Comms-care IPS Signature Updates Q&A

Q. What is an IPS signature?

A. Cisco IPS signatures are used to identify and block attacks against specific vulnerabilities or certain types of threats. Because new threats and vulnerabilities are constantly being discovered, the signature database needs to be constantly updated to make sure that the protection provided by the IPS stays current.

Q. How do I update my IPS signatures?

A. Cisco investigates and creates signatures for new threats as they are discovered and publishes new signatures regularly. When a new signature update is available, Cisco notifies you that it is available. Signature updates can be installed manually or downloaded and installed automatically using native Cisco IPS capabilities or management tools such as Cisco Security Manager.

Q. Why is updating IPS signatures important?

A. Network security threat levels are common and have escalated in severity. The scope of damage has grown from individual computers and networks to regional networks and even global infrastructures. Vulnerabilities can be exploited within hours. Without constant updates, the IPS solution cannot provide protection against new threats and attacks. The results of undetected, uncontained security breaches are well known, including expensive repair and restoration, lost revenue, compromise and loss of vital data, disruption of business, and damage to your company's reputation.

Q. How often can I expect to be notified of an IPS signature update?

A. Cisco typically publishes lower priority IPS signature updates on a weekly basis. Depending on the severity of a threat, Cisco publishes signature updates within hours of identifying a threat.

Q. Can I obtain IPS signature updates without a Cisco Services for IPS contract?

A. No. Signature updates are available only to customers with a Cisco/Comms-care Co-brand (CBFB) Services for IPS service contract. Each IPS solution must be under contract.

Q. Am I entitled to IPS signature updates during the warranty period of a product?

A. No. Cisco warranty does not include signature updates.

Q. What IPS technologies and platforms are supported in IPS 7.0?

A. Global correlation is enabled in Cisco IPS Sensor Software Release 7.0. All Cisco IPS sensors that are able to support new IPS Sensor Software releases will be able to run global correlation. Cisco IOS Software IPS currently does not support global correlation and reputation updates. Installed base customers with valid Cisco Services for IPS contracts are entitled to upgrade their IPS products under their service agreement. Supported devices include:
● Cisco IPS 4200 Series appliances
● Cisco ASA 5500 Series with IPS modules
● IPS modules (IDSM-2) for Cisco Catalyst switches
● IPS modules (AIM-IPS and NME-IPS) for ISR routers
Cisco IOS Software-based IPS devices (IPS on Cisco IOS Software) and ASA-5505-AIP5 do not take advantage of global correlation and reputation updates at this time.

Q. How do global correlation and reputation updates work for IPS signatures?

A. Cisco IPS sensors continually receive threat updates from the Cisco SensorBase Network that contain detailed information about the known threats on the Internet. Powerful reputation filters can block the worst attackers IPS Updates Q&A Version 1.2 outright. Cisco IPS 7.0 incorporates global threat data into its inspection algorithms, providing earlier and more accurate detection and prevention of malicious intrusions.

Q. How often will the IPS signatures be updated by Cisco Sensor Base Network and vice versa?

A. SensorBase provides global correlation updates generally as frequently as every five minutes. Participating Cisco IPS devices retrieve these updates and can also send threat information back to Cisco SensorBase. This creates a feedback loop that helps improve the SensorBase analysis and improves the effectiveness of your network security.

Q. What is network participation?

A. In addition to receiving updates on global threat conditions, a Cisco IPS sensor might also contribute threat information back into the Cisco SensorBase Network. When a participating IPS detects an attack, it anonymously sends back information on that attack. This data can then be correlated with all other security intelligence that Cisco SensorBase receives to provide early warning of emerging Internet threats.

Q. How does Cisco protect my data when I opt in to network participation?

A. All threat information shared with Cisco is anonymous and encrypted. The information that is most useful in identifying emerging global threats is information about the threats themselves. As such, participation data does not include any information about the victims of attacks, just the identity of the attacker and the type of attack detected. To protect your privacy, participation data does not include any information about internal addresses. So, even if attack activity originates from your network, it will not be communicated back to Cisco, only attacks that target your resources. IPS Updates Q&A Version 1.2

Q. What is the Cisco IPS Threat Defence Bulletin?

A. The Cisco IPS Threat Defence Bulletin is included with every signature update. The bulletin provides detailed information on new protections provided for Cisco IPS as well as the threats and vulnerabilities to which they apply. Information in the bulletin is linked to additional content from Cisco Security Intelligence Operations as well as third-party sources to provide a comprehensive single source solution for security intelligence information.

Q. Are Cisco operating system software updates included with the Cisco Services for IPS contract?

A. Yes. For Cisco operating systems, such as Cisco IPS Version 6.0 and Cisco IOS Software, all software updates for the licensed feature set are part of the service. Software updates include bug fixes and maintenance, minor, and major releases within a feature set. There are no additional charges for updates as long as the product remains under Cisco/Comms-care Co-brand (CBFB) Services for IPS coverage.

