Posted: 2 Min ReadProduct Insights

4 Numbers That Explain Network Protection at the Endpoint

Understanding What Intrusion Protection System Does For You

You may not know it, but the Intrusion Protection System (IPS) technology in our Endpoint Protection product is doing a lot for you. First introduced in 2003, as part of Network Protection, it was the first major technology addition to anti-virus in our endpoint protection product.  We thought it was going to be so important that we changed the name of the product to reflect its introduction.  We changed the name of the product a few times since then, so we may not have gotten that right in 2003.  But we got IPS right.


To truly understand IPS you need to start with a small number.  IPS can identify malware going out onto the network to talk to a command and control (C&C) server.  When malware attempts to talk to a C&C, IPS can block that traffic and notify that a machine is infected.  That’s 5% of all detections IPS makes. A small part of what IPS does.  The other 95% is detections. Threats it blocks that never get on the endpoint.  8.4 billion attacks last year were stopped pre-infection by IPS.  Threats were stopped at the network layer, so they never even made it onto the machine.  That includes 1.12 billion attacks targeted at servers. These attacked failed to breach a machine. No threats needed to be removed or cleaned up.  No alerts were sent to occupy the Admin or SOC. Prevention eliminates the work involved in detection and response.

6 Billion

IPS was created to protect against the exploitation of network vulnerabilities.  It looks for the signature of the exploit, not the malware the exploit is trying to deliver. It doesn’t care what the malware is, the attack will not get far enough to even try to download it.  It’s true proactive detection and prevention.  IPS does pretty well with the job it was built for.  I can say this because in 2022 it blocked 6 billion of these types of attacks


But IPS is not a one trick pony.  It’s also protecting against other types of attacks.  Just a few of the other types blocked in 2022:

  • 3.6 billion blocks of web attacks like formjacking, malicious redirects and exploits kits
  • 243.9 million blocks of cryptojacking and coin miners
  • 35 million blocked technical support scams

But wait … there’s more. IPS can also identify malware being pushed at you via the network by other means. That may be malware hosted on a website, adware trying to pop-up in your browser or a potentially unwanted application (PUA) being downloaded.

  • 626 million blocks of malware, adware and PUAs
  • 50 million malicious redirect attempts were blocked by IPS Chrome Web Extension


With a total of almost 11.32 billion attacks blocked by Symantec IPS last year, it is responsible for 93% of all detections made in protecting endpoints. 

IPS is one of the critical technologies that separate Symantec from the pack.  If you are a SEP, SES Enterprise, or SES Complete customer you have IPS working to protect you.  These stats make it clear that that’s what IPS does for you.

About the Author

Parveen Vashishtha

Director, R&D Software (Threat Intelligence & Research)

Parveen oversees the compilation and communication of cybersecurity data and threat-centric automated detection logic, leading global teams (Full Stack Protection-Intrusion Prevention, Antivirus, EDR, Competitive Intel) to enhance proactive threat detection.

Want to comment on this post?

We encourage you to share your thoughts on your favorite social platform.