High Accuracy signatures on blocking mode.

Regardless of accuracy level, you're still at a risk of blocking legitimate traffic. Go for it, but assume some negative impact (read: do close monitoring after it).

My own preference is to disable all irrelevant security checks, and put everything I find relevant for the application into blocking mode from the very beginning (also after signature updates), and accept the negative impact in a controlled way. If you pair this approach with close monitoring, you can swiftly calibrate configuration. This approach grants the highest level of security as there will be no staging periods while policy is weakened.

The reason staging does not work well is that it reduces the level of security. For it to be any useful, swift decision-taking is required. Most ASM contracts I've done, I take over from a crappy policy that has 30-40% of enabled signatures in staging, tons of pending suggestions in Manual Traffic Learning section. It's easy to 'forget' that there's some stuff in staging. If you're just starting out, I do not recommend doing the same I do - my recommendation is to just keep the amount of entities/signatures in staging to a minimum. Periodically revise the Manual Traffic Learning suggestions to make sure this does not get out of control.

Regards,

Regardless of accuracy level, you're still at a risk of blocking legitimate traffic. Go for it, but assume some negative impact (read: do close monitoring after it).

My own preference is to disable all irrelevant security checks, and put everything I find relevant for the application into blocking mode from the very beginning (also after signature updates), and accept the negative impact in a controlled way. If you pair this approach with close monitoring, you can swiftly calibrate configuration. This approach grants the highest level of security as there will be no staging periods while policy is weakened.

The reason staging does not work well is that it reduces the level of security. For it to be any useful, swift decision-taking is required. Most ASM contracts I've done, I take over from a crappy policy that has 30-40% of enabled signatures in staging, tons of pending suggestions in Manual Traffic Learning section. It's easy to 'forget' that there's some stuff in staging. If you're just starting out, I do not recommend doing the same I do - my recommendation is to just keep the amount of entities/signatures in staging to a minimum. Periodically revise the Manual Traffic Learning suggestions to make sure this does not get out of control.

Regards,