I wanted to know how often Cisco determines it should be releasing new updated IPS signatures to ensure customers are being adequately protected from the latest threats? That is for those of us who choose to use the feature.
As you can see in the last posting about this very issue, it took Cisco over 365 days to release one signle IPS file.
Is the IPS file comparable to a virus definition file? Or does the IPS file simply not require being updated by Cisco... for years at a time.
I'm finding that development on updated IPS files are being neglected by the Cisco development team.
It will soon be comming up to August 9, 2012. That will make the last published IPS update 365 days old.
Thanks for any insight you may provide.
Think you got it bad?! We pay to for IPS (we have an SA540) and we only get appx 3 - 4 signature updates a year!!!
Even the enterprise folks gripe about only getting weekly or so signature updates and they pay big $$$ for the feature set compared to us (and you for that matter)!
I wouldn't expect but a signature update for awhile. And once you get it, don't expect another one for another year or so.
Especially since you are paying for such a service.
3 - 4 IPS updates a year is better than what business users of the WRVS4400N are currently receiving... but not by much.
We should all get regular IPS updates, but I undersand some of the reasons why it could be tough to provide IPS signature updates for your device. Basically you have an IPS *on/off* switch. Therefore they have to be certain that ALL of the signatures aren't too sensitive. Otherwise you would be forced to turn the functionality 'off'.
The SA500 Series routers have a little more flexibility to configure IPS. IPS signatures can be turned on/off at the signature-level.
The enterprise-level IPS modules have 10 times the flexibility, are much more robust, and are highly configurable. Custom IPS signatures can even be created by the end user.
All in all, we are dealing with 3 different types of IPS signatures and IPS engine implementations. That said, your device really needs IPS signature updates at least 3 or 4 times a year to be effective. We used to have a WRVS4400N v2 so I understand where you're coming from.
Any information on when a new IPS update will be available?
This IPS update is rather imprtant to keep updated on this unit... along with other Cisco units. They share the same IPS.
Hi Chris, honestly I'm not sure many or any updates will come for the WRVS since it is eos/eol. The SA500 uses a bin file while the WRVS uses a kr file so they're not the same.
Please mark answered for helpful posts
Thank you for your answers.
I find that quite disappointing... considering how there were ZERO updates to the IPS going all the way back to 2011.
Unsatisfactory support Cisco.
Far more updates should have been provided to this unit before it entered EOS/EOL.
Now it will probably never happen, and now I think I'll take my business elsewhere.
Hi Chris, rather use pfSense + Snort on some embeded PC, ALIX shoud be enough up to 10 users. Do not expect any support from Cisco for mentioned EOL device. Avoid any new "Cisco" small business RV... router (Just check Release notes / Known Issues and this forum ...)!! I had to replace about dozen rv120w and rv220w for the last two years due to extremely poor firmware ...