BIG-IP ASM Security Policy Adjustment Tips

Tips and guidelines

Due to the number of available features and capabilities of the BIG-IP ASM system, administrators may feel overwhelmed. F5 recommends that you keep the following tips and guidelines in mind:

Do not allow the path to implementation to become blocked by a need to instantly build a perfectly secure and tuned environment. Allow for a learning curve and build your security policy to support the needs of your application and organization.

• Do not feel like you must use a feature simply because it exists.
• It is better to see bad traffic than to not see it.
• When zero-day hits, it is better to be in Blocking mode with a current policy than to have to build a new policy from scratch.
• Sometimes providing basic protections for many applications is just as important as providing detailed protection for one.
• Policy Builder creates an effective security policy and can save you a lot of time.
• The BIG-IP ASM system is designed to learn while in production. If you do not have a robust QA environment, your application users may supply the best source of legitimate traffic from which the BIG-IP system can learn.
• The BIG-IP ASM system has multiple, layered protections for each attack vector. Do not over-invest time or resources on particular mitigations.

Policy adjustment over time

• Start with a policy that loosens security restrictions to allow all legitimate behavior and disallow malicious requests.
• Tighten security restrictions over time to incrementally improve protections. 

Note: BIG-IP ASM security policies exists in either Blocking mode or Transparent mode. There is no “learning mode” to deploy. The BIG-IP ASM system learns the elements of your application as part of an ongoing process.