AMP rulesets - 3 years and categories are sufficient?

Solved
sloveland
Conversationalist

AMP rulesets - 3 years and categories are sufficient?

I'm a Paranoid Security Guy™

I looked at https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Threat_Protection and am concerned that an IDS ruleset that "contains rules that are from the current year and the previous three years, are for vulnerabilities with a CVSS score of 8 or greater" plus 5 categories of rules won't be sufficient to protect us.

 

What happens when an attacker tries to exploit a vulnerability that is 2 years old and has a CVSS score of 7? Or a vulnerability that is 5 years old and rates as 10?

 

Looking for any advice you may have. Thanks in advance.

1 Accepted Solution
sloveland
Conversationalist

We're considering another vendor.

View solution in original post

6 Replies 6
jdsilva
Kind of a big deal

I would argue holding the title of "Paranoid Security Guy" and having software that hasn't been updated in over 3 years are mutually exclusive. Please, if you haven't patched in the last three years then now is the time to do so!

 

🙂

 

 

sloveland
Conversationalist

I agree with you.

 

However, it's not just about missing the +3 year-old patch - it's the 2 year-old that scores a 7.

PhilipDAth
Kind of a big deal
Kind of a big deal

As @jdsilva  says, seriously, if you haven't patched the systems within 2 years you have another problem.

 

sloveland
Conversationalist

Well, this hasn't been helpful.

 

I was hoping for some insight so I could counter the argument that is coming from other suppliers that Meraki rule sets are too small to combat threats that a modern enterprise would face.

 

 

PhilipDAth
Kind of a big deal
Kind of a big deal

Perhaps you should consider Cisco Firepower (like a 2110 appliance or an ASA 5516) if you want a lot of control.  They let you turn every knob you can think of.

sloveland
Conversationalist

We're considering another vendor.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels