Security Intelligence

One thing I’ve noticed is that the more I work on a specific network, the more familiar I am with its behavior. This also is true with an IPS sensor. The sensor with multiple interfaces can operate in many different parts of the network at the same time, and the more visibility you have in those areas of your network, the more intelligence or information you will receive about what is going on and the greater ability you will have to establish baseline behavior patterns for those parts of the network. If you have multiple sensors in your enterprise environment, you can correlate all the events on a management station to get a better overall picture of what is happening and where the attacks are. So, in short, the more sensors you have reporting, the more granular and complete the information is going to be about the attacks and the patterns that exist in the network.

If we take this one step further and involve multiple organizations who are all reporting threats that are on global networks, such as the Internet, and we can correlate those events, we can use that information to defend our network borders against an attack that might not have reached us yet. In essence, a single sensor can give this device intelligence about that area of the network. Multiple sensors can give this enterprise intelligence about all the networks in your enterprise. The final step is global intelligence, where multiple organizations that are running sensors participate in global correlation and share information about external threats that may affect other companies, as well. With global correlation, we can increase the risk rating for specific attacks if they are from source addresses that we identified as suspect in information learned from external sensors through the global correlation process. Global correlation is available on the sensor appliances but does not have to be enabled.

Cisco offers the Security Intelligence Operations (SIO) service, which facilitates global threat information, reputation-based services, and sophisticated analysis for the benefit of Cisco security devices to better protect the networks they serve.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset