Intrusion Prevention System (IPS) – protects against a broad array of attacks. They accept or deny traffic based on source Internet Protocol (IP) address, destination IP address, service/protocol and some application-level analysis and verification. These solutions interpret the intent of the application message, removing ambiguities found at the application-level and then performing application analysis to identify attacks. They are able to look for high impact deviations to protocol specifications, apply pattern matches (sometimes called signatures) in relevant service fields that represent attacks, and use special heuristics, statistical information, behavioral patterns, and many more characteristics that are representative of different types of attacks.
These solutions understand enough of the protocol to make application level decisions, without implementing the full client and server. They are generally managed using a rulebase, through which administrators control exactly how the application-level attack protection is applied throughout the network. Based on the predefined policy, identified attacks can trigger a variety of controlled responses, from alerting to dropping the malicious packet or connection from the network.