The IDS appliance is typically installed as a tap (also known as out-of-band) and runs in inspection/detection mode and inspects all network traffic routed to your infrastructure in real time against consistently updated threat intelligence and signature updates. Upon finding malicious traffic the appliance will trigger an alert about the threat but will not try to prevent the traffic from reaching its intended target. Protect Identity Security Operations Center (SOC) consistently monitors this activity and the appliance 24/7 to tune the IPS to distinguish critical threats from false positives and to escalate threats as needed. In the event that the threat needs to be blocked, a manual step is required to drop the packets and prevent the attack from reaching its intended target.