Intrusion Prevention Systems are designed to detect and block malicious traffic in a network or on an endpoint. The most critical function that these systems provide is the ability to make a judgment about the nature of a network flow, determining whether the traffic is legitimate or malicious.
The most common metric for evaluating the efficacy of an IPS/IDS is the detection rate. As one might guess, the detection rate is the number of intrusions detected by system divided by the total actual network intrusions, expressed as a percentage. Top intrusion prevention systems today can achieve detection rates of close to 100%.
Understanding the efficacy of these tools is critical when evaluating their business value and comparing one IPS solution with another. In this video, we define intrusion detection rate and explore where these systems fail, namely false positives and false negatives.