An intrusion prevention system (IPS) complements traditional firewalls by inspecting the entire network packet looking for malicious traffic that is often invisible to Layer 3 firewalls. While firewalls are the cornerstone of any network security design, IPS appliances are the bulwark. Within the time-honored security approach known as defense-in-depth (DiD), IPS devices are the second line of network defense. In the future, however, IPS may transform from a standalone appliance sitting behind a firewall to a feature integrated within firewalls, creating a more intelligent, multifunction security gateway.