The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter provides an overview of the service security functionality of the SCE platform.
The Cisco SCE platform uses three approaches for threat detection:
– Scan/Sweep/Attack—Based on an indication that a host is generating an anomalous rate of connections.
– DoS/DDoS—Based on an indication that a host is a target for an anomalous rate of connections.
– DoS—Based on an indication that a pair of hosts is involved in an activity where one is generating, and the other one is a target, for an anomalous rate of connections.
The anomaly detection mechanism is effective in addressing zero-day threats—addressing threats as they appear, without the need for preliminary knowledge about their exact nature and Layer 7 signatures, based on the characteristics of their network activity.
For further details, see Chapter3, “Anomaly-Based Detection”
All three detection approaches provide operators with several possible courses of action to be implemented based on their business needs.
Operators have a high level of flexibility in tuning the detection methods and actions to be taken based on their specific needs. The SCA BB Security Dashboard as shown in Figure 2-1 is a GUI application that provides a simple front end for configuring and monitoring security functionality.
Figure 2-1 SCA BB Security Dashboard