Intrusion Detection and Prevention
Intrusion detection and prevention are two broad terms describing application security practices used to mitigate attacks and block new threats. The first is a reactive measure that identifies and mitigates ongoing attacks using an intrusion detection system. It’s able to weed out existing malware (e.g., Trojans, backdoors, rootkits) and detect social engineering (e.g., man in the middle, phishing) assaults that manipulate users into revealing sensitive information. The second is a proactive security measure that uses an intrusion prevention system to preemptively block application attacks. This includes remote file inclusions that facilitate malware injections, and SQL injections used to access an enterprise’s databases.