Neither is universally better — you need both.
Preventive controls (firewalls, MFA) stop attacks.
Detective controls (IDS, audit logs, SIEM) identify when prevention fails. No prevention is perfect.
Defense in depth requires all control types working together. Preventive controls that block all attacks are ideal but impossible. Detective controls that catch everything prevention misses are equally important. Plan for prevention to fail — have detection and response ready.