This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Help

Who rated this post

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Timothy_Hall
Legend Legend
Legend
‎2020-03-27 07:54 AM

My interpretation is that Threat Prevalence is how relevant the particular threat is to a typical environment today.  A Threat Prevalence of Obsolete probably indicates that the threat is against obsolete systems and applications (think Windows NT, Windows XP, etc. - essentially software that has not been supported in a VERY long time).  As mentioned in my IPS Immersion Class, these Additional Activations will never forcibly reactivate a protection that does not meet the current Confidence, Performance Impact, & Severity criteria for the IPS profile.  As such the "Protections to Activate" Window is not generally very useful.  However the "Protections to Deactivate" window CAN be useful, as it can deactivate numerous protections that currently meet the three criteria but are not relevant to your environment at all, and save the firewall overhead associated with looking for matches on those signatures.

If you'd like to see for yourself which IPS Protections are tagged with the "Obsolete" designation you can search for them as shown in this screenshot which shows a protection that dates from 1999:

obsolete.jpg

 

ips_additional.jpg

Gaia 4.18 (R82) Immersion Tips, Tricks, & Best Practices Video Course
Now Available at https://shadowpeak.com/gaia4-18-immersion-course
(1)
Who rated this post