IPS Signatures - Where do they come from and how are they enforced?

Unanswered Question
Nov 20th, 2009
User Badges:

Ok i have heard different stories on this. At first I heard Trend makes these and is the reason for the licensing in the past few years. Another internal source tells me that cisco has a signature creation group/committee internally that creates these. Whats the skinny? Also, when a know vulnerability is seen out on the internet and a CVE is associated with it, what is the delta in time before this "internal committee" decides to create them as a cisco sig? Can anyone indicate the policy cisco goes through on the decisions and how long this usually takes? Lastly, Cisco sends new sigs all the time, weekly nowadays. In those new sig sets are retired sigs. Why have retired sigs sent in a new sig set ? or are these sigs stricly retiring the old sigs already in the system ? How does cisco decide to retire a sig, what process dloes it go through?

Ok there is a lot there but we have  alot of  students who ask and it may benefit a high nunber of cisco customers.....



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Steven Smith Fri, 11/20/2009 - 14:56
User Badges:
  • Gold, 750 points or more

Which system are you talking about here?  For some systems, there are signatures that Cisco uses, for other systems, it is trend micro.

Steven DiStefano Sun, 12/20/2009 - 07:16
User Badges:
  • Blue, 1500 points or more

In Late December, Cisco will ofer IPS protection on the SA500 series as a licence based SKU which can be added to your product order.


This Discussion