Anomaly vs Vulnerability Detection Using Cisco IPS

By Nick Smith The Cisco IPS network based intrusion prevention system (NIPS) uses signatures to detect network-based attacks. Signatures can be created in a variety of engines based on the type of network traffic being inspected. Cisco signatures have very flexible configurations. In this blog post, I will discuss the trade-offs between two basic approaches for signature configuration: anomaly detection and vulnerability detection. With Cisco IPS, anomaly detection is a broad approach of detecting malicious network activity. Signatures written to detect broad categories []

Source:: Cisco Security Notice