Jon Crotteau

To enable or not to enable an IPS signature...

Discussion created by Jon Crotteau on Aug 17, 2017
Latest reply on Aug 18, 2017 by Gaurav Pandya

I would like to know your thoughts...

 

If your organization has a public facing web server that the server team has applied a patch to mitigate a vulnerability, and your Check Point IPS has a signature that can also prevent that at the perimeter, do you use the signature at the perimeter as well as knowing the endpoint was patched, or do you not and leave it up to the endpoint to protect itself? 

 

I've heard answers to both before. Some say not to enable the signature at the perimeter if the endpoint is already protected because it simply increases load on the perimeter firewall. On the other hand, I've heard some say yes because they have a defense in depth security posture. 

 

What is your thought?

Outcomes