As blackhats became more versatile and security researchers gained expertise, the technologies employed to thwart zero-day attacks have grown more sophisticated. This led to intrusion detection systems that were designed to spot attempted attacks on the network, and then to intrusion prevention systems that would take things a stage further and automatically block the intrusion. Tom Rowan, security consultant at specialist distributor Magirus, provides an overview of the IPS product category from a security practitioner's perspective, highlighting the potential benefits and design/deployment challenges that they may encounter. The article describes the history of the IPS category, while highlighting some of the challenges involved in designing and deploying such systems. Today, most networks are protected by firewall technology. There are numerous types of firewall, but essentially they all work in the same way: allow in the authorised traffic, filter the rest. The majority of purebred firewalls do not apply any further filtering on the traffic beyond IP and service port source or destination values. Originally, network security seemed to be as simple as blocking IP addresses and filtering ports.