Prevent security breaches by protecting endpoint systems with Cisco Security Agent, the Cisco host Intrusion Prevention System * Secure your endpoint systems with host IPS * Build and manipulate policies for the systems you wish to protect * Learn how to use groups and hosts in the Cisco Security Agent architecture and how the components are related * Install local agent components on various operating systems * Explore the event database on the management system to view and filter information * Examine Cisco Security Agent reporting mechanisms for monitoring system activity * Apply Application Deployment Investigation to report on installed applications, hotfixes, and service packs * Collect detailed information on processes and see how they use and are used by system resources * Create and tune policies to control your environment without impacting usability * Learn how to maintain the Cisco Security Agent architecture, including administrative access roles and backupsCisco Security Agent presents a detailed explanation of Cisco Security Agent, illustrating the use of host Intrusion Prevention Systems (IPS) in modern self-defending network protection schemes. At the endpoint, the deployment of a host IPS provides protection against both worms and viruses. Rather than focusing exclusively on reconnaissance phases of network attacks a host IPS approaches the problem from the other direction, preventing malicious activity on the host by focusing on behavior. By changing the focus to behavior, damaging activity can be detected and blocked-regardless of the attack.Cisco Security Agent is an innovative product in that it secures the portion of corporate networks that are in the greatest need of protection-the end systems. It also has the ability to prevent a day-zero attack, which is a worm that spreads from system to system, taking advantage of vulnerabilities in networks where either the latest patches have not been installed or for which patches are not yet available. Cisco Security Agent utilizes a unique architecture that correlates behavior occurring on the end systems by monitoring clues such as file and memory access, process behavior, COM object access, and access to shared libraries as well as other important indicators.

Скачать книгу бесплатно (chm, 25.73 Mb)