We are in process of evaluating and implementing Cisco IPS solution for our security needs.
Our vendor told us that 'online' signature updates of Cisco IPS is not possible- it is a manual process and we need to reload the appliance if we wish to update the files.
Somehow, it defies logic. Surely, I beleive, that any IPS should have the ability to get its signatures updated 'online'.
I apologise since this question is too elementary in nature. But could someone shed more light on this?
You have auto update feature in Cisco IPS version 6.0, take a look at the attached picture.
When updating signatures it is *recommended* that you reload the signatures (reboot the sensor), although this is not mandatory.
Our IPS hasn't been rebooted for over two months now and everything is running ok.