IBM Next Generation Intrusion Prevention System

Similar documents
IBM Security Network Protection Solutions

Predators are lurking in the Dark Web - is your network vulnerable?

Fabrizio Patriarca. Come creare valore dalla GDPR

Innovate 2013 Automated Mobile Testing

20 years of Lotus Notes and a look into the next 20 years Lotusphere Comes To You

IBM Security. Endpoint Manager- BigFix. Daniel Joksch Security Sales IBM Corporation

IBM Security Network Protection Open Mic - Thursday, 31 March 2016

IBM Infrastructure Suite for z/vm and Linux: Introduction IBM Tivoli OMEGAMON XE on z/vm and Linux

May the (IBM) X-Force Be With You

NetDefend Firewall UTM Services

How to Secure Your Cloud with...a Cloud?

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

Lab DSE Designing User Experience Concepts in Multi-Stream Configuration Management

The McGill University Health Centre (MUHC)

Your Notes and Domino in the Cloud

SIEM: Five Requirements that Solve the Bigger Business Issues

IPS with isensor sees, identifies and blocks more malicious traffic than other IPS solutions

MSS VSOC Portal Single Sign-On Using IBM id IBM Corporation

Future-ready security for small and mid-size enterprises

What's New in IBM Notes 9.0 Social Edition IBM Corporation

IBM Security Network Protection Solutions

IBM Threat Protection System: XGS - QRadar Integration

IBM Security Strategy Intelligence, Integration and Expertise

Securing Your Microsoft Azure Virtual Networks

Radware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper

CloudSOC and Security.cloud for Microsoft Office 365

IBM Endpoint Manager. Francesco Censi WW ATG IEM consultant. Optimizing the World s Infrastructure Moscow, Oct 24 th, 2012

Security Gap Analysis: Aggregrated Results

WatchGuard Total Security Complete network protection in a single, easy-to-deploy solution.

Accelerating growth and digital adoption with seamless identity trust

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Securing Your Amazon Web Services Virtual Networks

SECURING THE NEXT GENERATION DATA CENTER. Leslie K. Lambert Juniper Networks VP & Chief Information Security Officer July 18, 2011

GDPR: Get Prepared! A Checklist for Implementing a Security and Event Management Tool. Contact. Ashley House, Ashley Road London N17 9LZ

Use Cases. E-Commerce. Enterprise

IBM Db2 Warehouse on Cloud

Cisco Firepower NGFW. Anticipate, block, and respond to threats

Effective PMR Submission Best Practice. IBM Learn Customer Support

Imperva Incapsula Website Security

AKAMAI CLOUD SECURITY SOLUTIONS

What's New in IBM Notes 9.0 Social Edition

Using Threat Analytics to Protect Privileged Access and Prevent Breaches

IT Security Mandatory Solutions. Andris Soroka 2nd of July, RIGA

ARC VIEW. Critical Industries Need Continuous ICS Security Monitoring. Keywords. Summary. By Sid Snitkin

How your network can take on the cloud and win. Think beyond traditional networking toward a secure digital perimeter

Le sfide di oggi, l evoluzione e le nuove opportunità: il punto di vista e la strategia IBM per la Sicurezza

EU GENERAL DATA PROTECTION: TIME TO ACT. Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux

XGS: Making use of Logs and Captures

The Future of Threat Prevention

REST APIs on z/os. How to use z/os Connect RESTful APIs with Modern Cloud Native Applications. Bill Keller

Ponemon Institute s 2018 Cost of a Data Breach Study

Cisco ASA 5500 Series IPS Solution

AIM Enterprise Platform Software IBM z/transaction Processing Facility Enterprise Edition 1.1.0

The New Era of Cognitive Security

that will impact New IoT Technology Trends Production Automation

Networking for a dynamic infrastructure: getting it right.

Advanced Threat Protection Buyer s Guide GUIDANCE TO ADVANCE YOUR ORGANIZATION S SECURITY POSTURE

APP-ID. A foundation for visibility and control in the Palo Alto Networks Security Platform

A Pragmatic Path to Compliance. Jaffa Law

Information Security Specialist. IPS effectiveness

Optimizing Data Transformation with Db2 for z/os and Db2 Analytics Accelerator

Lotus Technical Night School XPages and RDBMS

Be effective in protecting against the cybercrime

Protect vital DNS assets and identify malware

Threat Control and Containment in Intelligent Networks. Philippe Roggeband - Product Manager, Security, Emerging Markets

RSA Solution Brief. Managing Risk Within Advanced Security Operations. RSA Solution Brief

