Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Sn00pDoug
Explorer

MDS vs CMA policies

Hello Community!

Is there a recommended way to manage multiple domains in terms of where best to apply any policies/objects etc, globally or on the CMA directly. Obviously some objects and access/threat policies will be relevant to single CMAs but its easier/neater to manage globally so its in one place and assign to each domain.

For example I've been doing a lot of IPS exceptions on noisy false positives, which are typically relevant to a particular CMA. Unfortunately doing so requires creating objects on the MDS, essentially duplicating the objects on the CMA just with a different name. Which got me thinking, would it be better to just have all the objects globally? Or perhaps I should just keep my IPS exceptions per CMA? Thanks

 

0 Kudos
2 Replies
Maarten_Sjouw
Champion
Champion

There is no simple answer here, the thing is that it depends on how you use the MDS setup. When your environment is a 1 customer multiple security domains / areas, then it could make sense to create a lot of objects globally as they would be used in most of the domains anyway.
When you are a company servicing a lot of different customers, there is only the monitoring and management systems that are common between the domains and should be setup globally.

Hope this answers your question?
Regards, Maarten
Sn00pDoug
Explorer

Thanks Maarten,

 

Its all the same company with different domains for each site. Makes sense, just want to ensure there is no performance/config dependency disadvantages (or other surprises) from managing globally.

 

Cheers, 

Doug

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events