Forum Discussion

happynfocus_245's avatar
happynfocus_245
Icon for Nimbostratus rankNimbostratus
Jan 21, 2016

Best practice on ASM policy deployment advices (automatic, manual)?

I have the in-house web applications that need to protect with ASM. I am testing out the policy deployment using automatic and manual (rapid deployment).

 

My focus is on the web attacks. For both automatic and manual deployment, I selected the attack signatures that are relevant, I selected most all the checkboxes except few of them. I compare the results and I do not see much differences.

 

Any suggestions on what are the best practices? Any advices are welcome for people with experiences on ASM in production systems.

 

Thanks!!

 

ASM Advanced WAF
security
waf

1 Reply

Sort By
  • Chris_Grant's avatar
    Chris_Grant
    Icon for Employee rankEmployee
    Jan 27, 2016

    The automatic policy builder runs in the background and develops your policy based on the traffic it sees. So, for instance, if it sees a large number of requests for .jpgs it's likely to conclude that jpgs are okay files and add a rule to the whitelist allowing that. Manual deployment may start from the same place but after you deploy it's done. Any changes you need to make must be made manually.

     

    If you have a lot of generally clean traffic, or are willing to go back and fix it's mistakes, Automatic Policy Builder is fine. If your traffic is less trustworthy or you want to have total control over what you are doing with your ASM, Manual is the better way to go.

     

    In either case you should be in regular communication with the admin in charge of the web application to ensure that your policy matches the needs of the application, and you should ensure that you are regularly reviewing the policy changes, learning suggestions, and proxy logs.