Intrusion prevention systems are an important part of protecting any organisation from constantly developing threats.

Similar documents
Security

Question No: 1 After running a packet analyzer on the network, a security analyst has noticed the following output:

DDoS Protector. Simon Yu Senior Security Consultant. Block Denial of Service attacks within seconds CISSP-ISSAP, MBCS, CEH

Corrigendum 3. Tender Number: 10/ dated

Snort: The World s Most Widely Deployed IPS Technology

RiskSense Attack Surface Validation for Web Applications

Ethical Hacking and Prevention

Cisco IOS Inline Intrusion Prevention System (IPS)

Click to edit Master title style. DIY vs. Managed SIEM

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

CIH

Different attack manifestations Network packets OS calls Audit records Application logs Different types of intrusion detection Host vs network IT

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

Security Annex for DDoS Additional Terms for DDoS Protection

Secure Managed Firewall

Security and Compliance Powered by the Cloud. Ben Friedman / Strategic Accounts Director /

CoreMax Consulting s Cyber Security Roadmap

Compare Security Analytics Solutions

TDC DoS Protection Service Description and Special Terms

Application Security. Rafal Chrusciel Senior Security Operations Analyst, F5 Networks

Basic Concepts in Intrusion Detection

White Paper April McAfee Protection-in-Depth. The Risk Management Lifecycle Protecting Critical Business Assets.

Securing Your Microsoft Azure Virtual Networks

Coordinated Threat Control

Network Security Platform Overview

Schedule document N4MDM. PUBLIC Node4 limited 31/11/2018. Node4 Limited Millennium Way Pride Park Derby DE24 8HZ

SCHEDULE DOCUMENT N4MDM PUBLIC NODE4 LIMITED 13/07/2017. Node4 Limited Millennium Way Pride Park Derby DE24 8HZ

Cisco Protects Data Center Assets with Network-Based Intrusion Prevention System

ORACLE MANAGED CLOUD SECURITY SERVICES - SERVICE DESCRIPTIONS. December 1, 2017

Stopping Advanced Persistent Threats In Cloud and DataCenters

Managed Security Services - Automated Analysis, Threat Analyst Monitoring and Notification

01/02/2014 SECURITY ASSESSMENT METHODOLOGIES SENSEPOST 2014 ALL RIGHTS RESERVED

Activating Intrusion Prevention Service

Security Monitoring Engineer / (NY or NC) Director, Information Security. New York, NY or Winston-Salem, NC. Location:

Cyber Security & Ethical Hacking Training. Introduction to Cyber Security Introduction to Cyber Security. Linux Operating System and Networking: LINUX

Certified Ethical Hacker (CEH)

Securing Your Amazon Web Services Virtual Networks

Unlocking the Power of the Cloud

CND Exam Blueprint v2.0

Cisco Firepower NGFW. Anticipate, block, and respond to threats

Firewalls, Tunnels, and Network Intrusion Detection

Imperva Incapsula Website Security

NOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect

Computer Forensics: Investigating Network Intrusions and Cyber Crime, 2nd Edition. Chapter 3 Investigating Web Attacks

PRACTICAL NETWORK DEFENSE VERSION 1

This shows a typical architecture that enterprises use to secure their networks: The network is divided into a number of segments Firewalls restrict

Security Solutions. Overview. Business Needs

PND at a glance: The World s Premier Online Practical Network Defense course. Self-paced, online, flexible access

EMERGING THREATS & STRATEGIES FOR DEFENSE. Paul Fletcher Cyber Security

CS 356 Operating System Security. Fall 2013

Agile Security Solutions

Ethical Hacking and Countermeasures: Web Applications, Second Edition. Chapter 3 Web Application Vulnerabilities

Juniper Vendor Security Requirements

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation

Gladiator Incident Alert

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker. Upcoming Dates. Course Description. Course Outline

How were the Credit Card Numbers Published on the Web? February 19, 2004

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

External Supplier Control Obligations. Cyber Security

Security Annex for Firewalls Additional Terms for Firewall Service

Cisco ASA 5500 Series IPS Solution

PT Unified Application Security Enforcement. ptsecurity.com

IBM Internet Security Systems Proventia Management SiteProtector

Agenda. Why we need a new approach to endpoint security. Introducing Sophos Intercept X. Demonstration / Feature Walk Through. Deployment Options

Chapter 5: Vulnerability Analysis

Behavior-Based IDS: StealthWatch Overview and Deployment Methodology

RiskSense Attack Surface Validation for IoT Systems

ForeScout CounterACT. Continuous Monitoring and Mitigation. Real-time Visibility. Network Access Control. Endpoint Compliance.

