Introduce Behavior and Reputation Based IPS Signatures
There are Snort based IDS rule sets that provide behavior and reputation based rules which do not currently appear to be available in the UTM. Current IPS rules are insufficient to detect connections from known malicious hosts. Further, we have experienced fairly large brute force attacks against open RDP ports (business requirement) , that went undetected by the UTM IPS.
Emerging Threats - ET CINS Active Threat Intelligence Poor Reputation series signatures
Emerging Threats - ET SCAN Behavioral Unusually fast Terminal Server Traffic