An intrusion detection and prevention system that monitors network traffic for particular network segments or devices and analyzes the network and application protocol activity to identify and stop suspicious activity.
Sources:
NIST SP 800-128
under Network-Based Intrusion Detection and Prevention System
from
NIST SP 800-94
NIST SP 800-128
from
NIST SP 800-94