FWG: Signature and block list data
Hi Firewalla,
Thanks for the interesting product. I am seriously considering buying the FWG+.
I see that some of the features are data-driven and, therefore, need to be constantly updated. Examples are signature-based IDS/IPS and the parental control block list. Additionally, data about malicious websites also need to be updated.
I am impressed that some posts showed signatures were quickly deployed when vulnerabilities were found.
But I want to ask about your operational policy of updating the signatures and block lists. Specifically:
- Do you have a standard operational procedure for updating the data?
- What data are being updated?
- How often do you update the data?
- How exhaustive are the updates? In other words, how do you know the update covers most new exploits?
- What is the source of the data? Do you mainly compile the data in-house? Or obtain from open-source? Or purchase them from vendors? if it is a mix of those, what would be the percentage of each?
I apologize in advance for so many questions. But, since an important part of the product is data driven, I would like to know how the data is being prepared.
Thank you.
-
Firewalla signature updates are driven by a very complex set of software ( we made ) that runs constantly to ensure the signatures are up to date. We purchase our intelligence; some are public, and some are also generated by us. (sorry, we do not disclose the percentage)
(edit) here is the reference article https://help.firewalla.com/hc/en-us/articles/360049856394-How-to-Secure-Your-Network-with-Firewalla-Part-3-Protect You can also learn a bit on the behavioral detections, which is also pretty cool
Please sign in to leave a comment.
Comments
2 comments