IPS with Anomaly Detection

Unanswered Question
Scott Fringer Mon, 05/17/2010 - 09:18
User Badges:
  • Cisco Employee,

No, this does not mean that no attack can happen when the anomaly detection functinality is in use.  It does allow the IPS sensor to better determine the possible activity of a wormspread across your network.  The anomaly detection component lets the sensor  learn normal activity (baseline) and in turn send alerts or take dynamic response actions  for behavior that deviates from what it has learned.


  You can find out more about the IPS anomoly detection engine here:


http://www.cisco.com/en/US/docs/security/ips/6.0/configuration/guide/idm/dmAD.html#wp1184302


Thanks,

Scott

Actions

This Discussion