Workflow to Best Incorporate New and Modified App-IDs
Focus
Focus

Workflow to Best Incorporate New and Modified App-IDs

Table of Contents

Workflow to Best Incorporate New and Modified App-IDs

Refer to this master workflow to first set up Application and Threat content updates, and then to best incorporate new and modified App-IDs into your security policy. Everything you need to deploy content updates is referenced here.
  1. Align your business needs with an approach to deploying Application and Threat content updates.
    Learn how Applications and Threat Content Updates work, and identify your organization as either mission-critical or security-first. Understanding which of these is most important to your business will help you to decide how to best deploy content updates and apply best practices to meet your business needs. You might find that you want to apply a mix of both approaches, perhaps depending on firewall deployment (data center or perimeter) or office location (remote or headquarters).
  2. Review and apply the Best Practices for Applications and Threats Content Updates based on your organization’s network security and application availability requirements.
  3. Configure a security policy rule to always allow new App-IDs that might have network-wide impact, like authentication or software development applications.
    The New App-ID characteristic matches to only the App-IDs introduced in the latest content release. When used in a security policy, this gives you a month’s time to fine tune your security policy based on new App-IDs while ensuring constant availability for App-IDs that fall into critical categories (Ensure Critical New App-IDs are Allowed).
  4. Set the schedule to Deploy Application and Threat Content Updates; this includes the option to delay new App-ID installation until you’ve had time to make necessary security policy updates (using the New App-ID Threshold).
  5. After you’ve setup a content updates installation schedule, you’ll want to regularly check in and See the New and Modified App-IDs in a Content Release.
  6. You can then See How New and Modified App-IDs Impact Your Security Policy, and make adjustments to your security policy as needed.
  7. Monitor New App-IDs to get a view into new App-ID activity on your network, so that you’re best equipped to make the most effective security policy updates.