A large financial institution has experienced multiple instances where malicious activity was detected after significant damage had already occurred. The security team wants to implement a more proactive approach to detecting potential security incidents before they escalate. Which detection method would be BEST suited for this requirement?
Behavior-based detection is the BEST approach for the scenario because it establishes baselines of normal activity and can identify deviations that may indicate previously unknown attacks or zero-day threats before significant damage occurs. This proactive approach allows the financial institution to detect anomalous behavior that might not match known signatures but represents potentially malicious activity.
Signature-based detection relies on known patterns of malicious activity and would not detect new or modified attacks that don't match existing signatures. While useful, it's reactive rather than proactive. Heuristic detection uses rules to identify suspicious behavior but can generate more false positives and is not as comprehensive as behavior-based detection for establishing normal baseline operations. Stateful inspection primarily examines network traffic against connection states and doesn't provide the comprehensive monitoring needed for proactive threat detection across the environment.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is behavior-based detection?
Open an interactive chat with Bash
What are zero-day threats?
Open an interactive chat with Bash
How does behavior-based detection differ from signature-based detection?
Open an interactive chat with Bash
ISC2 CISSP
Security Operations
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access