IPS

An IPS extends IDS by sitting in-line and dropping malicious traffic in real time. Because it’s in the data path, false positives cause outages — so tune signatures carefully (often starting in detect/alert mode) before enabling block mode. Modern NGFWs commonly bundle IPS as one feature set.