Looking through the white papers and documentation, I didn't really find much as to a recommendation on how to tackle the task of app-id configuration as a whole. Have any of you found any documentation that was helpful in this area? One approach I was considering was running a report to identify the most widely used applications within our organization and initially focusing on those that need to be addressed right away. But I can only imagine that eventually a decision point will have to be made on every app-id and future additions PA decides to make. I was also thinking I almost need to create some type of matrix that identifies all of the standardized applications App-id addresses along with all the controls and a decision point on if that control is turned on or not. What approach did you and your organization use to tackle App-id configuration? Rather than re-inventing the wheel, I thought I would ask for advice from my peers that have already gone through this process.
Starting from ACC will be good way to construct a secure way.
If you can do best is "positive security" model as you know.That is not possible for every environment but a best practice for me.
Over an implicity deny, only allow what app you need.And for policy rules , service option - application default.
This will take some time, but after then most secure.
Alternatively, if you can't do that, you should use app. filters by category and also it is a dynamic solution.
After that you should add any harmful apps to a group and write a deny rule for both.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!