Suspicious data transfers are leaving a data center, but the Intrusion Detection System (IDS) that uses signature-based detection did not raise any alerts. Which measure helps identify unusual transmissions that do not match recognized exploits?
Block incoming traffic to reduce potential risks when new data flows appear.
Fine-tune rule sets to detect previously disclosed vulnerabilities in the environment.
Enable a sensor that compares current activity to established norms and flags unexpected movement.
Obtain additional signature feeds from the vendor to better cover known attacks.
A tool that regularly measures ongoing network activity against typical traffic patterns can alert administrators to unrecognized issues that slip through signature-based defenses. Restrictive inbound blocking, tuning known vulnerabilities, or relying on signature updates do not address new or altered threats efficiently.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the difference between signature-based detection and anomaly-based detection?
Open an interactive chat with Bash
How do anomaly-based detection systems establish 'normal' traffic patterns?
Open an interactive chat with Bash
Why might signature-based IDS fail to detect certain threats?