Breakout Recap: Cybersecurity Best Practices Part 1 - Preventing Opportunistic Attacks

Community Team Member

I was able to attend the cybersecurity best practices session at Ignite2016 and have a couple of best practices for you that were discussed during this session:


  • File Blocking best practices:
    • Block all PE files, HLP files, LNK files, CHM, BAT and VBS files
    • Block or alert encrypted files
    • Alert on all other file types
    • Forward all PE files to WildFire
    • Use a continue page on executable download > slow down driveby downloads
  • URL filtering best practices :
    • Block dangerous categories with PAN-DB (phishing, dynamic-dns, unknown, proxy-avoidance,questionable, parked)
    • Combine file blocking and URL filtering
    • Use the 'continue' action to alert for potential dangerous sites
  • Vulnerability Protection best practices :
    • Use a strict profile!
  • Anti-Spyware best practices :
    • Use a strict profile with DNS sinkhole option
  • Traps best practices :
    • To prevent the exploitation of the vulnerability
  • WildFire best practices :
    • Forward all PE, Office documents and URLs to WildFire
    • Get your signature updates every 5 minutes.
  • AutoFocus
    • Leverage correlation objects to help prioritize what is going on