• Feature Description
Disable the Attack Signatures Staging (App Firewall object) feature for attack signature with “High Risk and High Accuracy”.
• Problem Statement
Important signatures could be in staging the first days of a major breach.
• Business Impact
Risk of Compromission of a customer’s asset.
• Security Considerations
Risk of Compromission of a customer’s asset.
It is during the first week following the publication of a CVE that attacker’s scanners are most likely to search for a new CVE to exploit.
• Competitive Landscape
Couldflare and Akamai doesn’t have the Attack Signatures Staging feature. Staging mode for them is like Monitoring mode for F5 XC, aka Logging and not blocking.
https://developers.cloudflare.com/waf/managed-rules/reference/cloudflare-managed-ruleset/
https://techdocs.akamai.com/cloud-security/docs/app-api-protector
• Existing Workarounds
Disable Attack Signatures Staging
• Risks of Not Implementing
Make Dangerous, at RISK the use of Attack Signatures Staging feature, and so useless.