cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

AMP rulesets - 3 years and categories are sufficient?

SOLVED
Highlighted
Conversationalist

AMP rulesets - 3 years and categories are sufficient?

I'm a Paranoid Security Guy™

I looked at https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Threat_Protection and am concerned that an IDS ruleset that "contains rules that are from the current year and the previous three years, are for vulnerabilities with a CVSS score of 8 or greater" plus 5 categories of rules won't be sufficient to protect us.

 

What happens when an attacker tries to exploit a vulnerability that is 2 years old and has a CVSS score of 7? Or a vulnerability that is 5 years old and rates as 10?

 

Looking for any advice you may have. Thanks in advance.

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Conversationalist

Re: AMP rulesets - 3 years and categories are sufficient?

We're considering another vendor.

View solution in original post

6 REPLIES 6
Highlighted
Kind of a big deal

Re: AMP rulesets - 3 years and categories are sufficient?

I would argue holding the title of "Paranoid Security Guy" and having software that hasn't been updated in over 3 years are mutually exclusive. Please, if you haven't patched in the last three years then now is the time to do so!

 

🙂

 

 

Highlighted
Conversationalist

Re: AMP rulesets - 3 years and categories are sufficient?

I agree with you.

 

However, it's not just about missing the +3 year-old patch - it's the 2 year-old that scores a 7.

Highlighted
Kind of a big deal

Re: AMP rulesets - 3 years and categories are sufficient?

As @jdsilva  says, seriously, if you haven't patched the systems within 2 years you have another problem.

 

Highlighted
Conversationalist

Re: AMP rulesets - 3 years and categories are sufficient?

Well, this hasn't been helpful.

 

I was hoping for some insight so I could counter the argument that is coming from other suppliers that Meraki rule sets are too small to combat threats that a modern enterprise would face.

 

 

Highlighted
Kind of a big deal

Re: AMP rulesets - 3 years and categories are sufficient?

Perhaps you should consider Cisco Firepower (like a 2110 appliance or an ASA 5516) if you want a lot of control.  They let you turn every knob you can think of.

Highlighted
Conversationalist

Re: AMP rulesets - 3 years and categories are sufficient?

We're considering another vendor.

View solution in original post

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.