McAfee® Entercept® fully embraces the concept of combining behavioral rules with signatures. This approach yields the best of both worlds and provides optimal protection for servers. McAfee Entercept researches each attack method and determines whether a behavioral rule or specific signature is the most appropriate method for
identifying the particular attack type. This work is done by McAfee Entercept’s security research team and thus frees the customer’s organization from the requirement to have extensive security knowledge.
As a result, there is a great
deal of security expertise built into McAfee Entercept. McAfee Entercept, which uses both behavioral rules and signatures, handled the Code Red scenario in the best possible manner. Using its behavioral-rules technology, McAfee Entercept blocked Code Red from causing any damage, even when it was brand-new. After Code Red became a
“known attack,” McAfee Entercept added a Code Red
signature to the product. Thus, when Code Red attacks McAfee Entercept customers, they know exactly what their attacker is and can take appropriate actions. This Protectionin-Depth approach leverages the strengths of behavioral
rules and signatures, without the disadvantages of either.
Conclusion
Of the three major protection methodologies in use today, the combination of behavioral rules and signatures most closely meets the needs of security-conscious customers. Real-world attacks, such as Code Red, have proven the value of this hybrid approach. Combining the ability to detect new, previously unknown attacks with low falsepositives, high accuracy, and specificity, the hybrid protection approach provides the best of both worlds with the disadvantages of neither.