CCNA CyberOps SECFND Objective 2.6

Compare and contrast these terms: Network and host antivirus, agentless and agent-based protections, SIEM and log collection

Understanding Cisco Cybersecurity Fundamentals (210-250)

Network and Host Antivirus

Network antivirus is deployed on a dedicated machine that reviews all traffic. It has the advantage of being easier to maintain and update. It however cannot see viruses at the point of entry and can introduce delay to the network.

Host antivirus has better visibility into encrypted traffic and whether attacks are successful. It requires more complex updates as all PCs have to be updated. It can also affect performance of the PC.

Agentless and Agent-Based Protections

Agentless protections are placed in the network to intercept traffic and review it. Agent-based protections are installed on the hosts that they are trying to protect.

SIEM and Log Collection

Security Information and Event Management (SIEM) is a system where logs from various hosts are aggregated. The SIEM can make the logs searchable as well as correlate them to provide actionable information about potential threads.