NGAV Local Update Server
For larger deployments, you can optionally install an NGAV Local Update server to deliver the Anti-Malware Signatures DB updates.
In this topic:
If your organization has a large number of endpoints, you can optionally choose to install an NGAV Local Update server (or servers) in your network to deliver Anti-Malware signature updates to endpoints more quickly. This option also helps to minimize potential traffic issues on the external network, and is especially useful during the initial installation of Anti-Malware on sensors due to the size of the full signature database (~1.2 GB) that requires deployment to each endpoint.
Sensors download their first-time signatures update and subsequent updates from the NGAV Local Update server. This conserves network usage for your organization by avoiding direct communication from your machines with an external server. You can also control how frequently the Local Update server receives signature updates from the Global update server. We recommend setting the update frequency to between a few hours to up to two days, for optimal security value. Ask Technical Support for assistance to configure this setting.
If the sensor cannot connect to the NGAV Local Update server, it connects to the NGAV Global Update server at https://cr-protect.cybereason.net/.
NGAV Local update server types
Server type |
Main capabilities |
Support |
Supported OS |
Recommendation |
How to configure |
---|---|---|---|---|---|
VM-based Local update server |
|
Cybereason fully maintains this server. |
Linux |
This is the recommended option. To get access to this server, contact Technical Support. |
|
Windows-based Local Update server |
Caches signature updates from the NGAV Global Update server. Does not support downstream proxy access to the Global Update server. |
Important: This server type is no longer supported. |
Windows |
We recommend that you use the more capable VM-based Local update server. |
How to Install and Configure the Local update server (Windows) |
Install the NGAV Local Update server
You install the NGAV Local Update server on premises.
Cybereason is responsible for providing the configuration of the NGAV Local Update server. You are responsible for installing, monitoring, and maintaining this server. Contact Technical Support for assistance with this server’s configuration.
For details on how to install a Local Update server, see:
Use multiple NGAV Local Update servers
You can install multiple NGAV Local Update servers if necessary (for example, one per geographical region). Cybereason recommends the following steps:
From the Cybereason UI System > Policies management screen, create or edit a policy and, in the Anti-Malware tab, set the Local Update server parameter of all sensors in your organization to the same domain (for example, localupdate.domain.com).
On your DNS server for each region, redirect the domain to the IP address of the Local Update server in that region (for example: localupdate.domain.com 14400 IN A 10.10.10.30).