Even if the Stateful Firewall techniques provide an essential service when they ensure that the traffic is restricted by the policies applied in the transport and network layers, it should not be the only security barrier applied to protect the network and the communications. A Firewall can only control witch hosts can speak among each other, basing their destination on their IP addresses and the protocols used to establish this communication. This way, the Firewall techniques cannot control or limit what is exchanged in the allowed communications.
Intrusion Prevention Systems (IPS) are used to monitor connections and activities of the network systems. Its goal is to detect any type of non-authorized activity. Once a malicious activity is found, the system can make several decisions like trying to finish such activity, creating a record of the event or reporting the event with alarms.
The IPS system analyzes all the bits of the packets, searching for different types of attack that are generally defined inside a database, which needs to be updated regularly. A traditional firewall only analyzes the transport and network layers (Headers L4 and L3), ignoring the payload of the packets. In contrast, the IPS system will analyze all the bits of the packets. Anyways, the firewall will continue being necessary as the first barrier against threats. Traditionally, IPS analyzes aspects related to threats based on the networks and communications and not on malicious files.
The IPS system is also known as Intrusion Detection and Prevention System. This system, in turn, can be implemented with IDS systems (Intrusion Detection System), whose functionality is the detection of malicious behaviors, or contain its functionality incorporated.