False Positives on NGAF

Lilia Lv2Posted 07 May 2023 22:44

I am having a false positive on our NGAF. What will I do to prevent this because it blocks legitimate traffics.

By solving this question, you may help 806 user(s).

Posting a reply earns you 2 coins. An accepted reply earns you 20 coins and another 10 coins for replying within 10 minutes. (Expired) What is Coin?

Enter your mobile phone number and company name for better service. Go

Zonger Lv5Posted 08 May 2023 03:49
  
False positives can be a common issue with NGAF (Next-Generation Application Firewall) systems, as they can sometimes incorrectly identify legitimate traffic as malicious. To prevent this from happening, here are some steps you can take:

Check the NGAF configuration: Ensure that the NGAF is correctly configured and that it is using the latest threat intelligence and security rules. It's possible that a misconfiguration or outdated rules could be causing false positives.

Whitelist legitimate traffic: Identify the legitimate traffic that is being blocked and create a whitelist to allow it through the NGAF. This can be done by specifying the source and destination IP addresses, ports, and protocols of the legitimate traffic.

Tune NGAF policies: Adjust NGAF policies to reduce the number of false positives. This can involve modifying existing policies or creating new ones that are more accurate and specific to the traffic being inspected.

Perform regular testing: Conduct regular testing of the NGAF to ensure that it is working correctly and not generating false positives. This can include using test traffic and monitoring the NGAF logs for any false positives.

Consider using other security solutions: Consider implementing other security solutions, such as endpoint protection or intrusion prevention systems, to complement the NGAF and provide additional layers of security.
rivsy Lv5Posted 08 May 2023 09:22
  
For false positive issue, you can go to https://sec.sangfor.com.cn/login.html?lang=EN-US and login with the community account. After login, press the User on the top right cornet and choose feedback and fill up the form.
Newbie158158 Lv1Posted 08 May 2023 17:50
  

To prevent false positives on your Next-Generation Firewall (NGAF) and avoid blocking legitimate traffic, consider the following solutions:

Fine-tune Security Policies: Review and refine your security policies to ensure they align with your organization's requirements. Adjust rule settings, such as application control, threat detection, and IPS/IDS, to minimize false positives while maintaining robust security.

Regularly Update and Maintain Signature Databases: Keep your NGAF's signature databases up to date. Regularly update threat intelligence feeds and security subscriptions to ensure accurate detection and minimize false positives.

Configure Exclusion Lists: Create exclusion lists for known legitimate traffic or applications that may trigger false positives. These lists can help whitelist specific IPs, domains, or applications to prevent unnecessary blocking.

Implement Traffic Analysis and Monitoring: Utilize traffic analysis tools to identify patterns, behaviors, and anomalies in network traffic. This allows you to pinpoint false positives and fine-tune your NGAF's settings accordingly.

Test and Validate Changes: Before implementing any significant changes to your NGAF's configuration, conduct thorough testing and validation to ensure they don't introduce false positives or compromise security.

Collaborate with Vendors and Security Communities: Engage with NGAF vendors, security forums, and online communities to gain insights, share experiences, and learn best practices for minimizing false positives.

I Can Help:

Change

Moderator on This Board

11
7
5

Started Topics

Followers

Follow

1
3
5

Started Topics

Followers

Follow

0
4
5

Started Topics

Followers

Follow

67
20
3

Started Topics

Followers

Follow

3
14
3

Started Topics

Followers

Follow

1
137
3

Started Topics

Followers

Follow

Board Leaders