify malicious traffic, and some countermeasures to take when an attack is detected.