Top 8 Intrusion Detection and Prevention Software (IDPS)

DarktraceCheck Point IPSFortinet FortiGate IPSCisco NGIPSVectra AICisco IOS SecurityPalo Alto Networks Threat PreventionKerioControl
  1. leader badge
    The AI functionality to detect and respond to threats is what I like about it. It's a great product, and it helps a lot in detecting any anomalies with its AI capabilities. There is a feature called Antigena that helps you automate it in terms of responding to any anomalies on the network.
  2. Its event analysis and centralization features are very important for any organization.The database is constantly updated to be aware of all the viruses or vulnerabilities that are generated.
  3. Buyer's Guide
    Intrusion Detection and Prevention Software (IDPS)
    January 2023
    Find out what your peers are saying about Darktrace, Check Point, Fortinet and others in Intrusion Detection and Prevention Software (IDPS). Updated: January 2023.
    672,785 professionals have used our research since 2012.
  4. The most valuable feature for us is the GUI. We like signature-based anomaly detection and zero-day protection features.
  5. NGIPS' best feature is the separate IPSec tunnels, which makes the user's data more secure if they want to access it privately.The most valuable feature would be the IPS is very important in Cisco Firepower because I can configure deep configuration in IPS and tuning.
  6. What I like best about Vectra AI is that it alerts you about suspicious activities.The most useful feature is the anomaly detection because it's not signature-based. It picks up the initial part of any attack, like the recon and those aspects of the kill chain, very well.
  7. The solution effectively integrates with Umbrella.Cisco IOS Security has many good features, but compared to other solutions, it has a more user-friendly interface with steps to apply and manage rules. Another good part of the solution is that it's more straightforward.
  8. report
    Use our free recommendation engine to learn which Intrusion Detection and Prevention Software (IDPS) solutions are best for your needs.
    672,785 professionals have used our research since 2012.
  9. The sandboxing tools offer great prevention for cloud feeds.You can scale the product.
  10. The solution is user-friendly.The most valuable features of KerioControl are ease of configuration, user-friendliness, and comfortable to use. It is an all-in-one solution, it comes with many features, such as a firewall, antivirus software, and network protection.

Advice From The Community

Read answers to top Intrusion Detection and Prevention Software (IDPS) questions. 672,785 professionals have gotten help from our community of experts.
Rony_Sklar - PeerSpot reviewer
Community Manager at a tech services company with 51-200 employees
Jan 24 2023
There are many cybersecurity tools available, but some aren't doing the job that they should be doing.  What are some of the threats that may be associated with using 'fake' cybersecurity tools? What can people do to ensure that they're using a tool that actually does what it says it does?
Read More »
SimonClark - PeerSpot reviewer
SimonClark Dan Doggendorf gave sound advice. Whilst some of the free or cheap… more »
13 Answers
Netanya Carmi - PeerSpot reviewer
Netanya Carmi
Content Manager at PeerSpot (formerly IT Central Station)
Nov 03 2022

Why do you recommend that particular solution?

Netanya Carmi - PeerSpot reviewer
Netanya Carmi
Content Manager at PeerSpot (formerly IT Central Station)
Nov 03 2022

Why should a company invest in IDPS?

Intrusion Detection and Prevention Software (IDPS) Articles

CristianoLima - PeerSpot reviewer
Senior IT Infrastructure Engineer at Tecnoage
Keeping up with the evolution of cybersecurity and the threats that are haunting the IT industry across all industries, this text pays special attention to ransomware, as this practice is on the rise in the world of cybercrime. Let's focus on the subject, specifically on the Healthcare sector. ...
Read More »
Giusel - PeerSpot reviewer
IT Engineer at UTMStack
What is HIDS in Cybersecurity? A HIDS (Host Intrusion Detection System) is software that detects malicious behavior on the host. It monitors all the operating system operations, tracks user behavior, and operates independently without human assistance. How does a Host-based Intrusion Detectio...
Read More »
Shibu Babuchandran - PeerSpot reviewer
Shibu BabuchandranThanks for sharing its very informative
1 Comment

Intrusion Detection and Prevention Software (IDPS) Topics

How does an IDS work?

The goal of an intrusion detection system is to detect an attack as it occurs. The system starts by analyzing inbound and outbound network traffic for signs of known attackers.

Some activities an IDS performs include:

  • Comparing system files against malware signatures.
  • Monitoring system configurations to detect changes or misconfigurations that attackers can exploit.
  • Scanning the network to detect known attack patterns.
  • Checking user activity to detect anomalies and malicious intent.

When the system detects an anomaly, such as a virus, a configuration error, or a security policy violation, it sends an alert to IT security. The IDS can stop an ongoing attack by kicking the intruder off the network.

The downside of intrusion detection systems is that they only work with known attack signatures. Thus, they cannot detect zero-day threats and incoming attacks.

