Systems IBM Security IBM Security Network Protection Solutions Pre-emptive protection to keep you Ahead of the Threat Tanmay Shah Product Lead Network Protection Appliances IBM Security Systems 1 IBM Security Systems
Increasing attack surface and threat sophistication Increasing Number of Vulnerabilities Growth in Vulnerabilities 1996-2013 Zero-day Attacks and Constantly Mutating Threats Designer Malware Spear Phishing Multi-faceted Threats and APTs Persistence Backdoors Vulnerabilities increasing Overall attack surface is growing Patches cannot be instantly implemented or do not exist Attacks constantly mutating to evade signatures Increasing number of zero-day exploits Well coordinated attacks by well coordinated teams Attackers exploiting users to gain access Traditional security tools unable to detect or assess the extent of the breach Average consolidated total cost of a data breach is $3.8 million a 23 percent increase since 2013 2 Source: 2015 Cost of Data Breach Study: Global Analysis, Ponemon Institute
Today s point product solutions defend against yesterday s attacks Broad Attacks Indiscriminate malware, spam and DoS activity Tactical Approach Compliance-driven, Reactionary Rely on pattern matching to find specific instances of attacks Rely on other add-on products like proxies and application firewalls Targets only certain types of broad attacks Solution provider obtains their research from third parties Piece-part solution Multi-faceted Targeted Attacks Advanced, persistent, organized, and politically or financially motivated Strategic Approach Intelligence-driven, Continuous Block entire classes of attacks, including mutations Protect against user-focused and application-level attacks Protect against advanced malware and persistent threats Offer industry-leading security research and development Seamlessly integrate with an entire portfolio of industry-leading security solutions 3
The history of IBM Security Network Protection Evolving beyond intrusion prevention to provide greater value Evolution based on client needs Intrusion Prevention Intrusion Detection Protects against attacks on vulnerabilities, not exploits Behavioral Defense Protects against attacks based on behavior, not specific vulnerabilities Web App Protection Heuristically protects against common app-based attacks URL/App Control Protects users from visiting risky sites on the web Threat Management.NEXT New protection and integration capabilities to stay ahead of the threat Advanced Malware Defense SSL/TLS Inspection Protects against attacks hidden inside encrypted traffic Blocks malware infections on the network 1997+ 2002+ 2005+ 2008+ 2012+ 2013+ 2014+ Future 4
IBM Intelligent Threat Protection IBM Security Network Protection solutions and integrations Smarter Prevention Trusteer Apex Endpoint Malware Protection Prevent malware installation and disrupt malware communications IBM Security Network Protection (XGS) Prevent remote network exploits and limit the use of risky web applications IBM Guardium Data Activity Monitoring Prevent unauthorized data access or leaks to help ensure data integrity Open Integrations Security Intelligence IBM Security QRadar Security Intelligence Discover and prioritize vulnerabilities Correlate enterprise-wide threats and detect suspicious behavior IBM Emergency Response Services Continuous Response IBM Security QRadar Incident Forensics Retrace full attack activity. Search for breach indicators and guide defense hardening IBM BigFix Automate and manage continuous security configuration policy compliance Assess impact, plan strategically and leverage experts to analyze data and contain threats Global Threat Intelligence Ready for IBM Security Intelligence Ecosystem Share security context across multiple products 100+ vendors, 400+ products IBM X-Force Threat Intelligence Leverage threat intelligence from multiple expert sources 5
Systems Infrastructure - Network Portfolio Overview Guard against attacks using an Advanced Threat Protection Platform with insight into users, content and applications IBM Security Network Protection (XGS) Next-generation network protection to safeguard both computing infrastructure and users from today s most serious threats IBM Security Intrusion Protection (GX) Industry-leading intrusion protection focused on protecting computing infrastructure IBM Security SiteProtector Central management of security devices to control policies, events, analysis and reporting for your business 6 IBM Security Systems