● Major release (version or main line): Consolidates previous bug fixes, maintenance and previous early deployment releases, and new capabilities into a single release; for example: Cisco IOS Software Release 12.0 or 12.0M or IPS version 6.x to 7.x
● Minor release: Internal to Cisco for Cisco IOS Software; for example: Cisco IOS Software Release 12.3 or 12.3M to 12.4 or IPS version 6.0 to 6.1
● Maintenance release: Includes bug fixes, patches, and service packs; for example:
Cisco IOS Software Releases 12.2.3 or 12.2(3) or IPS Operating System release 6.0 to 6.0.6 IPS Updates Q&A Version 1.2

Q. Why does Cisco only offer OS software “updates” with Cisco Services for IPS signatures? Other vendors say they offer software upgrades.

A. It is only a difference in terminology. Cisco uses the term “upgrade” when a customer moves from one software feature set to another. Major updates or major releases within a software feature set are the Cisco equivalent to what other vendors call software upgrades (for example, an upgrade from version 6.0 to 7.0).

Q. What is a feature set upgrade? Is it included in Cisco Services for IPS signatures?

A. A feature set upgrade is a separately licensed and priced software release that contains enhanced configurations or features that provide additional capabilities. For example, to upgrade from the IP to IP/Internetwork Packet Exchange (IPX) feature set or IP Base to IP Advance Security, you must purchase the upgrade. However, just like Cisco SMARTnet or Comms-care Co-brand (CBFB) or Comms-care Co-brand (CBFB) Service, feature set upgrades are not available as part of a Cisco/Comms-care Co-brand (CBFB) Services for IPS offering.

Q. Is support for Cisco applications software products, such as IP telephony and network management, included in the Cisco Services for IPS offering?

A. No. Cisco has three software application service offerings that support Cisco application software products such as IP telephony, network management, and CiscoWorks VPN Security Management Software (VMS). The three programs are Unified Communication Essential Operate Services for voice products; Cisco Software Application Support (SAS); and Cisco Software Application Support plus Upgrades (SASU) for network management, security, and other software applications.

Q. How do I buy Cisco Services for IPS?

A. You can purchase Cisco/Comms-care Co-brand (CBFB) Services for IPS from Cisco or its certified partners. Cisco service providers can also resell Cisco/Comms-care Co-brand (CBFB) Services for IPS. You can find a Cisco certified partner www.comms-care.com

Q. Do Cisco Services for IPS include remote or onsite software update installation services?

A. No. Cisco/Comms-care Co-brand (CBFB) Services for IPS do not include software installation. You are responsible for software installation, or you can purchase these services from a Cisco channel partner. However, the service does allow you to call the Cisco TAC for help during this process.

Q. Can I purchase Cisco Services for IPS for an IPS product that has not been covered previously by a Cisco service contract?

A. Yes, but you must have purchased a license for the current version of operating system software. If the software is one or more releases old, then you must purchase the current release before you can purchase Cisco/Comms-care Co-brand (CBFB) Services for IPS for each IPS product. Cisco inspects all hardware, components, and software to certify the product before approving coverage. For applicable certification fees, contact your Cisco sales team.

Q. Why is the price of Cisco Services for IPS generally higher than that for Cisco SMARTnet Service ?

A. Cisco/Comms-care Co-brand (CBFB) Services for IPS includes all of the deliverables of Comms-care Co-brand (CBFB) Service plus the additional value elements needed for essential coverage for IPS, including signature updates, global correlation and reputation updates, and IntelliShield Alert Manager Search Access. IPS Updates Q&A Version 1.2

Q. Is there a registration process to acquire a license for my IPS solution?

A. Cisco IPS appliances, ASA5500 IPS bundles, ASA IPS modules, IPS router modules, and Cisco Catalyst IPS service modules running IPS Version 5.0 or later software require registration and licensing. With IOS version 15.0(1)M or later, both the feature set license for the security images with IPS and the ability to get IPS on IOS signature file updates require registration. The feature set license for the security features including IPS is a one-time (perpetual) license.

Q. Why do I need to know about the registration process for IPS signatures?

A. Registration includes validation that the serial number for IPS exists in an eligible contract type between you and Cisco. If registration fails because a serial number is incorrect or the serial number is in an ineligible contract type, it might delay implementing IPS signature updates. To get a license key, contact your sales organization.

Q. Why is it important that the IPS product and serial numbers on each Cisco Services for IPS contract be accurate?

A. Cisco service entitlement is based on serial number validation. Customers using IPS appliances, IPS router modules, or Cisco Catalyst service modules running IPS version 5.0 or higher must complete online serial number registration in order for their IPS solution to process signature updates. Registration includes validation hat the serial number for IPS solution exists in an eligible contract type. If registration fails because a serial number is incorrect or that serial number is in an ineligible contract type, you should contact your Cisco sales team or your Cisco reseller for assistance in obtaining a license key

Go back to the Cisco Support Services main page.