topic Security over Connectivity. in Network Security

Firepower - anyone using security over connectivity or Maximum detection

evan.chadwick1 — Tue, 12 Mar 2019 09:05:27 GMT

Thinking to select a group of important well defined hosts and apply a stricter IPS level.
Anyone using the above policies? Moved from balanced security to a stricter policy?

We have been trialling that

Philip D'Ath — Mon, 20 Mar 2017 03:05:31 GMT

We have been trialling that mode for about 3 months. We get maybe 1 false positive every month to two months. Note that we are typically only using "business" web sites, with not that much variation. If your users are accessing a wider variety of sites you may get different results.

Overall, we have decided to accept that odd false positive and leave it on preferring security.

Which mode? Max detection or

evan.chadwick1 — Mon, 20 Mar 2017 19:53:21 GMT

Which mode? Max detection or security over connectivity?

Thanks,

Evan

Security over Connectivity.

Philip D'Ath — Mon, 20 Mar 2017 20:06:07 GMT

Security over Connectivity.

I have used the security over

Rahul Govindan — Tue, 21 Mar 2017 01:10:19 GMT

I have used the security over connectivity policy once before. I have not seen a lot of differences compared to the balanced policy. I do see more low impact signatures (not suspicious) being hit with this policy.

FYI, please see below for a

Marvin Rhoads — Tue, 21 Mar 2017 07:24:13 GMT

FYI, please see below for a high-level comparison of the options.

Source:

BRKSEC-3121 Firepower Threat Defence Advanced Capabilities Deployment and Troubleshooting Options (2017 Melbourne)

https://www.ciscolive.com/online/connect/sessionDetail.ww?SESSION_ID=94771

Connectivity over Security: ~ 500 Rules
• CVSS Score of 10
• Age of Vulnerability: 2 year and newer

Balanced : ~ 7200 Rules
• CVSS Score of 9 or greater
• Age of Vulnerability: 2 year and newer
• Rule category equals Malware-CnC, blacklist, SQL Injection, Exploit-kit

Security over Connectivity: ~ 10000 Rules
• CVSS Score of 8 or greater
• Age of Vulnerability: 3 years and newer
• Rule category equals Malware-CnC, blacklist, SQL Injection, Exploit-kit, App-detect