How to Increase Learning Score / Deployment Speed

The Learning Score is a percentage that reflects the progress of the policy-building process for specific entities or items in the security policy. This score helps administrators track how well the ASM/AWAF system understands application behavior.

Key Factors Affecting Learning Score

  1. Violation Assignment and Correlation:

    • Each violation is assigned a percentage value to indicate its learning progress.

    • The Correlation Engine processes traffic patterns and generates learning suggestions.

  2. Session Tracking:

    • ASM/AWAF records detailed session data over time for the web application.

    • Learning scores are updated based on these session details.

  3. Staging Status:

    • Entities or violations in Staging Mode contribute to learning scores as the system observes traffic behavior without enforcing blocking.

  4. Parameters of the Learning Algorithm:

    • The time required for a violation to reach 100% learning score depends on:

      • Traffic Volume: Higher traffic speeds up the learning process.

      • Entity Staging Time: Entities in staging require longer observation periods.

      • Trustworthiness of IPs:

        • Requests from Untrusted IPs progress slowly as they require more samples.

        • Adding an IP to the Trusted List accelerates learning progress for requests from that IP.

Strategies to Increase Learning Score / Deployment Speed

  1. Optimize IP Trust Levels:

    • Identify legitimate sources of traffic and add them to the Trusted IP list.

    • Reduces the sample requirement for learning progress.

  2. Increase Traffic Volume:

    • Ensure the application is actively receiving diverse and legitimate requests.

    • Simulate traffic in controlled environments for faster sampling.

  3. Adjust Staging Time:

    • Minimize staging time for low-risk entities while observing high-risk entities longer.

    • Shorter staging durations speed up enforcement readiness.

  4. Refine the Learning Algorithm:

    • Focus on specific entities or violations with slower progress by adjusting:

      • Sampling thresholds.

      • Learning score weightings for critical entities.

  5. Select an Appropriate Learning Speed:

    • Use Fast Learning Mode in environments with low traffic and low risk.

    • Choose Medium or Slow Mode in high-traffic or high-risk scenarios to reduce inaccuracies.

PreviousSecurity Policy Violation FlagsNextComparison: Enforcement Mode, Learning Mode, and Violation Flags

Last updated