RIYADH

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

RIYADH

L1 Bithead

HELLO EVERYONE !!

 

I GOT GENERAL QUESTION ABOUT ACC RISK FACTOR

IT REACHES 4.0

DOES THIS WILL MAKE THE PALOALTO GO SLOW ? 

 

AND WHAT IS BEST VERIFIED APPLICATION  THAT I SHOULD ADD

SO IT CAN LOWER THE RISK . IF YOU HAVE A LIST THAT WOULD BE HELPFUL

 

THANK YOU 🙂

 

 

1 accepted solution

Accepted Solutions

Cyber Elite
Cyber Elite

@aziz_paloalto,

Don't judge your actual risk factor by what the calculated risk factor is displayed as, that just has you worrying about potentially nothing. The default risk factor of applications will have that go up depending on what app-ids are being identified, however if you have a proper security rulebase configuration that locks everything down to sanctioned apps then I wouldn't be to worried about it.

Most applications will bring you close to a Risk cateogry of 4.  App-ids such as ssl, youtube-base, web-browsing, google-base, facebook-video, facebook-base, apple-appstore, and many others are all Risk 4 app-ids. You can edit these if you simply want to tell management that your risk level has gone down, but really that number doesn't actually mean much of anything unless you've taken the time to fine-tune your different rulebases, created custom app-ids, lowered the Risk of known sanctioned applications that have inherint risks associated with them and so on. Otherwise I would kind of expect this to be anywhere from 3-4 depending on the type of network traffic that you are processing. 

View solution in original post

3 REPLIES 3

L7 Applicator

Hi @aziz_paloalto

 

  1. Welcome to the live community
  2. Buy a keyboard where you can disable caps lock 😉
  3. No, the risk factor is nothing that has a direct impact on the performance
  4. What do you mean with a list of applications to lower the risk? The risk only somehow means that your users are using risky applications. In the acc you see these applications and it is up to you if you want to block them or not.
  5. For example: You can also create an application filter group to generally block applications with a risk higher or equal to 4

 

Regards,

Remo

L4 Transporter

Hi,

 

Just wanted to add something, if you trust those applications you can modify the risk factor for them. Of course its not recommended but this will decrease the risk factor.

 

Regards,

Sharief

Regards,
Sharief

Cyber Elite
Cyber Elite

@aziz_paloalto,

Don't judge your actual risk factor by what the calculated risk factor is displayed as, that just has you worrying about potentially nothing. The default risk factor of applications will have that go up depending on what app-ids are being identified, however if you have a proper security rulebase configuration that locks everything down to sanctioned apps then I wouldn't be to worried about it.

Most applications will bring you close to a Risk cateogry of 4.  App-ids such as ssl, youtube-base, web-browsing, google-base, facebook-video, facebook-base, apple-appstore, and many others are all Risk 4 app-ids. You can edit these if you simply want to tell management that your risk level has gone down, but really that number doesn't actually mean much of anything unless you've taken the time to fine-tune your different rulebases, created custom app-ids, lowered the Risk of known sanctioned applications that have inherint risks associated with them and so on. Otherwise I would kind of expect this to be anywhere from 3-4 depending on the type of network traffic that you are processing. 

  • 1 accepted solution
  • 2970 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!