What is one major advantage of anomaly based scanners compared to signature based scanners?

The major advantage of anomaly-based scanners lies in their ability to detect new, unknown attacks. This capability stems from the way these scanners operate: they establish a baseline of normal behavior for the system or network they are monitoring. Once this baseline is established, the scanners can identify deviations from this norm, which may indicate the presence of an attack that does not match any known signatures.

Unlike signature-based scanners, which rely on predefined patterns of known threats, anomaly-based scanners are equipped to recognize unusual patterns that may signify innovative or previously unseen types of attacks. This proactive approach allows security systems to defend against emerging threats, thereby enhancing overall security and resilience against zero-day exploits or sophisticated attacks that have not yet been cataloged in a signature database.

Thus, the ability to detect unknown attacks is a crucial strength of anomaly-based detection methods, making them a valuable component of a comprehensive security strategy.