Posted: 2 Min ReadExpert Perspectives

What Symantec Network Protection at the Endpoint Does for You

Understanding Intrusion Protection System (IPS)

You may not know it, but the Intrusion Protection System (IPS) technology in our Endpoint Protection product is doing a lot for you. First introduced in 2003, as part of Network Protection, it was the first major technology addition to anti-virus in our endpoint protection product.  We thought it was going to be so important that we changed the name of the product to reflect its introduction.  We changed the name of the product a few times since then, so we may not have gotten that right in 2003.  But we got IPS right.


To truly understand IPS you need to start at a small stat.  IPS can identify malware going out onto the network to talk to a command and control (C&C) server.  When malware attempts to talk to a C&C, IPS can block that traffic and notify that a machine is infected.  That’s 10% of all detections IPS makes. A small part of what IPS does.  The big part is the 90% of its detections. Threats it blocks that never get on the endpoint.  12.5 billion attacks last year were stopped pre-infection by IPS.  Threats were stopped at the network layer, so they never even made it onto the machine.  That includes 3.1 billion attacks targeted at servers. All these machines were never breached.  No threats needed to be removed or cleaned up.  No alerts were sent to occupy the Admin or SOC. Prevention eliminates the work involved in detection and response.

9 billion

IPS was created to protect against the exploitation of network vulnerabilities.  It looks for the signature of the exploit, not the malware the exploit is trying to deliver. It doesn’t care what the malware is, the attack will not get far enough to even try to download it.  It’s true proactive detection and prevention.  IPS does pretty well with the job it was built for.  I can say this because in 2020 it blocked 9 billion of these types of attacks.


But IPS is not a one trick pony.  It’s also protecting against other types of attacks.  Just a few of the other types blocked in 2020:

  • 3 billion blocked of web attacks like formjacking, malicious redirects and exploits kits
  • 527 million blocks of cryptojacking and coin miners
  • 191 million blocked technical support scams

But wait … there’s more. IPS can also identify malware being pushed at you via the network by other means. That may be malware hosted on a website, adware trying to pop-up in your browser or a potentially unwanted application (PUA) being downloaded.

  • 970 million blocks of malware, adware and PUAs


With a total of almost 14 billion attacks blocked by Symantec IPS last year, it is responsible for 70% of all detections made in protecting endpoints. 

IPS is one of the critical technologies that separate Symantec from the pack.  If you are a SEP, SES Enterprise, or SES Complete customer you have IPS working to protect you.  These stats make it clear that that’s what IPS does for you.

Symantec Enterprise Blogs
You might also enjoy
Expert Perspectives4 Min Read

Symantec is Leading the Way in Reinventing Enterprise Security

Follow this Symantec "Cyber Warrior Series" to learn more

Symantec Enterprise Blogs
You might also enjoy
Expert Perspectives1 Min Read

Next-Gen Is So Last-Gen

You need protection for 2021

About the Author

Kevin Haley

Director, Symantec Security Response

Kevin Haley is responsible for ensuring the security content from Symantec’s Global Intelligence Network is actionable for its customers-including focus on education in security issues and incorporating the security content into Symantec’s enterprise products.

Want to comment on this post?

We encourage you to share your thoughts on your favorite social platform.