This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Oguz_YILMAZ
Participant
‎2018-04-26 11:53 PM

What is the exact time to be able to obtain IPS signature updates after they released?

Hi everyone,

My question is about IPS signature updates. As you know "Oracle WebLogic WLS Core Component Remote Code Execution (CVE-2018-2628)" vulnerability was published four days ago and I got informed via e-mail from Checkpoint. Although I regularly check IPS signature updates, this and an additional couple of updates appeared on our management server just today. Do you know the reason? Is it possible to accelerate or trigger to obtain immediately freshly released IPS signature updates?

8 Replies
PhoneBoy
Admin
Admin
‎2018-04-27 06:17 PM

We tend to publish updated IPS signatures several times a week.

However, I don't believe we send out mails every time we do so.

You can schedule downloads of the IPS signatures and the required threat policy installation in SmartConsole:

(Clearly, I should also configure this option Smiley Happy)

Note R80.20 Gateways are expected to have an option allowing automatic fetching of latest signatures without an explicit or scheduled policy installation.

0 Kudos
Oguz_YILMAZ
Participant
‎2018-04-28 05:19 AM
In response to PhoneBoy

Hi Dameon,

Thank you for your interest. What I am asking is that as you publish the IPS updates, mostly we get this updates a few days later. Until we get an update which is published a couple days ago, we may not be protected and open to vulnerabilities. Is it possible to get the update notification as soon as you publish the signatures? Do you prioritize your customers based on some kind of types such as geolocation etc. to be able to protect your update servers from excessive requests?

0 Kudos
PhoneBoy
Admin
Admin
‎2018-04-28 12:02 PM
In response to Oguz_YILMAZ

If you configure automatic updates and threat policy installation as described above, you'll always have the most recent signatures applied to your gateways, whether or not they are mentioned in the IPS-NEWS emails.

The signatures are distributed via CDN, so there may be a delay from when we publish to when they are available to you.

0 Kudos
PhoneBoy
Admin
Admin
‎2018-04-30 09:36 PM
In response to Oguz_YILMAZ

I followed up with some folks in the IPS team.

It turns out we actually do send out emails every time the signatures are updated to the IPS-NEWS mailing list.

We send these emails immediately after pushing, though emails may be delayed for various reasons outside our control.

If you see an IPS update and didn't get an email about it, please let us know so we can troubleshoot.

0 Kudos
Oguz_YILMAZ
Participant
‎2018-04-30 11:59 PM
In response to PhoneBoy

Actually, the main issue is not getting an email about IPS update. I get an email about IPS update but I do not see the available update within a short time on my management server which configured already as you stated above. If Checkpoint or the other security companies or the communities related cybersecurity aware and inform about a vulnerability, and let's say Checkpoint take necessary measures for that specific vulnerability and published the protection via IPS signature update, the delay can be annoying. Security is the main concern nowadays, and the delays take around 3-4 days is unacceptable for me. 

The same situation draws attention to another member of Checkmates community (Oracle Web logic Server WLC Vulnerability ). For this member, it lasted only one day which was 4 days for me.

Maybe a couple hours after e-mail notification, if the IPS update is not available for me, I should download offline updates if possible. Would you mind sharing with me where can I download the offline updates?

0 Kudos
PhoneBoy
Admin
Admin
‎2018-05-01 07:03 AM
In response to Oguz_YILMAZ

Offline updates require agreeing to a specific EULA, which your local account team can assist with.

As for the delay in receiving updates, I will check offline how we can troubleshoot this and contact you privately.

0 Kudos
PhoneBoy
Admin
Admin
‎2018-05-01 09:08 AM
In response to Oguz_YILMAZ

Actually, scratch that.

Please open a ticket with the TAC so we can troubleshoot why you're not getting the updates within, say, a couple hours of the email going out.

Contact Support | Check Point Software 

0 Kudos
Oguz_YILMAZ
Participant
‎2018-05-01 11:16 AM
In response to PhoneBoy

Thank you Dameon for your concern. Tomorrow we are going to open a ticket. I hope we can understand the reason and solve this issue with your great effort.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events