A corporation aims to enhance its security posture by implementing a solution that can analyze inbound and outbound network traffic for malicious activity in real time and send alerts to administrators. Which of the following technical controls would be the most effective choice to meet this requirement?
An Intrusion Detection System (IDS) is a technical control designed to monitor network traffic in real time to identify and alert administrators about suspicious or malicious activities. A signature-based detection engine is a component or method that an IDS might use to identify known threats, but it is not the complete system itself. Transport Layer Security (TLS) is a cryptographic protocol used to encrypt data in transit, providing confidentiality and integrity, but it does not analyze traffic content for threats. Patch management software is a control used to update systems and applications to fix vulnerabilities, which is a different function from real-time network traffic analysis.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What features should a system specializing in monitoring and analysis of network traffic provide?
Open an interactive chat with Bash
How does signature-based detection differ from the system specialized in monitoring network traffic?
Open an interactive chat with Bash
Why is encryption not sufficient for network traffic analysis?