IPS (Intrusion Prevention System) and WAF (Web Application Firewall) are both key components in a comprehensive IT security strategy, but they operate at different levels and provide different types of protection.

1. **IPS (Intrusion Prevention System)**: An IPS is a network security tool that monitors network and/or system activities for malicious actions. The main function of an IPS is to identify suspicious activity, log information about this activity, attempt to block it, and then report it. It operates at the network layer, meaning it looks at traffic coming into your network before it arrives at its final destination. IPS systems primarily protect against threats such as Distributed Denial of Service (DDoS) attacks, malicious exploits, and worms.

2. **WAF (Web Application Firewall)**: On the other hand, a WAF is specifically designed to protect web applications (HTTP applications) from attacks such as cross-site scripting (XSS), SQL injection, and other OWASP top ten web vulnerabilities. WAFs operate at the application layer (Layer 7 of the OSI model), and they can examine the contents of the HTTP/S traffic to identify and block suspicious and malicious activities at a more granular level than IPS.

In terms of signature blocking, both WAFs and IPS use a form of signature-based detection. An IPS identifies known threats by matching traffic against its database of signatures. WAFs also use signature-based detection to identify known threats, but they can also use anomaly-based (behavior-based) detection to block threats that don't match a known signature but deviate from typical user behavior.

While there is some overlap in functionality, using both in conjunction provides more comprehensive protection than using one or the other alone.