Securing Dynamic Data Centers. Muhammad Wajahat Rajab, Pre-Sales Consultant Trend Micro, Pakistan &

Exam : Title : Security Solutions for Systems Engineers. Version : Demo

Cyber Security Audit & Roadmap Business Process and

Cisco Intrusion Prevention Solutions

Kishin Fatnani. Founder & Director K-Secure. Workshop : Application Security: Latest Trends by Cert-In, 30 th Jan, 2009

Virtual Patching Solution: Increased Protection and Reduced Maintenance for Process Control Systems

Monitoring the Device

Pass4suresVCE. Pass4sures exam vce dumps for guaranteed success with high scores

Security by Default: Enabling Transformation Through Cyber Resilience

McAfee Virtual Network Security Platform

AURA ACADEMY Training With Expertised Faculty Call Us On For Free Demo

SIEMLESS THREAT MANAGEMENT

SYMANTEC ENTERPRISE SECURITY. Symantec Internet Security Threat Report September 2005 Power and Energy Industry Data Sheet

ECCouncil Exam v8 Certified Ethical Hacker v8 Exam Version: 7.0 [ Total Questions: 357 ]

Systrome Next Gen Firewalls

McAfee Network Security Platform

Symantec Network Security 7100 Series

Check Point DDoS Protector Introduction

ISO27001 Preparing your business with Snare

White Paper February McAfee Network Protection Solutions. Encrypted Threat Protection Network IPS for SSL Encrypted Traffic.

Integrigy Consulting Overview

CYBER RESILIENCE & INCIDENT RESPONSE

Chapter Three test. CompTIA Security+ SYO-401: Read each question carefully and select the best answer by circling it.

Ingram Micro Cyber Security Portfolio

IBM Security Network Protection Solutions

CSIRT in general CSIRT Service Categories Reactive Services Proactive services Security Quality Management Services CSIRT. Brmlab, hackerspace Prague

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft

n Learn about the Security+ exam n Learn basic terminology and the basic approaches n Implement security configuration parameters on network

Turn-key Vulnerability Management

2. INTRUDER DETECTION SYSTEMS

Transcription:

Network IPS Overview Intrusion prevention systems are an important part of protecting any organisation from constantly developing threats. By using protocol recognition, identification, and traffic analysis Intrusion Prevention Systems (IPS) detect, identify, alert and protect your organisation from threats such as: Worms Spyware Peer to peer (P2P) Denial of service (DoS) and distributed denial of service (DDoS) Botnets Targeted attacks against Web applications Proprietary or sensitive data leaving the network Cross-site scripting SQL injection Buffer overflow Web directory traversal Without IPS you may never know that you have been the victim of a malicious attack or be able to discover any information about its nature. Interoutes IPS introduces an additional layer of defence into the infrastructure that not only detects but can also automatically mitigate such attacks and activity. Interoute Communications Limited June/2011 Version: 1.0

Technical Service Details Interoutes intrusion prevention detects and blocks intrusion attempts, malicious code transmission and network based threats without impacting your networks performance. The service operates transparently to the user and therefore it does not require any reconfiguration of the existing network to which it connects. Deployment inline behind an Interoute managed firewall is the only supported, standard solution as it achieves the highest degree of protection and manageability. The IPS has the following attributes: Real time network analysis Discovers changes to the infrastructure dynamically Client side application protection Protects end users against attacks that target applications used everyday. Advanced network protection Advanced intrusion prevention including DNS protection. Data security Monitoring and identification of unencrypted data. Web application security Protection for Web apps, Web 2.0 and databases. Interoutes structured methodology for the implementation and operation of IPS services has been developed by our security professionals with extensive experience in intrusion analysis, attack and penetration techniques. The high-level methodology is as follows: IPS Setup Configure management, tuning, monitoring and alerting variables Install recommended ruleset Settling-in process Automatically tune the IPS to the customer environment Automatically refine the rules as a result of the learning process Post installation process Enable alerting and reporting Enable threat protection Our structured approach means that the IPS is introduced into your network in a controlled fashion, ensuring that it is tuned correctly and will not block your production traffic. 2

