Scribd Logo
Upload

Welcome to Scribd!

  • IBM X-Force Results

    Uploaded by

    risspa
    72 views30 pages

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    72 views30 pages

    IBM X-Force Results

    Uploaded by

    risspa

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 30

    IBM Internet Security Systems (IBM ISS)

    X-Force 1- 2009

    IBM ISS
    issru@ru.ibm.com

    © 2009 IBM Corporation


    IBM Internet Security Systems (IBM ISS)

    X-Force R&D –

    X-Force
    9 web-
    IBM Internet Security Systems™ 150
    X-Force® R&D:
    40 -
    43

    !
    "
    #
    # /
    web-
    $
    %

    2 : | X-Force © 2009 IBM Corporation


    IBM Internet Security Systems (IBM ISS)

    & X-Force –
    IBM
    #

    X-Force
    " ' ( )(

    '
    !
    " X-Force XPU’s

    ! ' Security Content


    $ Update
    * Security
    Content Update

    X-Force

    " + X-Force
    X-Force –

    The X-Force team delivers reduced operational complexity –


    helping to build integrated technologies that feature “baked-in” simplification

    3 : | X-Force © 2009 IBM Corporation


    IBM Internet Security Systems (IBM ISS)

    – (

    McAfee Core
    Bindview
    (FoundStone, SDI
    2.2%
    IntruVert) 3.6%
    51.1% 5.1%

    7
    Symantec

    ISS
    (@Stake)
    IBM ISS X-Force 6.6%

    iDefense

    , 6
    8.0%
    X-Force
    IBM ISS X-Force NGS
    10.9% 51.1%
    , eEye
    12.4%

    IBM ISS X-Force –


    MAPP (Microsoft Active Protection Partner)

    4 : | X-Force © 2009 IBM Corporation


    IBM Internet Security Systems (IBM ISS)

    + X-Force

    – + 40 000
    – # 1990-
    *

    $ )
    ...
    – 8 000
    – 17 000
    – 43 000

    5 : | X-Force © 2009 IBM Corporation


    IBM Internet Security Systems (IBM ISS)

    , (

    - (
    !!

    6 : | X-Force © 2009 IBM Corporation


    IBM Internet Security Systems (IBM ISS)

    $ =!

    7 : | X-Force © 2009 IBM Corporation


    IBM Internet Security Systems (IBM ISS)

    ' ) : )

    3,240 2009 ,
    8% , 2008 , 0 SQL ActiveX
    50.4% – Web-
    “ ”–

    # 2009 Portable Document Format


    (PDF), 2008
    $. / ) 1 web-

    «1 » ) 55%
    ) « », )( )
    2 web- 508% )
    2008 .

    URL- ( URL),
    ,
    $ (blogspot, doubleclick, google)
    66% ) , 31% - online-

    8 : | X-Force © 2009 IBM Corporation


    IBM Internet Security Systems (IBM ISS)

    # :
    ,
    2
    2
    , 0 SQL
    ActiveX

    •#

    6%
    •$

    8%

    9 : | X-Force © 2009 IBM Corporation


    IBM Internet Security Systems (IBM ISS)

    # :
    ,
    $ (
    ActiveX

    1
    ActiveX
    PDF-% "
    %

    Most Popular Exploits


    Rank 2008 H2 2009 H1

    1. Microsoft MDAC RDS Dataspace ActiveX Microsoft MDAC RDS Dataspace ActiveX
    (CVE-2006-0003) (CVE-2006-0003)

    2. Microsoft WebViewFolderIcon ActiveX Microsoft Snapshot Viewer ActiveX


    (CVE-2006-3730) (CVE-2008-2463)

    3. Internet Explorer "createControlRange" Adobe Acrobat and Reader


    DHTML Collab.CollectEmailInfo
    (CVE-2005-0055) (CVE-2007-5659)

    4. RealPlayer IERPCtl ActiveX Microsoft IE7 DHTML Object Reuse


    (CVE-2007-5601) (CVE-2009-0075)

    5. Apple QuickTime RSTP URL RealPlayer IERPCtl ActiveX


    (CVE-2007-0015) (CVE-2007-5601)

    10 : | X-Force © 2009 IBM Corporation


    IBM Internet Security Systems (IBM ISS)

    Apple, Sun Microsoft – « »

    24%
    ) (19% 2008 )
    Microsoft
    3
    )
    2005
    Apple 1
    )

    11 : | X-Force © 2009 IBM Corporation


    IBM Internet Security Systems (IBM ISS)

    3 -

    (49%)
    , 1-
    2009 , )

    * , 20
    **IBM 82 , 3 - 3.7%

    Percentage of Percentage of All


    Ope rating S ys te m Critical and High OS Vulnerabilities

    89% *$ Microsoft 39% 14%

    93% Apple 18% 24%

    Sun Solaris 14% 26%


    10 Linux 14% 20%
    ( IBM AIX 7% 3%

    BSD 2% 4%

    Others 7% 11%

    12 : | X-Force © 2009 IBM Corporation


    IBM Internet Security Systems (IBM ISS)

    " Web- - )

    50.4%
    web-
    0 SQL
    (Cross-Site Scripting)
    « )»

    13 : | X-Force © 2009 IBM Corporation


    IBM Internet Security Systems (IBM ISS)

    " Web- - )

    &

    “ web-
    $400 to
    $4,000.” -Darkreading.com

    14 : | X-Force © 2009 IBM Corporation


    IBM Internet Security Systems (IBM ISS)

    )( 2009 –

    “ ”

    50% ,
    2006-2007
    “ ”
    , -
    , 2006-2007
    “* ”

    15 : | X-Force © 2009 IBM Corporation


    IBM Internet Security Systems (IBM ISS)

    0 SQL -
    )
    ' 0 SQL:
    50% Q1 2009 vs. Q4 2008 and nearly
    doubling in Q2 vs. Q1
    /

    0 SQL )

    16 : | X-Force © 2009 IBM Corporation


    IBM Internet Security Systems (IBM ISS)

    /
    0 SQL

    * « »

    *
    0
    **
    * . .

