3 Proventia Network IPS

IBM Global Technology Services
2008 IBM Corporation

IBM Internet Security Systems
Ahead of the threat.
Security Framework and Solutions

Proventia Network IPS
2007 IBM Corporation 2
Agenda
IBM Security Framework
Proventia Network Intrusion Protection System
Q & A session
The information security capability reference model
Enterprise Information Management & Privacy
IBM Information Security Framework
Governance
Privacy
Threat mitigation Transaction and data integrity
Identity and
access management
Application security
Physical security Personnel security
The eight themes are described through a number of capabilities.
IBM Information Security Framework
Application development
environment
Secure coding practices
Operational application
support environment
Design patterns
Systems development
lifecycle (SDLC)
Security in the SDLC
process
Application security
Employment lifecycle
management
Workforce security
Awareness and training
Code of conduct
Personnel security
Data, rules and objects
Privacy data taxonomy and
classification
Privacy business process model
Data usage compliance process
Policy, practices and controls
Policy taxonomy and glossary
Policy rules definitions
Privacy impact assessment (proactive)
Privacy audit (reactive)
Awareness and training
Privacy and information management
strategy
Define privacy information strategy
Requirements and compliance process
Incident response
Privacy
Secure storage
Data retrieval
Data storage protection
Data destruction
Archiving
Systems integrity
Security in systems
management
Security in business
continuity planning
Business process
transaction security
Fraud detection
Data transaction security
Database security
Database configuration
Master data control
Message protection
Public key infrastructure
Message protection security
Transaction and data integrity
Vulnerability management
Standard operating
environment
Patch management
Vulnerability scanning and
assessment
Incident management
Incident management
Event correlation
Forensics
Network segmentation and
boundary protection
Network zone management
and boundary security
infrastructure
Remote access
infrastructure
Intrusion defense
Network security
infrastructure
Content checking
Virus protection
Content filtering
Threat mitigation
Compliance program
Regulatory compliance
Technical, policy and standards
compliance
Health checking
Internal audit and response
Security risk management framework
Threat risk assessment
Information asset profile
Project risk assessment
Security risk management
Strategy
Information security policy
Enterprise security architecture
Governance framework
Governance structure
Information security advisory
Consulting and advisory services
Governance
Identity lifecycle management
User provisioning
Other entity provisioning
Identity credential
management
Identity proofing
Background screening
Identity establishment
Access management
Single sign-on
Authentication services
Access control services
Identity and access management
Physical asset management
Asset management
Document management
Site security
Site planning
Site management
Physical security
IBM Security in action PCI Data Security Standard
Payment Card Industry (PCI) is a
global security standard created by
major credit card brands to reduce
risks and protect consumers
personal information
PCI as a blueprint to a more secure
enterprise
Delivering security solutions to help
address compliance concerns.
IBM Services, Software and Hardware:
Only IBM has solutions to address all 12 PCI requirements
Cc im mnh ca IBM ISS
IBM ISS Virtual Patch Technology
Virtual Patchtechnology
for vulnerabilities
Shields the vulnerability from
being exploited
Eliminates emergency
patching
Removes the risk of patching
Enables patches to be applied
during normal maintenance
windows
Stop malicious attacks before
they impact your business
Preemptive Protection An ninh n u
How is it different from reactive security and
zero day protection?
Consider a leaky roof in a rainstorm. The holes in the roof are like
vulnerabilities. Reactive security is like examining individual raindrops after
