This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Nik_Bloemers
Advisor
Advisor
‎2019-05-23 01:16 AM

IPS ver2 signatures

Hello CheckMates,

 

I often notice multiple versions of the same signature (same CVE), but marked with '- ver2' at the end of the name.
Should this be considered an improved signature of the original (hence it's better to make the normal one Inactive and use the ver2 one) or should this be considered more like a different attack vector for the same vulnerability?

It's a bit confusing since the old signatures don't get disabled or get something added in their description to clarify. Other times I see improved signatures marked explicitly with '- High confidence' or '- Improved confidence' at the end of the name.

So I decided I might as well go and ask 🙂

Kind regards,

Nik Bloemers

1 Reply
Omer_Shliva
Employee
Employee
‎2019-05-26 02:59 AM

Hi,

We recommend that customers use the Optimized Profile.  It allows them running the best Security profile already tuned by Check Point’s IPS team.

In general, you can see that both protections (original and Ver2) have different dates and meta-data; this indicates that the actual detection differs between these 2 protections.

In cases where both protections (original and Ver2) are included in the Optimized profile, I would continue running both of them in order to get wider coverage.

 

Omer Shliva | Team Leader, AB Research Protections and IPS/AB Customer Focus Team

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events