Learn, Evaluate and Fix Security Vulnerabilities
in Your Network
The Security Update Service (SUS) is a security advisory and managed monitoring and detection service. We help you protect your applications, network and users against the latest network and application security threats by delivering immediate and ongoing signature updates for worms, Trojans, BOTs, malware and various application vulnerabilities.
SUS compliments your purchase of DefensePro and APSolute™ OS Intrusion Prevention and DoS protection modules as a critical element of protecting your network from unknown attacks. SUS is available as a 1-year or multiyear subscription.
|The SUS includes the following key service elements:
| Security Operations Center
24×7 continuous threat monitoring, detection, risk assessment and attack signature creation for threat mitigation
| Emergency Signatures
Rapid response releases of emergency attack signatures for high-impact security events
| Updates and Notifications
Weekly updates of new signature files are pushed to subscribers
| Custom Signatures
Tailored attack signatures for environment-specific threats and newly reported attacks sent to the SOC
Security Operations Center
The Security Operations Center (SOC) is an integral element of Radware's Security Update Service (SUS) offering. Security specialists monitor Internet activity 24×7 and provide the first line of defense. Membership to our SUS provides subscribers with continuous signature file updates with rapid response to high-impact security events and the development and distribution of custom attack signatures. The SOC provides the following critical functions.
Emerging Attacks Detection
The first step in mitigating a threat is to detect the attack. The SOC employs a variety of methods to monitor Internet activity and detect threats. These include
- Setting up network "honeypots" and probes
- Reporting new attacks to Radware's Security Forum and Security Hotline
- Tracking vendor-reported vulnerabilities
- Monitoring industry-resources such as security websites, mailing lists and news forums
Security Risk Assessment
When a new threat is detected, a thorough risk assessment is completed to evaluate the threat's impact and determine the appropriate threat mitigation strategy. All threats are rated (Low, Medium, High, Critical) in the following three areas:
- Threat Impact – The scope and importance of applications and services affected by the threat
- Threat Spread – The reach of an attack is determined by its propagation method and speed
- Threat Target – The network elements the threat is scheduled to affect
The factors are combined and used to calculate threat ranking and severity, determining the necessity and viability of developing a signature, along with its release timeframe.
If Radware's R&D team determines a new attack signature is required, a thorough analysis of the exploit code and traffic patterns is prepared. The team uses this data to develop the attack signature and then meticulously tests to eliminate false-positives and false-negatives, ensuring that the needed level of protection is provided. The threat and new attack signature are then documented and distributed to our customers.
In cases where an immediate response is deemed necessary, Radware will issue an emergency signature file update and make it available through our website for download. Registered customers will be notified via email when the emergency update is available. This may happen due to a new critical threat in the Internet that should be responded to immediately and cannot wait for the weekly scheduled signature file update.
Updates and Notifications
Weekly updates are available and provide status and downloads for new attack signatures, including those previously released as emergency attack signatures. Registered customers are notified of the new update signature file using the notification function within APSolute Vision/Insite; customers with a valid SUS agreement can download the signature file.
Customers not using APSolute Vision/Insite can access the Security Central to check for the availability of new signature files. Files can be loaded directly to Radware products through web-based management or the command line interface.
For customers interested in learning why signatures were developed and issued, Radware offers an additional email notification service to which you can subscribe. You must have a valid SUS membership to subscribe.
The SUS provides an area for customers to report environment-specific or newly discovered threats. It also enables them to request attack signatures to mitigate those threats. Threats will be assessed using the methodology previously described. For threats which require a signature, Radware will either issue an Emergency Update to all customers or provide a custom signature to the customer reporting the threat. Custom attack signatures will be analyzed and incorporated into the periodic updates as appropriate.