Network Intrusion (IDS/IPS) Profile
Network intrusion profiles are a collection of Intrusion Detection and Protection (IDS/IPS) rules that can be used to evaluate transactions to ensure the traffic is not malicious.
An Intrusion Detection System (IDS) is defined as a solution that monitors network events and analyzes them to detect security incidents and imminent threats, specifically suspicious or abnormal activity such as malicious transactions, and sends immediate alerts when it is observed. IDS searches for and against hosts and networks.
An Intrustion Protection System (IPS) actively analyzes network traffic and compared it against known attack patterns and signatures. When the system detects suspicious traffic, it blocks it from entering the network. IPS rules cover both network-bsed IPs and host-based IPs.
Multicloud Defense combines both of these systems within a singular profile to create an easy-to-configure network intrusion profile made to detect malicious probes or new network patterns from a compromised system that both detects, rejects, and reports supsicious traffic. Preemptive blocking and reporting can mitigate any downtime on your network and further improve blocking activity in the future. A network intrusion profile in Multicloud Defense is compiled of the following rule sets:
|
Rule Sets |
Description |
|---|---|
|
Talos Rules |
The Talos rules are a premium set of rules from Cisco based on intelligence gathered from real-world investigations, penetration tests and research that provide an advanced level of protection for applications and frameworks. |
Note that the IDS/IPS profile does not include web applications that might be malicious. See Web Application Firewall (WAF) Profile for more information.