What term describes a system that detects malicious network activity to supplement firewalls?

Detecting malicious network activity to supplement firewalls is the job of an intrusion detection system. An IDS monitors network traffic and system behavior for patterns that match known attacks or that deviate from normal activity, then raises alerts so administrators can respond. It can be deployed network-wide (watching traffic on a segment) or on individual hosts, and its primary role is detection and notification rather than blocking. Some related tools, like intrusion prevention systems, can also block threats in real time, but the core idea here is monitoring for intrusions and alerting, which is what an IDS does. Other options don’t fit because they focus on controlling access (network access controls) or use terms that aren’t standard in practice (a non-existent “network address prevention systems” or an “intrusion admission system”).