Detection can detect 0days by looking for out of pattern actions, for example shell commands executed from a web server. Intrusion preventions stops exploits before any damage is done,

Detection allows nicer handling of false positives, i.e. alert, instead of ‘block’, for out of place actions.