Policy Adjustment Based on Attack Events in ADS
2024-4-5 09:37:7 Author: securityboulevard.com(查看原文) 阅读量:2 收藏

This article provides a brief explanation of policy fine-tuning in ADS. Please note that fine-tuning the protection policy is a time-consuming process. This article focuses on how to check attack details in ADS based on attack events and optimize policies accordingly. Due to different versions of ADS, the screenshots shown in the article may differ from the actual device webpage you are using. However, the functionalities demonstrated in the article can still serve as a reference.

1. Attack Details

Attack Details can be found in the Logs -> Attack Log section of the ADS. Considering performance reasons, ADS randomly selects and displays only 3 logs from the last 30 seconds. If you cannot find information about a specific attack, it may be due to this reason.

2.  Protection Event Statistics

Protection Event Statistics, which can be found in the Logs -> Protection Log section of the ADS, provides a comprehensive display of all attack events. Unlike the attack details, this section does not display the source IP information, but it can show the attack duration status of the specific defense group. You can adjust the corresponding protection policies based on the attack events displayed here.

3.  Policy Fine Tunning

For example, if the displayed attack event is “Invalid_SYN_Packet” as shown in the screenshot above, it indicates that the “Invalid SYN Packet Filtering” policy in the “Anomalous Packet Filtering Rules” was triggered due to an invalid length of the SYN packet. You can adjust the corresponding policy in the corresponding group, e.g., “DemoGroup@DemoRegion” in the screenshot above.

By following the steps above, you can perform some policy optimization. However, as previously mentioned, policy optimization is an ongoing process that requires consideration of your specific business needs.

If in doubt about algorithm use, please feel free to contact the support team ([email protected]). In addition, NSFOCUS has an MSS (Managed Security Service) service. And MSS service has a dedicated SoC team to assist with policy adjustments. If you are interested, please feel free to contact the SOC team ([email protected]).

The post Policy Adjustment Based on Attack Events in ADS appeared first on NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks..

*** This is a Security Bloggers Network syndicated blog from NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks. authored by NSFOCUS. Read the original post at: https://nsfocusglobal.com/policy-adjustment-based-on-attack-events-in-ads/


文章来源: https://securityboulevard.com/2024/04/policy-adjustment-based-on-attack-events-in-ads/
如有侵权请联系:admin#unsafe.sh