IBM Security Network Protection Pre-emptive protection to keep you Ahead of the Threat BROAD COVERAGE Protects against a full spectrum of attack techniques IBM Security Network Protection? ZERO-DAY PROTECTION Protects against known and unknown attacks ADVANCED INTELLIGENCE Powered by XForce global threat research 7
Broad coverage Protects against a full spectrum of attack techniques THREATS Traffic-based Protocol Anomalies Protocol Anomalies Protocol Tunneling RFC Non- Compliance Obfuscation Techniques System and Service Web App Unpatched / Unpatchable Vulnerabilities Cross-site Scripting Code Injection SQL Injection Buffer Overflows DoS / DDoS Cross-site Request Forgery Information Leakage Cross-path Injection IBM Security Network Protection User Spear Phishing Drive-by Downloads Malicious Attachments Malware Links Risky Applications Social Media File Sharing Remote Access Audio / Video Transmission 8
Broad coverage Comprehensive protection, visibility, and control over network traffic Deep Packet Inspection Fully classifies network traffic, regardless of address, port, or protocol SSL Visibility Identifies inbound and outbound traffic threats, without needing a separate appliance Identity and Application Awareness Associates users and groups with their network activity, application usage and actions Application A Attack Traffic Network Traffic and Flows Inbound Traffic Outbound Traffic Application B Employee A Employee B Employee C Clean Traffic Good Application Prohibited Application Botnet Traffic 400+ Protocols and file formats analyzed 25+ Billion URLs classified in 70 categories 2,000+ Applications and actions identified 9
The IBM fundamental approach to threat protection VULNERABILITY vs. EXPLOIT A weakness in a system Can be used to do something unintended Can be exploited in multiple ways A method used to gain system entry Many different exploits can target a single vulnerability Not all exploits are publicly available, and mutation is common IBM PROTECTION IBM protects the vulnerability vs. OTHER PRODUCTS Other products only block the exploits Stays ahead of the threat with pre-emptive protection that stops things from breaking the window??? Looks for methods that can break the window Keeping up can be challenging 10
IBM goes beyond pattern matching with a broad spectrum of vulnerability and exploit coverage Exploit Signatures Attack-specific pattern matching Vulnerability Decodes Focused algorithms for mutating threats Application Layer Heuristics Proprietary algorithms to block malicious use Other IPS solutions stop at pattern matching Web Injection Logic Patented protection against web attacks, e.g., SQL injection and cross-site scripting Shellcode Heuristics Behavioral protection to block exploit payloads Content Analysis File and document inspection and anomaly detection Protocol Anomaly Detection Protection against misuse, unknown vulnerabilities, and tunneling across 230+ protocols 11
Behavioral-based detection blocks attacks that have never been seen before IBM Protection Disclosed 2006 2014 Shellshock CVE 2014-6271 June 2007 Shell_Command_Injection 7.3 years ahead 10 vulnerabilities covered Sept 2014 MS IE Remote Exploit CVE-2012-4781 April 2006 JavaScript_NOOP_Sled 6.8 years ahead 94 vulnerabilities covered December 2012 Java JRE Code Execution CVE-2013-2465 October 2012 Java_Malicious_Applet 5 months ahead March 2013 8 vulnerabilities covered Cisco ASA Cross-Site Scripting CVE-2014-2120 November 2008 Cross_Site_Scripting 5.5 years ahead 8,500+ vulnerabilities covered March 2014 Symantec Live Update SQL Injection CVE-2014-1645 June 2007 SQL_Injection 6.9 years ahead 9,000+ vulnerabilities covered March 2014 12
IBM X-Force Research and Development Expert analysis and data sharing on the global threat landscape Zero-day Research IP Reputation URL / Web Filtering Malware Analysis Web Application Control Vulnerability Protection Anti-Spam The IBM X-Force Mission Monitor and evaluate the rapidly changing threat landscape Research new attack techniques and develop protection for tomorrow s security challenges Educate our customers and the general public Integrate and distribute Threat Protection and Intelligence to make IBM solutions smarter 13
XGS = X-Force in a box Coverage 20,000+ devices under contract 15B+ events managed per day 133 monitored countries (MSS) 3,000+ security related patents 270M+ endpoints reporting malware Depth 25B+ analyzed web pages & images 12M+ spam & phishing attacks daily 89K+ documented vulnerabilities 860K+ malicious IP addresses Millions of unique malware samples 14
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY. www.ibm.com/security 15 Copyright IBM Corporation 2015. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.