Connection Security Rules are not utilized nearly as often as Inbound and Outbound Rules, but CSRs are vastly more powerful. These types of rules are useful for setting up more advanced restrictions about how computers can communicate. This section of WFAS has a lot to do with IPsec protecting traffic between endpoints, making sure that certain endpoints can only communicate with certain other endpoints, or perhaps for requiring certain kinds of encryption between those two devices.
One of the places where I touch on Connection Security Rules is when configuring the Microsoft remote-access technology, DirectAccess. Inside the DirectAccess configuration, there are Connection Security Rules at play that negotiate IPsec tunnels between the DA clients and the DA server, which are the secure tunnels used to transport data over the internet. These rules are sort of the secret sauce that allow the automatic VPN-like connectivity for users working remotely. IPsec can also be used to secure communications within your LAN, for example requiring an encrypted traffic stream between your accounting computers and their server that contains super-sensitive payroll data.