The Cisco ASA Cyber Threat Defense solution is made up of 3 components. The first is a basic network threat detection tool and is enabled by default on all ASA’s with 8.0(2) or later firmware. Basic threat detection monitors the rate at which packets are dropped by the ASA device. Because it is just monitoring for dropped packets across the whole appliance, the information is typically not enough to provide information about the source or nature of a malicious threat but could be a sign that some sort of nefarious activity is occurring and can be very useful for internet threat defense when exported to a logging tool using NSEL or syslogs. Read more »Adam
For a free 30 day trial of Scrutinizer, Download Now!
Sign up for Advanced NetFlow Training™ coming to a city near you!