Best Practices for Applications and Threats Content Updates

Learn the best practices for keeping application and threat content signatures up-to-date seamlessly.
The best practices to deploy content updates helps to ensure seamless policy enforcement as the firewall is continually equipped with new and modified application and threat signatures. Even though application and threat signatures are delivered together in a single content update package (read more about Applications and Threats Content Updates), you have the flexibility to deploy them differently based on your network security and availability requirements:
  • An organization with a
    security-first
    posture prioritizes protection using the latest threat signatures over application availability. You’re primarily using the firewall for its threat prevention capabilities.
  • A
    mission-critical
    network prioritizes application availability over protection using the latest threat signatures. Your network has zero tolerance for downtime. The firewall is deployed inline to enforce security policy and if you’re using App-ID in security policy, any change to content that affects App-ID could cause downtime.
You can take a mission-critical or security-first approach to deploying content updates, or you can apply a mix of both approaches to meet the needs of the business. Consider your approach as you apply the following best practices to most effectively leverage new and modified threat and application signatures:

Related Documentation