Modes of detection

There are three modes of detection used by the NIPS/NIDS. For the purpose of the exam, you must know them thoroughly:

  • Signature-based: Works off a known database of known exploits and cannot identify new patterns. If their database is not up to date, they will not operate efficiently.
  • Anomaly-based: Starts off the same as the signature-based with the known database but they have the ability to identify new variants.
  • Heuristic/behavioral-based: Instead of trying to match known variants, the Heuristic/Behavioral starts off with a baseline and matches traffic patterns against the baseline. It could also be known as anomaly-based.
Exam tip: Anomaly-based NIPS/NIDS detect new patterns and are much more efficient than signature-based, ...

Get CompTIA Security+ Certification Guide now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.