Gradual / Modular Blocking

Gradual or modular blocking is a security policy strategy in which violations are incrementally enforced. This method enables certain violations to be blocked immediately, while others remain in a "staging" phase to be tuned and adjusted over time. It provides flexibility and ensures a balance between protection and application availability.

Key Features

  1. Incremental Enforcement:

    • Violations are grouped into modules, such as attack signatures, file types, or parameter lengths.

    • Some modules are immediately enforced while others are staged for learning and fine-tuning.

  2. Staging Mode:

    • Non-blocking mode allows observation of how a policy interacts with real-world traffic.

    • Recommendations are generated to help fine-tune the staged violations.

  3. Customizable Blocking:

    • Administrators can choose which types of violations to block (e.g., SQL injection) and which to observe.

    • Modules can be moved from staging to blocking as confidence in the policy grows.

  4. Gradual Stability:

    • As modules are fine-tuned, the policy becomes more robust and can be fully enforced over time.

    • Reduces false positives and ensures seamless application functionality during the tuning phase.

Texted Graph: Gradual/Modular Blocking

+---------------------------+           +-------------------------+  
|         Traffic           |           |     Policy Builder      |  
+---------------------------+           +-------------------------+  
             |                                     |  
             |          Fine-tuning               |  
             +------------------------------------>  
             |                                     |  
   +-----------------+                   +---------------------+  
   | Blocking Module |                   |    Staging Module   |  
   +-----------------+                   +---------------------+  
             |                                     |  
             |      Gradual Blocking              |  
             +------------------------------------>  
             |                                     |  
   +-------------------------+        +----------------------------+  
   | Immediate Protection    |        | Observing & Adjusting      |  
   +-------------------------+        +----------------------------+

How Gradual Blocking Works

  1. Initial Setup:

    • Configure a policy with a mix of blocking and staging modules.

    • Use staging mode to observe and analyze how traffic behaves under the policy.

  2. Fine-tuning Phase:

    • Based on traffic insights, adjust the staged violations to reduce false positives.

    • Gradually move tuned modules from staging to blocking.

  3. Full Enforcement:

    • Over time, as confidence in the policy grows, all modules can be moved to blocking.

    • The policy becomes fully robust and enforced without impacting legitimate traffic.

Advantages

  • Flexibility: Protect critical areas immediately while tuning other areas gradually.

  • Reduced False Positives: Staging mode allows observation without immediate enforcement.

  • Seamless Rollout: Avoids disruptions by gradually enforcing security rules.

  • Customization: Tailored to specific application needs and risk tolerance.

PreviousPolicy ModificationNextApplication Security Policy Lifecycle

Last updated