Customer Requirements Interoutes Network IPS comes out of the box with protection for; Worms Spyware Peer to peer (P2P) Denial of service (DoS) and distributed denial of service (DDoS) Botnets Targeted attacks against Web applications Proprietary or sensitive data leaving the network Cross-site scripting SQL injection Buffer overflow Web directory traversal Interoute will be responsible for all aspects of the IPS configuration management, including: Maintenance and modification of the IPS. Signature management and maintenance, with new IPS signatures scheduled for download on a daily basis from the vendor site to capture the latest threats as they are published. Platform updates, with patches and version upgrades applied on a monthly basis. The specific time of the update will be agreed with the customer. False positive reduction based on customer analysis and feedback from the monthly report with a 5 day service window to implement required changes. Note: SSL session traffic that terminates on a device behind the IPS sensor will not be scanned. The IPS sensor needs to be able to see the traffic unencrypted to be able to analyse. All SSL traffic that is encrypted will be passed by the IPS sensor without action. Supported Service Charges The Interoute Network IPS service is billed as a combination of Non-Recurring Charges (NRC), and Monthly Recurring Charges (MRC). The main element on which the charges are based is the number of devices that are required to be covered by the service. This impacts both the type of hardware required (impacting mainly the NRC) and the cost of software licenses and updates (impacting mainly the MRC). Reporting Interoute will provide you with a monthly IPS report that includes the following information relative to your specific managed IPS service: Top Events Top Targets Top Sources Event Activity Trend Security Information 3

Performance Statistics Interoute will monitor the IPS and in the event that the appliance does not responding to a poll, or in the event of an error condition being identified, will investigate and remediate to return the IPS to normal service. Interoute also captures health status generated by the installed IPS to a centralised management system that provides command, control and monitoring capabilities. When an alert is generated by the IPS it will be automatically assessed using industry standard classifications and assigned a priority level to determine whether the alert is low, medium or high along with likely impact based on what the IPS has learned of the customer network (Realtime Network Analysis). Traffic must match both priority and impact for further assessment as low/potentially vulnerable attacks most frequently contain false positives. This assessment will determine the action, the speed and method that the customer is informed. This scheme is described below: Priority Impact Event Description Action Taken Low Unknown No direct threat, but may contain information indicative of attempted intrusion activity Store for a period of time for forensic purposes, view available on customer portal. Medium Currently Not A malevolent packet (a deprecated attack or intrusive enumeration) sent to the target representing no direct threat to operation. A medium alert would not impact the operation or the logical access controls of a system. Automated event analysis. Trend analysis and correlation with other events available on customer portal. High Potentially Attack on the target, representing a real potential threat and having an impact on the availability or security of a systems and its data i.e. service interruption, data integrity loss or data exposure, injection of malicious code or software, etc. Significant evidence of ongoing actual system compromise. Multiple high events corroborated by supporting system evidence (i.e. defaced website, system unavailable or maxed bandwidth/cpu). Target must be analysed by customer to identify if it was compromised or a false positive. Escalation to the customer. 4

The Event to Alert time defines the maximum time between the moment the alarm is raised on the IPS platform, its analysis and information communicated to you the customer. These are shown in the table below: Threat Level Time Communication Media Alert to Response Email Alert 30 Minutes Potentially Daily Email Report N/A Not / Unknown Monthly Report N/A Supported Service Options CIR selectable from 100Mbps through to 1Gbps (up to 20Gbps available as a custom order) Virtual IPS appliances for those customers with VMware ESXi Virtual machines hosted within an Interoute data centre with up to 100Mbps CIR. Fully managed service with customer access to customer specific area of management platform Management of standard (vendor supplied) rules disabling rules to manage false positives or enabling rules Custom rules, alerting and reporting available as a professional services engagement DMZ inspection available provided hardware matches requirements to support the Interoute standard DMZ service (Medium and Large sized IPS only) Unsupported Service Options Features other than IPS and RNA Product Codes Interoutes intrusion prevention systems are selected by a specifying a committed information rate and required interface format these are referred to as a SVC-IPSI (IPS inspection points). Sizing Committed Information Rate Maximum supported Inspection points(svc-ipsi) Support DMZ service Product Code Small 100Mbps 1 No CON-SF3D7030 Medium 500Mbps 2 Yes CON-SF3D7120 Large 1Gbps 2 Yes CON-SF3D8120 How to order Order through an Interoute Account Manager. More information For product enquiries please consult the Security Services Product Manager. 5

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback