Detections
Analytics

CSCv6|12.4

Title

Network-based IPS devices should be deployed to complement IDS by blocking known bad signatures or the behavior of potential attacks.

Description

Network-based IPS devices should be deployed to complement IDS by blocking known bad signatures or the behavior of potential attacks. As attacks become automated, methods such as IDS typically delay the amount of time it takes for someone to react to an attack. A properly configured network-based IPS can provide automation to block bad traffic. When evaluating network-based IPS products, include those using techniques other than signature-based detection (such as virtual machine or sandbox-based approaches) for consideration.

Reference Item Details

Category: Boundary Defense

Family: Network

Audit Items

View all Reference Audit Items

NamePluginAudit Name
6.7 Ensure a Vulnerability Protection Profile is set to block attacks against critical and high vulnerabilities, and set to default on medium, low, and informational vulnerabilitiesPalo_AltoCIS Palo Alto Firewall 9 Benchmark v1.0.0 L1
6.7 Ensure a Vulnerability Protection Profile is set to block attacks against critical/high, and set to default on medium, low, and infoPalo_AltoCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
6.7 Ensure a Vulnerability Protection Profile is set to block attacks against critical/high, and set to default on medium, low, and infoPalo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
6.8 Ensure a secure Vulnerability Protection Profile is applied to all security rules allowing trafficPalo_AltoCIS Palo Alto Firewall 9 Benchmark v1.0.0 L1