AMP rulesets - 3 years and categories are sufficient?

Solved
sloveland
Conversationalist

AMP rulesets - 3 years and categories are sufficient?

I'm a Paranoid Security Guy™

I looked at https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Threat_Protection and am concerned that an IDS ruleset that "contains rules that are from the current year and the previous three years, are for vulnerabilities with a CVSS score of 8 or greater" plus 5 categories of rules won't be sufficient to protect us.

 

What happens when an attacker tries to exploit a vulnerability that is 2 years old and has a CVSS score of 7? Or a vulnerability that is 5 years old and rates as 10?

 

Looking for any advice you may have. Thanks in advance.

1 Accepted Solution
sloveland
Conversationalist

We're considering another vendor.

View solution in original post

6 Replies 6
jdsilva
Kind of a big deal

I would argue holding the title of "Paranoid Security Guy" and having software that hasn't been updated in over 3 years are mutually exclusive. Please, if you haven't patched in the last three years then now is the time to do so!

 

🙂

 

 

sloveland
Conversationalist

I agree with you.

 

However, it's not just about missing the +3 year-old patch - it's the 2 year-old that scores a 7.

PhilipDAth
Kind of a big deal
Kind of a big deal

As @jdsilva  says, seriously, if you haven't patched the systems within 2 years you have another problem.

 

sloveland
Conversationalist

Well, this hasn't been helpful.

 

I was hoping for some insight so I could counter the argument that is coming from other suppliers that Meraki rule sets are too small to combat threats that a modern enterprise would face.

 

 

PhilipDAth
Kind of a big deal
Kind of a big deal

Perhaps you should consider Cisco Firepower (like a 2110 appliance or an ASA 5516) if you want a lot of control.  They let you turn every knob you can think of.

sloveland
Conversationalist

We're considering another vendor.

Get notified when there are additional replies to this discussion.