Cisco IPS Appliance: Automatic Risk Rating Adjustment for Attacker Reputation

Automatically Adjusting Risk Rating of IPS Events Based on Attacker Reputation

Prev Question Next Question


Which Cisco IPS appliance feature can automatically adjust the risk rating of IPS events based on the reputation of the attacker?



Click on the arrows to vote for the correct answer

A. B. C. D. E.


The correct answer to this question is D. Reputation filtering.

Reputation filtering is a feature of Cisco IPS (Intrusion Prevention System) appliances that automatically adjusts the risk rating of IPS events based on the reputation of the attacker. This feature uses information from third-party threat intelligence services to determine the reputation of an IP address or domain name.

When an IPS event is detected, the IPS appliance checks the reputation of the attacker using the reputation database. If the attacker has a high reputation score, the risk rating of the event is increased, indicating that the attack is more likely to be successful. Conversely, if the attacker has a low reputation score, the risk rating of the event is decreased, indicating that the attack is less likely to be successful.

Reputation filtering is a useful feature because it helps to prioritize IPS events based on their risk level. By adjusting the risk rating of events based on the reputation of the attacker, the IPS appliance can focus on the most important threats and reduce false positives.

The other answer choices are as follows:

A. Botnet traffic filter - This feature detects and blocks traffic from known botnets, which are networks of compromised computers that can be used for malicious purposes.

B. Event action rules - These are rules that determine what action the IPS appliance takes when an event is detected. For example, the appliance can block the traffic, generate an alert, or allow the traffic to pass through.

C. Anomaly detection - This feature detects abnormal network behavior that may indicate an attack. Anomaly detection uses statistical analysis to determine what is "normal" for a network and alerts administrators when activity deviates from that norm.

E. Global correlation inspection - This feature uses threat intelligence from other sources, such as other IPS appliances or security vendors, to identify and respond to threats. The IPS appliance shares information with other appliances to build a more comprehensive view of the threat landscape.