.. _threat:

Detecting Anomalies
-------------------

.. note:: This feature required Professional or Enterprise Edition

An **Anomaly**  is a signature of abnormal activity that may indicate a
security breach, or an outside entity searching for network or device
vulnerabilities.

A **Vulnerability** is an opening that can be exploited to cause damage to a
device, or to network security.

Genian NAC inspects network traffic to identify abnormalities in the network
and marks endpoint devices that have Anomalies. You can configure custom
**Anomaly Definitions** or use the seven pre-defined definitions provided by
default to detect endpoint devices that are exposed to major Anomalies such as
**Ad hoc Networks, ARP Bombing, ARP Spoofing, MAC+IP Clones, Port Scanning**
and more.

.. toctree::
   :maxdepth: 1

   threats/understanding-threat
   threats/preset
   threats/threat-definition
   threats/detecting-threats
   threats/blocking-threats
   threats/arp-bomb
   threats/macip-clone
   threats/multi-homed
   threats/port-scanning
   threats/invalid-gateway
   threats/spoofed-arp
   threats/unauthorized-service