Reputation-Based IPS/IDS
If some type of global attack is propagating its way across the networks of the world but has not hit your network yet, wouldn’t it be nice to know about it so that you can filter that traffic before it enters your network? The answer is yes, obviously. Reputation-based IPS collects input from systems all over the planet that are participating in global correlation; so what other sensors have learned collectively, your local sensor can use locally. Reputation-based IPS/IDS may include descriptors such as blocks of IP addresses, URLs, DNS domains, and so on as indicators of the sources for these attacks. Global correlation services are managed by Cisco as a cloud service.
Table 17-3 describes the advantages and disadvantages ...
Get Santos:CCNA Sec 210-260 OCG now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
