Imperva Cyber Community

communities_1.jpg
 View Only
  • 1.  How long Imperva will update a signature on ADC since a CVE is published?

    Posted 02-04-2020 09:02
    Hi,

    How long Imperva will update a signature on ADC since a CVE is published in order to patch vulnerabilities?

    Thanks!
    #On-PremisesWAF(formerlySecuresphere)

    ------------------------------
    Cong Le
    ------------------------------


  • 2.  RE: How long Imperva will update a signature on ADC since a CVE is published?
    Best Answer

    Posted 02-06-2020 05:53
    Here is an article from knowledgebase regarding ADC updates. Hope it helps:

    The Imperva Application Defense Center (ADC) is a premier research organization that provides security analysis, vulnerability discovery, and compliance expertise. ADC research combines extensive lab work with hands-on testing in real world environments to ensure that Imperva products, through advanced data security technology, deliver up-to-date threat protection and unparalleled compliance automation.

    The Imperva ADC develops mitigations based on CVE (Common Vulnerabilities and Exposures) found within the Mitre CVE database. The Imperva ADC continuously monitor all new CVEs and evaluate mitigation for any CVE that is relevant to web applications. Specific policies or signatures are created immediately to mitigate newly found CVEs and an update is pushed to SecureSphere deployments at regular intervals. If a CVE is mitigated out of the box (through SQL injection or XSS correlation engines, for example), the ADC may decide not to address the CVE with an additional signature or policy. These decisions are made after extensive analysis and testing. To summarize, if a vulnerability in ANY application is published through the CVE process, the ADC will ensure that it is mitigated by SecureSphere WAF (assuming of course that it is a web application vulnerability and not a client side issue or an internal infrastructure issue).

    Setting a security rule to block or to only detect is a matter of balancing the damage and probability of a successful attack and the damage and probability of a false detection. For instance, if the ADC can detect the attack in a precise manner, the security rule is set to block; this is the case for the vast majority of newly added rules. If the CVE relates to some esoteric system and the attack vector cannot be clearly identified and maybe considered as a legitimate input in certain cases, then the ADC will set the rule to detect only. The customer is offered the ablity to promote or demote a rule action to block or detect based on their specific needs.

    We currently issue an ADC update every 2 weeks. There is an internal release process that includes extensive QA which adds another week. Hence, from the time of vulnerability release to the time of content release you will have on average 3 week delay. When critical vulnerabilities that have a dramatic effect are discovered the ADC will issue a manual mitigation guidance. In addition, for critical vulnerabilities that affect extremely large populations, they are able to issue emergency updates.



    Source: https://www.imperva.com/sign_in.asp?retURL=/articles/Reference/Understanding-development-of-ADC-Policies

    ------------------------------
    Sabajete Elezaj
    SNT Albania
    ------------------------------



  • 3.  RE: How long Imperva will update a signature on ADC since a CVE is published?

    Posted 07-11-2020 08:40
    Hello,

    Thanks for the details. 

    I have 3 DAM Management server and all server are showing different signature release date. 

    I think it should be same on all servers. So how can check that DAM server have latest signature in its database. 
    Or if any website available please share it so i can verify database signatures. 

    And second thing can we set notifications mail 
    So as imperva release new signatures on same day i can apply signatures on critical servers without delay. 

    Thank & Regards, 
    Bachchulal varma

    ------------------------------
    Bachchulal varma
    Hitachi systems micro
    Mumbai MB
    ------------------------------



  • 4.  RE: How long Imperva will update a signature on ADC since a CVE is published?

    Posted 07-13-2020 02:35
    Edited by Cezmi Cal 07-13-2020 02:36
    Hi,

    The following link will be helpful for following the latest signature; https://www.imperva.com/sign_in.asp?retURL=/articles/Concept/ADC-Security-Content-Update-Release

    Secondly, as i know there is no option to apply new policies to protected servers.

    ------------------------------
    cezmi çal
    technical expert
    Barikat Cyber Security
    ------------------------------



  • 5.  RE: How long Imperva will update a signature on ADC since a CVE is published?

    Posted 07-13-2020 05:07
    Hi Bachchulal,

    For notifications on ADC updates, please login to the support portal at: https://www.imperva.com/login

    Then click My Account (upper right tab) > Manage Subscriptions.

    Click ADC Updates (and any other categories you'd like) and click the Save button.

    I also recommend checking each MX to ensure the recurring scheduled job is configured to automatically retrieve and apply the latest ADC content. For more information, please see: https://docs.imperva.com/bundle/v14.2-administration-guide/page/6874.htm

    Thanks.

    ------------------------------
    Jaired Anderson
    Principal Consultant
    Imperva
    Tulsa OK
    ------------------------------



  • 6.  RE: How long Imperva will update a signature on ADC since a CVE is published?

    Posted 05-09-2021 19:54

    I can't find "manange subscription" in new customer portal. Could you highlight where I can find it?



    ------------------------------
    Gavin Liu
    SE
    Shanghai
    ------------------------------



  • 7.  RE: How long Imperva will update a signature on ADC since a CVE is published?

    Posted 05-10-2021 02:06
    Hello,

    Login to the new Portal, On top right click your name, My Profile -> Manage Notifications-> Check ADC Updates Box.

    Hope it helps.

    ------------------------------
    Sabajete Elezaj
    Security Engineer
    Snt Albania
    Tirana
    ------------------------------



  • 8.  RE: How long Imperva will update a signature on ADC since a CVE is published?

    Posted 05-10-2021 09:48
    Hello,

    With the site redesign, the location has moved.

    Once logged in, click your profile icon at the upper right and then click "My Profile".


    Then, select the areas in which you are interested and click "Save".