The BIG-IP Application Security Manager Part 2: Policy Building

This is the second article in a 10-part series on the BIG-IP Application Security Manager (ASM). The first article in this series discussed the basics of the BIG-IP ASM...what it is, why you need it,...
Published Sep 04, 2013
Version 1.0
ASM Advanced WAF
policy building
security
tech tip
ltwagnon's avatar
ltwagnon
Ret. Employee
Nov 18, 2013
Praveen, thanks for the great question. The short answer is that you can't use the ASM to block an attack when the ASM is in learning mode, however you have to realize that your application has not had the ASM protecting it before this point, so the security posture hasn't really changed in a negative way. In fact, the security posture will only get better as you take the ASM policy out of staging. While the policy is in learning mode, you can still view the logs, and this will give you a great idea of what is happening on your website so that you can make more immediate changes to your policy if needed (i.e. maybe you won't need to wait 2 weeks to make some changes). It's always a good idea to view the logs so that you can see who/what is requesting access to your site.

 

 

In addition, you can enable other security modules like the AFM or even the security features of the LTM (i.e. syn flood protection) to protect your site even more.

 

 

I hope this helps...let me know if you have any other questions. Thanks again!