An IDS (Intrusion Detection System) analyzes network traffic and reports suspicious activity. An IPS (Intrusion Prevention System) goes further and actively blocks detected attacks. Both systems work on a signature-based or behavior-based approach. Signature-based detection identifies known attack patterns; behavior-based detection spots anomalies. For your ISMS, IDS/IPS are important detective and preventive controls at the network level. Place them at strategic points such as the perimeter and between network segments. Make sure to actively monitor and process alerts — an IDS without monitoring creates a false sense of security.