    17 : | X-Force © 2009 IBM Corporation


    IBM Internet Security Systems (IBM ISS)

    " – Firefox « »
    Internet Explorer
    + -

    Mozilla Firefox « » Microsoft Internet Explorer

    18 : | X-Force © 2009 IBM Corporation


    IBM Internet Security Systems (IBM ISS)

    ( (Browser Exploitation
    Prevention – BEP)

    n - –
    '
    • 4 ),
    ROI

    n BEP

    "

    • 20 ( ( )

    • Protects against both shellcode and


    obfuscation based exploits
    • + IPS )

    19 : | X-Force © 2009 IBM Corporation


    IBM Internet Security Systems (IBM ISS)

    " Acrobat Reader

    # 1- 2009
    Portable Document Format (PDF), 2008
    PDF « » 1 Office

    * :
    • ) .PDF
    , .EXE
    • PDF-

    20

    : | X-Force © 2009 IBM Corporation


    IBM Internet Security Systems (IBM ISS)

    2 web-

    – "
    ,
    Web
    PDF- ,

    – 3

    – "
    2-
    ) 1-

    21 : | X-Force © 2009 IBM Corporation


    IBM Internet Security Systems (IBM ISS)

    2 web- 508%!
    $. / 2 ) «
    » web-
    • 5 – 8%
    # ) )
    • 2
    80%
    ) 2008

    22 : | X-Force © 2009 IBM Corporation


    IBM Internet Security Systems (IBM ISS)

    «4 » web- « »

    )
    , (

    $ , ( 10
    , ) 28%,
    online- 14%

    23 : | X-Force © 2009 IBM Corporation


    IBM Internet Security Systems (IBM ISS)

    # 2009 40% Most Common Domains in URL Spam, 2009 H1

    60% – URL-

    $ « »

    30% $. /, 2

    $ , ,

    24 : | X-Force © 2009 IBM Corporation


    IBM Internet Security Systems (IBM ISS)

    2
    6 ) 0.1%

    2 ,
    online- ,
    24%

    Top subject lines

    • 3 10
    38%

    • # 2008 6.23%
    Subject Line %

    25 : | X-Force © 2009 IBM Corporation


    IBM Internet Security Systems (IBM ISS)

    # ) « »

    % « » 9%

    +
    (

    "
    2009 –

    • 1 ,
    ,
    , ),
    )
    ,
    (

    26 : | X-Force © 2009 IBM Corporation


    IBM Internet Security Systems (IBM ISS)

    % IBM X-Force

    X-Force Trends Report


    * IBM X-Force )
    ) .7
    http://www-935.ibm.com/services/us/iss/xforce/trendreports/

    X-Force Security Alerts and Advisories


    1 IBM X-Force ) (

    24/7. 7 http://xforce.iss.net/

    X-Force Blogs and Feeds


    7 , X-Force
    RSS feeds. , ) ,
    ( http://iss.net/rss.php. Frequency X Blog
    http://blogs.iss.net/rss.php

    X- Force Threat Analysis Service


    * # :
    http://www-935.ibm.com/services/us/index.wss/offering/iss/a1026943

    27 : | X-Force © 2009 IBM Corporation


    IBM Internet Security Systems (IBM ISS)

    " # ?
    " #
    ?
    " # , )(
    # ?
    , ( ( # ?
    2 # ( #
    ?
    / #
    ?
    2 # ( (
    )( ?
    28 : | X-Force © 2009 IBM Corporation
    IBM Internet Security Systems (IBM ISS)

    http://www.ibm.com/ru/services/iss/iss.html

    http://www.iss.net/support/documentation/index.php

    https://iss.custhelp.com/cgi-bin/iss.cfg/php/enduser/std_alp.php

    ! " #$%&'()
    http://www-935.ibm.com/services/us/iss/xforce/trendreports/
    * +
    http://www.ibm.com/ru/services/iss/solutions.html

    : | X-Force © 2009 IBM Corporation


    IBM Internet Security Systems (IBM ISS)

    2 IBM ISS ' $3&


    !1 H I
    ! 1H )> 8<4
    J $
    ! J K . /, . 2 &L8D8 7<GB&D&98: '; <=> (&>
    , + +
    ! - . /0 $ 1 2 3 4)5 6)78)9: '; <=> (&>
    ? " .@ /A 1 2 9<8(B)C489 5;'<D: '; <=> (&>
    0 E 1 . /F $F 2 C (BCB)'=8G&9: '; <=> (&>

    M I
    . /, . 2 =87'8DG&9: '; <=> (&>
    F N . . /, . 284)L)O 94)9: '; <=> (&>
    F 0 /, . 28$C7'&G<D: '; <=> (&>
    .
    T U . /, . 2D<G<78 ')> )Q&9: '; <=> (&>
    . I 1
    A. M . /, . 2)PG8Q8G&9: '; <=> (&>
    ! R
    S I . . /, . 2;4<8D8 =;489<D7C)98: '; <=> (&>

    : | X-Force © 2009 IBM Corporation

    You might also like