Traditional security products have focused on the biggest threats that emerged as computer networking, email and web applications were adopted by corporations. These technologies do not address new attacks that ride over existing protocols to attack applications, or new content-based attacks that attack systems before vendors are able to release and distribute signatures and other countermeasures. For the control system environment the underlying theme for intrusion prevention has to be around Day-Zero attacks being managed. IPS is a new technology category that focuses on taking a proactive approach to both IT and control network security by preventing attacks on multiple network resources, as opposed to similar technologies that merely detect and report on attacks that have already taken place. Intrusion prevention can be thought of as the logical follow-on to signature-based technologies such as IDS and anti-virus, and to network-oriented protection solutions such as firewalls. Like an IDS, an IPS can run in host mode directly on the control system station, and the closer to the control system it is, the better the protection.