IBM Security Access Manager

TPF Users Group Code Coverage in TPF Toolkit

CYBER SECURITY EFFECTIVENESS FOR THE RESOURCE-CONSTRAINED ORGANIZATION

Cisco Firepower NGFW. Anticipate, block, and respond to threats

RSA INCIDENT RESPONSE SERVICES

Combatting advanced threats with endpoint security intelligence

The Top 6 WAF Essentials to Achieve Application Security Efficacy

App-ID. PALO ALTO NETWORKS: App-ID Technology Brief

IBM Secure Proxy. Advanced edge security for your multienterprise. Secure your network at the edge. Highlights

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

EBOOK. Stopping Fraud. How Proofpoint Helps Protect Your Organization from Impostors, Phishers and Other Non-Malware Threats.

Analytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS

BUILDING A NEXT-GENERATION FIREWALL

Networking for a smarter data center: Getting it right

Brochure. Security. Fortify on Demand Dynamic Application Security Testing

CA Host-Based Intrusion Prevention System r8

Case Study. Encode helps University of Aberdeen strengthen security and reduce false positives with advanced security intelligence platform

Let s Talk About Threat Intelligence

Perimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN

Cisco s Appliance-based Content Security: IronPort and Web Security

PrecisionAccess Trusted Access Control

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

CISCO NETWORKS BORDERLESS Cisco Systems, Inc. All rights reserved. 1

A Unified Threat Defense: The Need for Security Convergence

What s New in the IBM Lotus Notes Client. Kevin O Connell, Consulting Manager, IBM Asia Pacific

Office 365 Buyers Guide: Best Practices for Securing Office 365

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

10 ways to securely optimize your network. Integrate WAN acceleration with next-gen firewalls to enhance performance, security and control

SentryWire Next generation packet capture and network security.

SentryWire Next generation packet capture and network security.

IBM Lotus Sametime and Unified Communications and Collaboration. Strategy and Technical Roadmap

IBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats.

IBM Compliance Offerings For Verse and S1 Cloud. 01 June 2017 Presented by: Chuck Stauber

Transcription:

IBM Next Generation Intrusion Prevention System Fadly Yahaya SWAT Optimizing the World s Infrastructure Oct 2012 Moscow 2012 IBM Corporation

Please note: IBM s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM s sole discretion. Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision. The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code or functionality. Information about potential future products may not be incorporated into any contract. The development, release, and timing of any future features or functionality described for our products remains at our sole discretion. Performance is based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput or performance that any user will experience will vary depending upon many factors, including considerations such as the amount of multiprogramming in the user's job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve results similar to those stated here. 1

The challenging state of network security Stealth Bots Targeted Attacks Worms Trojans Designer Malware SOPHISTICATED ATTACKS Increasingly sophisticated attacks are using multiple attack vectors and increasing risk exposure STREAMING MEDIA Streaming media sites are consuming large amounts of bandwidth SOCIAL NETWORKING Social media sites present productivity, privacy and security risks including new threat vectors URL Filtering IDS / IPS IM / P2P Web App Protection Vulnerability Management POINT SOLUTIONS Point solutions are siloed with minimal integration or data sharing 2

Network Defense: Traditional solutions not up to today s challenges Current Limitations Threats continue to evolve and standard methods of detection are not enough Streaming media sites and Web applications introduce new security challenges Basic Block Only mode limits innovative use of streaming and new Web apps Poorly integrated solutions create security sprawl, lower overall levels of security, and raise cost and complexity Internet Stealth Bots Worms, Trojans Targeted Attacks Designer Malware Firewall/VPN port and protocol filtering Requirement: Multi-faceted Protection 0-day threat protection tightly integrated with other technologies i.e. network anomaly detection Ability to reduce costs associated with nonbusiness use of applications Controls to restrict access to social media sites by a user s role and business need Augment point solutions to reduce overall cost and complexity Email Gateway message and attachment security only Everything Else Web Gateway securing web traffic only, port 80 / 443 Multi-faceted Network Protection security for all traffic, applications and users 3

The Need to Understand the Who, What, and When Web Category Protection Allow marketing and sales teams to access social networking sites Server Network Geography Web Applications Non-web Applications Access Control Protocol Aware Intrusion Protection Client-Side Protection Block attachments on all outgoing emails and chats A more strict security policy is applied to traffic from countries where I do not do business Reputation Botnet Protection Advanced inspection of web application traffic destined to my web servers User or Group Network Awareness Web Protection Block known botnet servers and phishing sites Reputation Allow, but don t inspect, traffic to financial and medial sites Who What Controls Security 172.29.230.15, 192.168.0.0 /16 80, 443,25, 21, 2048-65535? 4 July

