From the course: Cisco Certified CyberOps Associate (200-201) Cert Prep: 1 Security Concepts
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Comparing detection methods
From the course: Cisco Certified CyberOps Associate (200-201) Cert Prep: 1 Security Concepts
Comparing detection methods
- Devices, such as intrusion detection, intrusion prevention systems along with anti-malware protection, actively monitor traffic for malicious activity, using a variety of methods. Let's compare some of the methods in use today. Traditional antivirus software relies heavily on Signature Based detection which recognizes the signature or binary pattern. In this image, we see a recognized characteristic of known malware. Now keep in mind, signature-based detection might even include something as simple as a specific URL. While we still use Signature Detection, there are limitations , in that this type of detection cannot examine the contents of certain files, such as a zip file. In addition, Signature Detection cannot assess fileless malware. After 2010, malware protection made a shift to more advanced methods to be able to detect newer malware variants designed to elude detection. To avoid detection, a standard…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Contents
-
-
-
-
-
-
Recognizing the complexity of today’s environment3m 46s
-
(Locked)
Leveraging threat intelligence5m 13s
-
(Locked)
Hunting threats4m 23s
-
(Locked)
Analyzing malware2m 35s
-
(Locked)
Dissecting malware using reverse engineering6m 40s
-
(Locked)
Detecting anomalies using the sliding window4m 50s
-
(Locked)
Comparing detection methods4m 10s
-
(Locked)
Using five-tuple log analysis4m 48s
-
(Locked)
Monitoring data loss using traffic profiles4m 24s
-
-
-