Which IPS technique commonly is used to improve accuracy and context awareness, aiming to detect and respond to relevant incidents only and therefore, reduce noise?

Which IPS technique commonly is used to improve accuracy and context awareness, aiming to
detect and respond to relevant incidents only and therefore, reduce noise?

Which IPS technique commonly is used to improve accuracy and context awareness, aiming to
detect and respond to relevant incidents only and therefore, reduce noise?

A.
Attack relevancy

B.
Target asset value

C.
Signature accuracy

D.
Risk rating

Explanation:
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5729/ps5713/ps4077/prod_white_paper0
900aecd806e7299.html
Risk Rating Calculation
Risk rating is a quantitative measure of your network’s threat level before IPS mitigation. For each
event fired by IPS signatures, Cisco IPS Sensor Software calculates a risk rating number. The factors
used to calculate risk rating are:
• Signature fidelity rating: This IPS-generated variable indicates the degree of attack certainty.
• Attack severity rating: This IPS-generated variable indicates the amount of damage an attack can
cause.
• Target value rating: This user-defined variable indicates the criticality of the attack target. This is
the only factor in risk rating that is routinely maintained by the user. You can assign a target value
rating per IP address in Cisco IPS Device Manager or Cisco Security Manager. The target value rating
can raise or lower the overall risk rating for a network device. You can assign the following target
values:
– 75: Low asset value
– 100: Medium asset value
– 200: Mission-critical asset value
• Attack relevancy rating: This IPS-generated value indicates the vulnerability of the attack target.
• Promiscuous deltA. The risk rating of an IPS deployed in promiscuous mode is reduced by the
promiscuous delta. This is because promiscuous sensing is less accurate than inline sensing. The
promiscuous delta can be configured on a per-signature basis, with a value range of 0 to 30. (The
promiscuous delta was introduced in Cisco IPS Sensor Software Version 6.0.)
• Watch list rating: This IPS-generated value is based on data found in the Cisco Security Agent
watch list. The Cisco Security Agent watch list contains IP addresses of devices involved in network
scans or possibly contaminated by viruses or worms. If an attacker is found on the watch list, the
watch list rating for that attacker is added to the risk rating. The value for this factor is between 0
and 35. (The watch list rating was introduced in Cisco IPS Sensor Software Version 6.0.) Risk rating
can help enhance your productivity as it intelligently assesses the level of risk of each event and
helps you focus on high-risk events.

Show Hint

Leave a Reply 0

Your email address will not be published. Required fields are marked *