Classification of Intrusion Detection Systems (IDS)

There are various types of intrusion detection system types that differ according to what part of the network they monitor or whether they are software or hardware devices.

The most common types include:

  • Network-based Intrusion Detection System (NIDS)

A NIDS is a software solution that operates at the network level, monitoring inbound and outbound traffic from all devices on the network. The system analyzes the traffic, looking for signs and patterns of malicious activity. If it finds an anomaly, it sends an alert.

  • Host-based Intrusion Detection System (HIDS)

A HIDS monitors the system data of an individual host instead of the entire network. The system looks for anomalies and malicious activity in the operating system files and software. When it finds an anomaly, it sends an alert and can take a snapshot to check if there is a suspicious change in activity.

  • Application-Protocol Intrusion Detection System (APIDS)

An APIDS is a type of HIDS that monitors and analyzes a specific application protocol. The system monitors the application protocol’s dynamic behavior and state, typically monitoring the interactions between two connected devices. When it detects suspicious behavior, the system raises an alert.

Other types of intrusion detection systems include:

  • Perimeter Intrusion Detection System (PIDS), which detects intruders attempting to breach a physical perimeter, be it of a building, a property, or another secured area. A PIDS is generally part of an overall physical security system.
  • A Virtual Machine-based Intrusion Detection System (VMIDS) is similar to the IDSes mentioned above but it is deployed remotely via a virtual machine.
What Is an Intrusion Prevention System (IPS)?

Intrusion prevention systems (IPSes) are software solutions that monitor incoming traffic for malicious requests. An IPS can prevent attackers from delivering suspicious packets and block suspicious IPs. It uses signature recognition and recognizes attack patterns and anomalies.

How does an IPS work?

An IPS actively scans network traffic for known attack signatures and anomalies with the goal of preventing malicious traffic from entering the network. If the system determines that a packet is a threat, it drops the packet and blocks the IP address or port from future traffic.

Some activities an IPS performs include:

  • Matching IP addresses
  • Analyzing TCP connections
  • Checking packets for anomalies

When a threat is confirmed, the IPS can use response techniques like resetting a connection, blocking traffic, and sending automated alarms. Some systems may configure firewalls and replace the attack contents with warnings.

What’s the difference between an IPS and a Firewall?

Many users would ask: Why do I need an IPS if I have a firewall? The two solutions work differently and an IPS can catch packets that slip through a firewall.

While an IPS monitors inbound traffic and packets and decides whether or not to let the packets into the network, a firewall blocks traffic based on port, protocol, or IP address information.

Classification of Intrusion Prevention Systems:

There are four types of IPS:

  • Network-based intrusion prevention system (NIPS): The system works at a network level, analyzing incoming traffic across the entire network.
  • Wireless intrusion prevention system (WIPS): The software monitors and analyzes network protocols across a wireless network.
  • Network Behavior Analysis (NBA): The system monitors and analyzes network traffic to detect malicious activity like DDoS (distributed denial of service) , malware, and policy violations.
  • Host-based intrusion prevention system (HIPS): Monitors a single host for malicious activity.



Monitors the network and detects ongoing attacks

Controls the network and rejects incoming attacks

Compares packets according to known threat signatures

Compares packets according to known threat signatures

Proactively looks for signs that an attack is in progress.

Prevents incoming attacks by denying network traffic to suspicious packets.

Mitigates threats within the network

Blocks the threat before it gains access to the network

The main difference between an IDS and an IPS is that an IDS offers a reactive approach, mitigating threats within the network, whereas an IPS focuses on preventing attackers from entering the network to begin with.

Can you use IDS and IPS together?

An IPS can complement the work of an IDS by detecting and blocking incoming attacks. Thus, IDS and IPS can work together to provide a more complete network security solution.

Importance of Intrusion Detection and Prevention

Cyber attacks are on the rise, and the financial impact of a security attack is increasingly costly. With the average cost of a data breach over $3.8 million in 2020, companies look for effective protection.

Almost every organization has a firewall, anti-malware, or endpoint protection tool. Yet, no protection method is perfect and some packets can sneak in past firewalls. Therefore, there is a need to complement the firewall’s limitations.

Also, these methods cannot do much once an attacker is inside the network.

Even with perfect firewall rules, you are going to let some packet in that you didn’t expect. Thus, once traffic comes to your network past a firewall, you need to track it to make sure it isn’t malicious.

Intrusion detection and intrusion prevention tools can solve these challenges.

Buyer's Guide
Intrusion Detection and Prevention Software (IDPS)
January 2023
Find out what your peers are saying about Darktrace, Check Point, Fortinet and others in Intrusion Detection and Prevention Software (IDPS). Updated: January 2023.
672,785 professionals have used our research since 2012.