Behavioral rules vs. signatures: Which should you use?
Many security products on the market today detect malicious attacks, but few take action to prevent them. Even more confusing for IT and security professionals is the debate over the best way to detect and prevent hacking activity: signatures or behavioral rules. Each approach has advantages and disadvantages, but by combining the two, enterprises can ensure that servers and data are fully protected. Best practices dictate that companies adopt a defense-in-depth method of protection, which includes using the best of both technologies. One technology can’t take the place of the other: Behavioral rules allow the servers to be protected from new and previously unknown attacks. However, the coverage of behavioral systems is limited, many attacks aren’t covered, and the system generates many more false positives. For full forensics capability, the signature is critical in identifying attacks, so security managers can know what sort of attack is being directed at their systems. Here are the pros and cons of both technologies and an argument for why combining the two provides the best protection. Full Story