The Advanced Threat Protection Platform Security Intelligence Platform Log Manager SIEM Network Activity Monitor Risk Manager Threat Intelligence and Research Vulnerability Data Malicious Websites Malware Information IP Reputation Advanced Threat Protection Platform Intrusion Prevention Content and Data Security Web Application Protection Network Anomaly Detection Application Control IBM Network Security Advanced Threat Protection Platform Ability to prevent sophisticated threats and detect abnormal network behavior by leveraging an extensible set of network security capabilities - in conjunction with real-time threat information and Security Intelligence Expanded X-Force Threat Intelligence Increased coverage of world-wide threat intelligence harvested by X-Force and the consumption of this data to make smarter and more accurate security decisions across the IBM portfolio Security Intelligence Integration Tight integration between the Advanced Threat Protection Platform and QRadar Security Intelligence platform to provide unique and meaningful ways to detect, investigate and remediate threats 5

Introducing IBM Security Network Protection XGS 5000 NEW WITH XGS NEW WITH XGS PROVEN SECURITY ULTIMATE VISIBILITY COMPLETE CONTROL Extensible, 0-Day protection powered by X-Force Understand the Who, What and When for all network activity Ensure appropriate application and network use IBM Security Network Protection XGS 5000 builds on the proven security of IBM intrusion prevention solutions by delivering the addition of next generation visibility and control to help balance security and business requirements 6

Proven Security: Extensible, 0-Day Protection Powered by X-Force Next Generation IPS powered by X-Force Research protects weeks or even months ahead of the threat Full protocol, content and application aware protection goes beyond signatures Expandable protection modules defend against emerging threats such as malicious file attachments and Web application attacks When we see these attacks coming in, it will shut them down automatically. Melbourne IT [The IBM Threat Protection Engine] defended an attack against a critical government network another protocol aware IPS missed Government Agency IBM Security Network Protection XGS 5000 IBM Security Threat Protection Vulnerability Modeling & Algorithms Stateful Packet Inspection Port Variability Port Assignment Port Following Protocol Tunneling Application Layer Preprocessing Shellcode Heuristics Context Field Analysis RFC Compliance Statistical Analysis TCP Reassembly & Flow Reassembly Host Response Analysis IPv6 Tunnel Analysis SIT Tunnel Analysis Port Probe Detection Pattern Matching Custom Signatures Injection Logic Engine Backed by X-Force 15 years+ of vulnerability research and development Trusted by the world s largest enterprises and government agencies True protocol-aware intrusion prevention, not reliant on signatures Specialized engines Exploit Payload Detection Web Application Protection Content and File Inspection Ability to protect against the threats of today and tomorrow 7

InformationWeek IT Pro Ranking: IPS and IDS IBM Ranked #1 in 11 out of 12 Feature Evaluations: 1 Gbps or higher throughput Ability to block real-time attacks Centralized management DDoS detection/protection Flexibility of signature and policy tuning Full packet capture Log export to SIEM Low false positives/false negatives Provides sufficient analysis without dropping packets Robustness of community for rules and signatures Speed of signature updates Ranked #2 in Pre-built compliance settings 8 Published August 2012

Ultimate Visibility: Understanding Who, What and When Immediately discover which applications and web sites are being accessed Quickly Identify misuse by application, website, user, and group Understand who and what are consuming bandwidth on the network Network Traffic and Flows Employee B Employee A Employee C Good Application Good Application Bad Application Superior detection of advanced threats through integration with QRadar for network anomaly and event details We were able to detect the Trojan Poison Ivy within the first three hours of deploying IBM Security Network Protection Australian Hospital Network Flow Data provides real time awareness of anomalous activities and QRadar integration facilitates enhanced analysis and correlation Complete Identity Awareness associates valuable users and groups with their network activity, application usage and application actions Application Awareness fully classifies network traffic, regardless of address, port, protocol, application, application action or security event Increase Security Reduce Costs Enable Innovation 9

QRadar Network Anomaly Detection QRadar Network Anomaly Detection is a purpose built version of QRadar for IBM s intrusion prevention portfolio The addition of QRadar s behavioral analytics and real-time correlation helps better detect and prioritize stealthy attacks Supplements visibility provided by IBM Security Network Protection s Local Management (LMI) Integration with IBM Security Network Protection including the ability to send network flow data from XGS to QRadar 10

