Chapter 13. Managing False Positives and False Negatives

A Cisco Intrusion Prevention System (IPS) is suspicious and not trusted when there are many false alarms. This chapter discusses methodologies to tune and tweak the sensor to manage and reduce the number of false positives and false negatives. In this chapter, you learn the following:

Identifying False Positives and False Negatives: Understanding when the sensor is setting off alarms, when it shouldn’t be, or missing malicious traffic when it should be firing off alarms is a critical first step in tuning the sensor for the network.

Tuning to Reduce False Positives: Reducing or eliminating the erroneous alerts generated by the sensor.

Tuning to Reduce False Negatives: By adapting ...

Get CCNP Security IPS 642-627 Official Cert Guide now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.