Intrusion Detection System (IDS) reviews logs and alerts management when the logs indicate that an incident may have occurred according to the logs that the system collects - that is, an IDS does not 'sit' in the traffic flow. An Intrusion Prevention System ( IPS), on the other hand, must physically 'sit' in the flow of traffic so that it can "stop or prevent" the progress of the identified incident; an IPS is, conceptually, like a manned road-block or checkpoint - while an IDS is like a stop-light camera or monitoring device. In general then, the three effects that can be achieved using security controls are prevention, detection, and recovery. Often, for higher security systems, both an IDS and an IPS will be used to provide an element of "defense in depth." For ACME manufacturing, for one or two vulnerabilities that you (and Jack Sparks) have identified, what sort of control (detection, prevention, or recovery control) - would you recommend and why? Check on link below

Link: https://www.youtube.com/watch?v=ZfdQXPfVW4Y&feature=youtu.be