IBM X-Force Threat Information Center Real-time Security Overview w/ IP Reputation Correlation Identity and User Context Real-time Network Visualization and Application Statistics Inbound Security Events 11

Complete Control: Overcoming a Simple Block-Only Approach Network Control by users, groups, systems, protocols, applications & application actions Block evolving, high-risk sites such as Phishing and Malware with constantly updated categories Comprehensive up-to-date web site coverage with industry-leading 15 Billion+ URLs (50-100x the coverage comparatively) Rich application support with 1000+ applications and individual actions We had a case in Europe where workers went on strike for 3 days after Facebook was completely blocked so granularity is key. IBM Business Partner Limit the use of social networking, file sharing, and web mail for common users Allow full access to social networking sites for marketing and HR teams Flexible network access policies controls access to systems and applicable security policy Stop broad misuse of the corporate network by blocking sites that introduce undue risk and cost 12

No Download No Sharing 13

No Youtube and Facebook during office hours 14

The XGS 5000: The Best Solution for Threat Prevention Better Network Control Internet Natural complement to current Firewall and VPN Not rip-and-replace works with your existing network and security infrastructure More flexibility and depth in security and control over users, groups, networks and applications Stealth Bots Worms, Trojans Targeted Attacks Designer Malware Firewall/VPN port and protocol filtering Better Threat Protection True Protocol aware Network IPS Higher level of overall security and protection More effective against 0-day attacks Best of both worlds true protocol and heuristicbased protection with customized signature support Email Gateway message and attachment security only Everything Else Web Gateway securing web traffic only, port 80 / 443 IBM Security Network Protection XGS 5000 Proven Security Ultimate Visibility Complete Control 15

Part of IBM s vision for Advanced Threat Protection Security Intelligence Platform Log Manager SIEM Network Activity Monitor Risk Manager Threat Intelligence and Research Vulnerability Data Malicious Websites Malware Information IP Reputation Advanced Threat Protection Platform Intrusion Prevention Content and Data Security Web Application Protection Network Anomaly Detection Application Control IBM Network Security Advanced Threat Protection Platform Ability to prevent sophisticated threats and detect abnormal network behavior by leveraging an extensible set of network security capabilities - in conjunction with real-time threat information and Security Intelligence Expanded X-Force Threat Intelligence Increased coverage of world-wide threat intelligence harvested by X-Force and the consumption of this data to make smarter and more accurate security decisions across the IBM portfolio Security Intelligence Integration Tight integration between the Advanced Threat Protection Platform and QRadar Security Intelligence platform to provide unique and meaningful ways to detect, investigate and remediate threats 16

Acknowledgements, disclaimers and trademarks Copyright IBM Corporation 2012. All rights reserved. The information contained in this publication is provided for informational purposes only. While efforts were made to verify the completeness and accuracy of the information contained in this publication, it is provided AS IS without warranty of any kind, express or implied. In addition, this information is based on IBM s current product plans and strategy, which are subject to change by IBM without notice. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, this publication or any other materials. Nothing contained in this publication is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in this publication to IBM products, programs or services do not imply that they will be made available in all countries in which IBM operates. Product release dates and/or capabilities referenced in this presentation may change at any time at IBM s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. Nothing contained in these materials is intended to, nor shall have the effect of, stating or implying that any activities undertaken by you will result in any specific sales, revenue growth, savings or other results. All statements regarding IBM future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only. Information concerning non-ibm products and services was obtained from a supplier of those products and services. IBM has not tested these products or services and cannot confirm the accuracy of performance, compatibility, or any other claims related to non-ibm products and services. Questions on the capabilities of non-ibm products and services should be addressed to the supplier of those products and services. All customer examples cited or described are presented as illustrations of the manner in which some customers have used IBM products and the results they may have achieved. Actual environmental costs and performance characteristics may vary by customer and will vary depending on individual customer configurations and conditions. Nothing contained in these materials is intended to, nor shall have the effect of, stating or implying that any activities undertaken by you will result in any specific sales, revenue growth or other results. Prices are suggested U.S. list prices and are subject to change without notice. Starting price may not include a hard drive, operating system or other features. Contact your IBM representative or Business Partner for the most current pricing in your geography. IBM, the IBM logo, ibm.com, Tivoli, the Tivoli logo, Tivoli Enterprise Console, Tivoli Storage Manager FastBack, and other IBM products and services are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both. If these and other IBM trademarked terms are marked on their first occurrence in this information with a trademark symbol ( or ), these symbols indicate U.S. registered or common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at ibm.com/legal/copytrade.shtml 17

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback