IBM Proventia Network Anomaly Detection System

Similar documents
IBM Proventia Network Enterprise Scanner

IBM Proventia Management SiteProtector Sample Reports

IBM Proventia Network Multi-Function Security MX1004

IBM Internet Security Systems Proventia Management SiteProtector

Compare Security Analytics Solutions

Cisco IPS AIM and IPS NME for Cisco 1841 and Cisco 2800 and 3800 Series Integrated Services Routers

Internet Scanner 7.0 Service Pack 2 Frequently Asked Questions

Cisco Security Monitoring, Analysis and Response System 4.2

Analyzer Quick Start Guide

IBM Proventia Network Multi-Function Security MX0804 and MX1004

IBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats.

Cisco Stealthwatch Endpoint License

TALK. agalaxy FOR THUNDER TPS REAL-TIME GLOBAL DDOS DEFENSE MANAGEMENT WITH A10 DATA SHEET DDOS DEFENSE MONITORING AND MANAGEMENT

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

Cisco Cyber Threat Defense Solution 1.0

IBM Proventia Management SiteProtector. Scalability Guidelines Version 2.0, Service Pack 7.0

IPS-1 Robust and accurate intrusion prevention

Driving Network Visibility

IBM Europe, Middle East, and Africa Services Announcement ZS , dated October 6, 2009

IBM Proventia Network Multi-Function Security MX1004

McAfee Network Security Platform

Corrigendum 3. Tender Number: 10/ dated

McAfee Network Security Platform

Request for Proposal (RFP) for Supply and Implementation of Firewall for Internet Access (RFP Ref )

PASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year

Symantec Network Security 7100 Series

Network Security Platform Overview

ForeScout CounterACT. Configuration Guide. Version 1.2

EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led

Establish and Maintain Secure Cardholder Data with IBM Payment Card Industry Solutions

IBM Proventia Management SiteProtector Policies and Responses Configuration Guide

Collector Quick Start Guide

McAfee Network Security Platform

ASA/PIX Security Appliance

Security+ SY0-501 Study Guide Table of Contents

IBM Security QRadar Version Architecture and Deployment Guide IBM

Security, Internet Access, and Communication Ports

Security, Internet Access, and Communication Ports

Detecting Internal Malware Spread with the Cisco Cyber Threat Defense Solution 1.0

SmartWall Threat Defense System - NTD1100

IBM Proventia Network Multi-Function Security offers security protection at a low cost in a single device

Cisco Intrusion Prevention Solutions

Cisco Stealthwatch Improves Threat Defense with Network Visibility and Security Analytics

Seceon s Open Threat Management software

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

Agile Security Solutions

ForeScout Agentless Visibility and Control

TABLE OF CONTENTS. Section Description Page

Securing Your Microsoft Azure Virtual Networks

Cisco ASA 5500 Series IPS Solution

Security, Internet Access, and Communication Ports

IBM Proventia Network Multi-Function Security - MX0804 and MX1004

IBM Tivoli Directory Server

SteelGate Overview. Manage perimeter security and network traffic to ensure operational efficiency, and optimal Quality of Service (QoS)

EMERGING THREATS & STRATEGIES FOR DEFENSE. Paul Fletcher Cyber Security

McAfee Public Cloud Server Security Suite

NIP6000 Next-Generation Intrusion Prevention System

Introduction. Deployment Models. IBM Watson on the IBM Cloud Security Overview

Key Technologies for Security Operations. Copyright 2014 EMC Corporation. All rights reserved.

Future-ready security for small and mid-size enterprises

Design your network to aid forensics investigation

Delivers fast, accurate data about security threats:

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

IBM Security SiteProtector System Configuring Firewalls for SiteProtector Traffic

IBM Global Technology Services May IBM Internet Security Systems Proventia Management SiteProtector system version 2.0, SP 7.

Detecting Network Reconnaissance with the Cisco Cyber Threat Defense Solution 1.0

McAfee Network Security Platform 9.1

Unlocking the Power of the Cloud

Cisco Security Manager 4.1: Integrated Security Management for Cisco Firewalls, IPS, and VPN Solutions

Cisco 3300 Series Mobility Services Engine. Open, Appliance-Based Platform for Delivering Mobility Services

Enhanced Threat Detection, Investigation, and Response

Subscriber Data Correlation

Behavior-Based IDS: StealthWatch Overview and Deployment Methodology

Security, Internet Access, and Communication Ports

IBM Security Network Protection Solutions

Simplify Your Network Security with All-In-One Unified Threat Management

SIEM Solutions from McAfee

User Guide for Proventia Server IPS for Linux

FireSIGHT Virtual Installation Guide

NSG100 Nebula Cloud Managed Security Gateway

IndigoVision. Control Center. Security Hardening Guide

SONICWALL SECURITY HEALTH CHECK PSO 2017

Implementing Cisco Network Security (IINS) 3.0

A10 DDOS PROTECTION CLOUD

IronPort C100 for Small and Medium Businesses

SONICWALL SECURITY HEALTH CHECK SERVICE

Encrypted Traffic Analytics

Stealthwatch System Hardware Installation Guide. (for Stealthwatch System v6.9.1)

SONICWALL SECURITY HEALTH CHECK SERVICE

A Unified Threat Defense: The Need for Security Convergence

SecureVue. SecureVue

NSG50/100/200 Nebula Cloud Managed Security Gateway

McAfee Network Security Platform Administration Course

IBM Secure Proxy. Advanced edge security for your multienterprise. Secure your network at the edge. Highlights

The McGill University Health Centre (MUHC)

IBM PowerSC. Designed for Enterprise Security & Compliance in Cloud and Virtualised environments. Highlights

RSA INCIDENT RESPONSE SERVICES

RSA INCIDENT RESPONSE SERVICES

IBM SmartCloud Notes Security

G400/G2000 Appliance External Bypass Unit

Transcription:

Providing enterprise network visibility and internal network protection IBM Proventia Network Anomaly Detection System Enhanced network intelligence and security for enterprise networks IBM Proventia Network Anomaly Detection System (Proventia Network ADS) is a network behavior analysis system that enhances network intelligence and security by collecting and auditing network flow data from existing infrastructure devices. Proventia Network ADS complements and expands upon protection from your existing intrusion prevention system (IPS) to help gain security and compliance advantages, such as: Greater network visibility enhancing compliance and overall security posture using behavior analysis Multilayered protection available from IBM Internet Security Systems (ISS) Optimized intrusion prevention and the ability to help stop evolving and internal threats

Features and benefits Custom policies monitor and enforce network-usage policies for compliance, vulnerability management and abuse of network resources Router and interface visibility provides real-time and historic visibility into traffic that traverses routers and interfaces; allows for full visibility into the hosts, services and connections making up the majority of the traffic Risk index identifies hosts causing great risk on the network, and analyzes risk by individual users as well by Internet Protocol (IP) addresses Identity-tracking extensions view, search and export historical identity mappings to track a user s movement throughout the network Enhanced active threat feeds (ATF) keep ATF fingerprints up-to-date and attain new fingerprints without direct Internet connections Platform integration works within the IBM Proventia Protection Platform and integrates with IBM Proventia Management SiteProtector to complement intrusion prevention and vulnerability management. Threat detection Immediate Devices tracked Over 100,000 Groups supported Hundreds Network malware detection Management Use IBM Proventia Management software SiteProtector centralized management system 2.0, Service Pack 5 or higher Relational detection Statistical detection Scan detection Slow, fast, port, IP sweep, stealth Stepping-stone detection Distributed denialof-service (DDoS)/ Denial-of-service (DoS) detection Protocol blacklist Correlate alerts

Alert management Simple Network (custom management information base Management [MIB]) Protocol (SNMP) Extensible Markup Language (XML) Simple Mail Transfer Protocol (SMTP) Syslog Security Event Management (SEM) support Alert feedback Allow/deny/dismiss Alert forensics Searchable flow log Active threat feed Behavioral fingerprints Delivery RSS feed Automatic inclusion (configurable) Client required No Deployability Supports multiple flow types NetFlow v5 NetFlow v7 Optimized for Catalyst 6500 NetFlow v9 sflow v2 sflow v4 sflow v5 Gigabit packet capture Juniper cflowd Asymmetric routing De-duplicate flows Ephemeral ports Automatic discovery In-house applications Domain name system (DNS) support Deployability Supports multiple flow types

Centralized management via IBM Proventia Management SiteProtector system Event monitoring Device health monitoring Centralized updates Centralized reporting Network worm defense Postoutbreak On demand quarantine Preoutbreak On demand vaccination Preadvisory On demand hardening Malware defense Automated whitelist generation safeguard Zero-day worm detection Infected host discovery Interoperability Scrub instrusion detection system (IDS) alerts Tune IDS Suggest firewall rules Suggest switch access control lists (ACLs) Quarantine using firewall Scan for unused services SiteProtector Device management Multiple users Web user interface HTTPS Command line Secure Shell (SSH) v2, Serial interface (CLI) Communication Secure Sockets Layer (SSL) channels Operating system Hardened Linux (OS)

World-class support Technical support Hours available standard Hours available premium Number of support incidents Number of designated callers Additional designated callers Additional languages Customer portal Customer knowledgebase Warranty Advanced hardware replacement Correlate alerts 24x7x365 24x7x365 Unlimited From two to five Optional Optional One year + contract World-class support Ports Collector (AD3000, AD3007, AD3014, AD3020): Copper Gigabit Ethernet Fast Ethernet management port Serial console port Analyzer (AD5003): Copper Gigabit Ethernet Fast Ethernet management port Serial console port World-class support Device security Hardened OS and network stack, fully encrypted communications channels Built-in firewalling support, rejecting packets by default (transparent to pings and port scans)

System specifications Model AD5003 AD300 AD3007 AD3014 AD3020 Purpose Analyzer Packet collector Flow/packet collector Flow/packet collector Flow/packet collector Performance characteristics Flow sources 3/7* 0 7 14 20+ Maximum packet 200 Mbps 1,000 Mbps 1,000 Mbps 1,000 Mbps 1,000 Mbps capture throughput Packet capture 1 4 4 2** 4 interfaces Management/flow 1 2** 2** 2** interfaces Form factor 2-RU 1-RU 1-RU 1-RU 1-RU Dimensions Height (in/cm) 3.45/8.75 1.7/4.3 1.7/4.3 1.7/4.3 1.7/4.3 Width (in/cm) 16.93/43.0 16.93/43.0 16.93/43.0 16.93/43.0 16.93/43.0 Depth (in/cm) 26.46/67.2 26.46/67.2 26.46/67.2 26.46/67.2 26.46/67.2 Weight (lb/kg) 70/31.8 37/16.8 37/16.8 37/16.8 37/16.8 Lockable front bezel Redundant power No No No No supplies Redundant storage (onboard RAID) No No No No Power dissipation Units AC AC AC AC AC Amps 8.9/5.4 6.5/3.2 6.5/3.2 6.5/3.2 6.5/3.2 Hertz (H) 50/60 50/60 50/60 50/60 50/60 Input range (V) 100 127/200 240 100 127/200 240 100 127/200 240 100 127/200 240 100 127/200 240 Operating temperature +50 F +95 F +50 F +95 F +50 F +95 F +50 F +95 F +50 F +95 F Non-operating temperature (-40 C +70 C) (-40 C +70C ) (-40 C +70 C) (-40 C +70C ) (-40 C +70 C) Relative humidity (non-operating) Emissions FCC Class A FCC Class A FCC Class A FCC Class A FCC Class A * In a stand-alone deployment, the AD5003 accepts network flows from up to three flow sources and raw packet data. In a deployment that includes an analyzer and one or more collector appliances, the AD5003 accepts consolidated flow feeds from up to seven collector appliances. ** Supports an interface for flow collection separate from the management interface.

Proventia Network Anomaly Detection System model numbers Proventia AD5003 AD5003-1-P Proventia AD3000 AD3000-1-P Proventia AD3007 AD3007-1-P Proventia AD3014 AD3014-1-P Proventia AD3020 AD3020-1-P For more information Learn how the IBM Proventia Network Anomaly Detection System can protect your business ahead of the threat and help to simplify your security management. To evaluate the Proventia Network Anomaly Detection System today, call 1 800 776-2362, e-mail sales@iss.net, or visit: ibm.com/services/us/iss

Copyright IBM Corporation 2007 IBM Global Services Route 100 Somers, NY 10589 U.S.A. Produced in the United States of America 04-07 All Rights Reserved IBM and the IBM logo are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both. Proventia and SiteProtector are trademarks or registered trademarks of Internet Security Systems, Inc. in the United States, other countries, or both. Internet Security Systems, Inc. is a wholly-owned subsidiary of International Business Machines Corporation. Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both. Other company, product and service names may be trademarks or service marks of others. References in this publication to IBM products or services do not imply that IBM intends to make them available in all countries in which IBM operates. All performance data contained in this publication was obtained in the specific operating environment and under the conditions described above and is presented as an illustration. Performance obtained in other operating environments may vary and customers should conduct their own testing. * U.S. Patent No. 7,093,239 GTD01128-USEN-00

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback