Suspicious data transfers are leaving a data center, but the Intrusion Detection System (IDS) that uses signature-based detection did not raise any alerts. Which measure helps identify unusual transmissions that do not match recognized exploits?
Obtain additional signature feeds from the vendor to better cover known attacks.
Fine-tune rule sets to detect previously disclosed vulnerabilities in the environment.
Block incoming traffic to reduce potential risks when new data flows appear.
Enable a sensor that compares current activity to established norms and flags unexpected movement.
A tool that regularly measures ongoing network activity against typical traffic patterns can alert administrators to unrecognized issues that slip through signature-based defenses. Restrictive inbound blocking, tuning known vulnerabilities, or relying on signature updates do not address new or altered threats efficiently.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is signature-based detection in an IDS?
Open an interactive chat with Bash
How does behavior-based detection work in an IDS?
Open an interactive chat with Bash
What are the limitations of signature-based detection compared to behavior-based detection?