Imperva Cyber Community

Expand all | Collapse all

How long Imperva will update a signature on ADC since a CVE is published?

  • 1.  How long Imperva will update a signature on ADC since a CVE is published?

    Posted 02-04-2020 09:02
    Hi,

    How long Imperva will update a signature on ADC since a CVE is published in order to patch vulnerabilities?

    Thanks!
    #On-PremisesWAF(formerlySecuresphere)

    ------------------------------
    Cong Le
    ------------------------------


  • 2.  RE: How long Imperva will update a signature on ADC since a CVE is published?

    Impervian
    Posted 02-06-2020 05:53
    Here is an article from knowledgebase regarding ADC updates. Hope it helps:

    The Imperva Application Defense Center (ADC) is a premier research organization that provides security analysis, vulnerability discovery, and compliance expertise. ADC research combines extensive lab work with hands-on testing in real world environments to ensure that Imperva products, through advanced data security technology, deliver up-to-date threat protection and unparalleled compliance automation.

    The Imperva ADC develops mitigations based on CVE (Common Vulnerabilities and Exposures) found within the Mitre CVE database. The Imperva ADC continuously monitor all new CVEs and evaluate mitigation for any CVE that is relevant to web applications. Specific policies or signatures are created immediately to mitigate newly found CVEs and an update is pushed to SecureSphere deployments at regular intervals. If a CVE is mitigated out of the box (through SQL injection or XSS correlation engines, for example), the ADC may decide not to address the CVE with an additional signature or policy. These decisions are made after extensive analysis and testing. To summarize, if a vulnerability in ANY application is published through the CVE process, the ADC will ensure that it is mitigated by SecureSphere WAF (assuming of course that it is a web application vulnerability and not a client side issue or an internal infrastructure issue).

    Setting a security rule to block or to only detect is a matter of balancing the damage and probability of a successful attack and the damage and probability of a false detection. For instance, if the ADC can detect the attack in a precise manner, the security rule is set to block; this is the case for the vast majority of newly added rules. If the CVE relates to some esoteric system and the attack vector cannot be clearly identified and maybe considered as a legitimate input in certain cases, then the ADC will set the rule to detect only. The customer is offered the ablity to promote or demote a rule action to block or detect based on their specific needs.

    We currently issue an ADC update every 2 weeks. There is an internal release process that includes extensive QA which adds another week. Hence, from the time of vulnerability release to the time of content release you will have on average 3 week delay. When critical vulnerabilities that have a dramatic effect are discovered the ADC will issue a manual mitigation guidance. In addition, for critical vulnerabilities that affect extremely large populations, they are able to issue emergency updates.



    Source: https://www.imperva.com/sign_in.asp?retURL=/articles/Reference/Understanding-development-of-ADC-Policies

    ------------------------------
    Sabajete Elezaj
    SNT Albania
    ------------------------------



  • 3.  RE: How long Imperva will update a signature on ADC since a CVE is published?

    Posted 26 days ago
    Hello,

    Thanks for the details. 

    I have 3 DAM Management server and all server are showing different signature release date. 

    I think it should be same on all servers. So how can check that DAM server have latest signature in its database. 
    Or if any website available please share it so i can verify database signatures. 

    And second thing can we set notifications mail 
    So as imperva release new signatures on same day i can apply signatures on critical servers without delay. 

    Thank & Regards, 
    Bachchulal varma

    ------------------------------
    Bachchulal varma
    Hitachi systems micro
    Mumbai MB
    ------------------------------



  • 4.  RE: How long Imperva will update a signature on ADC since a CVE is published?

    Impervian
    Posted 24 days ago
    Hi,

    The following link will be helpful for following the latest signature; https://www.imperva.com/sign_in.asp?retURL=/articles/Concept/ADC-Security-Content-Update-Release

    Secondly, as i know there is no option to apply new policies to protected servers.

    ------------------------------
    cezmi çal
    technical expert
    Barikat Cyber Security
    ------------------------------



  • 5.  RE: How long Imperva will update a signature on ADC since a CVE is published?

    Imperva Employee
    Posted 24 days ago
    Hi Bachchulal,

    For notifications on ADC updates, please login to the support portal at: https://www.imperva.com/login

    Then click My Account (upper right tab) > Manage Subscriptions.

    Click ADC Updates (and any other categories you'd like) and click the Save button.

    I also recommend checking each MX to ensure the recurring scheduled job is configured to automatically retrieve and apply the latest ADC content. For more information, please see: https://docs.imperva.com/bundle/v14.2-administration-guide/page/6874.htm

    Thanks.

    ------------------------------
    Jaired Anderson
    Principal Consultant
    Imperva
    Tulsa OK
    ------------------------------