An Intrusion Prevention System (IPS) is a security measure that actively protects against potential threats. It works by monitoring the features of a host or network, and uses signature, anomaly, or hybrid detection methods to identify potential threats.

In contrast to an intrusion detection system (IDS), an IPS takes automated action to block or remediate any identified threats.

[ 012 ].[ 01 ].- EDR: Endpoint Detection and Response

Endpoint detection and response (EDR) is a security measure that helps to proactively protect against threats to endpoints, such as computers and mobile devices. EDR tools monitor security on endpoints and provide security teams with quick access to incident data, enriched information, and Indicators of Compromise (IOCs). This helps to advance endpoint security from a reactive service to a proactive solution, as it enables security teams to identify and respond to potential threats more efficiently. EDR can be an essential component of a comprehensive security strategy, as it helps to protect against a wide range of threats to endpoints, including malware, ransomware, and other types of cyber attacks.

[ 012 ].[ 02 ].- XDR: Extended Detection and Response

Extended Detection and Response (XDR) is a security measure that aims to provide comprehensive protection against a wide range of threats. An XDR platform integrates data from multiple sources, including endpoints, networks, clouds, and third-party systems, in order to extend protection and improve the ability to detect and respond to potential threats. To address some of the known limitations of security information and event management (SIEM) tools in detecting zero-day attacks, an XDR platform may use user and entity behavior analytics (UEBA) and artificial intelligence (AI) to analyze data and identify potential threats. By combining data from multiple sources and using advanced analytics and AI, an XDR platform can provide more comprehensive and effective protection against threats to an organization’s systems and data.