Intrusion prevention vs detection

Detection can detect 0days by looking for out of pattern actions, for example shell commands executed from a web server. Intrusion preventions stops exploits before any damage is done,

Detection allows nicer handling of false positives, i.e. alert, instead of ‘block’, for out of place actions.

Based off the Stack theme.