theyve already come through a hole in your roof.
Zero day protection is simply reactive security hurried up. It provides a
patch (often for just a specific type of raindrop) sometime during a 24-hour
period when the chance of rain is virtually 100%.
Preemptive security is a vulnerability-based security approach. Intensive
research is applied to discover the hole in the roof (vulnerabilities in
software). A patch is applied to the hole to protect against any kind of rain
all while the suns still shining (often weeks or months ahead of an attack).
Pre-Emption (i trc nguy c)
Whats the Difference?
Protecting against exploits is reactive:
Too late for many
Variants undo previous updates
Typical of antivirus and most IDS/IPS
vendors
Protecting against vulnerabilities and
behaviors is proactive:
Stops threat at source
Requires advanced R&D
Source: Microsoft Security Center
Vendor Patching is an .. Unmanageable Arms Race
MS02-039
July 24, 2002
Slammer
SQLServer, DoS
Jan 25, 2003
MS Blaster
DCOM RPC, DoS
Aug 11, 2003
Sasser
LSASS, Restart
Apr. 30, 2004
Zotob:
PnP, TCP 445
Aug. 13, 2005
EXPLOIT
185 Days
26 Days
17 Days
4 Days
MS05-039
Aug. 9, 2005
MS00-078
Apr. 13, 2004
MS03-026
July 16, 2003
Window Between
Vulnerability and Exploit
4/13/2005
ISS implements protection for
MS PnP vulnerability into ISS
products. ISS Virtual Patch
protection begins.
4/13/2005
Others do not have internal
research to find and
understand vulnerabilities;
therefore, they have no
knowledge of the MS Plug
and Play vulnerability.
8/9/2005
Microsoft publicly
announces
vulnerability and
availability of a
patch.
8/11/2005
Plug and Play
exploits become
public
8/13/2005
Zotob Bot runs rampant
and causes damage to
organizations worldwide.
ISS customers enjoy
protection since 4/13/2005.
8/9/2005
Other claim preemptive
protection through
broad blocking and
alerting methods which
are prone to false
positives and false
negatives
8/11/2005
Plug and Play
exploits become
public
8/13/2005
Zotob Bot propagates, some
competition see the bot, but
none of the (many) variants,
resulting in continuous
updates offering little to no
zero day coverage.
8/16/2005
Exploit-based
signatures released
to reactively protect
against the Zotob Bot
MS Plug and Play / Zotob Timeline
Effective IPS Technology
IPS Evaluation Criteria
Protection capability
Network performance
Security research
and intelligence
Management
IBM ISS Platform Differentiators
THE POWER TO DELIVER THE MOST advanced internet securityIN THE WORLD
THE WORLDS LEADING
ENTERPRISE SECURITY
R&D ORGANIZATION
GLOBAL SECURITY
OPERATIONS CENTER
(INFRASTRUCTURE MONITORING)
ISS
X-FORCE
SECURITY
R&D
ISS
SECURITY
OPERATIONS
ISS PROTECTION
PLATFORM
END-TO-END PREEMPTIVE
SECURITY SOLUTIONS
INTEGRATED SECURITY
IBM ISS Protecion & Research
IBM ISS IPS superior Protection
Phn tch c nhiu giao thc mng (177 giao thc) pht hin v
ngn chn tn cng y v chnh xc
Cung cp y cc gii php IPS ti Gateway, Network v Host
Thnh phn qun tr h tr ti a cho ngi qun tr.
IBM ISS IPS superior Research
X-force R&D
Ngn chn cc tn cng trc khi n xy ra
Theo di tnh hnh an ninh trn ton cu nh dch v qun l an ninh (MSS)
www.iss.net
X-Force Research - Advisories
Company of the Year
Frost and Sullivan
Company of the Year
Leader in IPS Sales
Source: World Intrusion Detection and Prevention
Systems Markets - Frost & Sullivan
Frost & Sullivan Awards:
IDS/IPS Market Leadership Award
Vulnerability Assessment Market Leadership Award
Manager Security Services Customer Service
Innovation Award
Global Market Leader ship
Market Leadership:
2006 -2007 Awards
IBM ISS
Enterprise Security Solution
Proventia Network MFS
MX5110, MX5008, MX4006, MX3006,
MX1004, MX0804
All-in-One Protection Appliance
- IDS/IPS
- FW / VPN
- AntiVirus (signature & behavioral)
- AntiSpam
- Web Filter
Proventia ADS Series
Anomaly/Behavioral Protection and
Network Visability Appliances
Proventia Desktop
All-in-One Protection Agent
- Firewall
- Virus Prevention System
- Intrusion Protection
- VPN Enforcer
- Buffer Overflow Protection
Proventia Network IPS
Preemptive Security for Enterprise Networks
Baby G, GX4002, GX4004, GX5008, GX5108
GX5208, GX6116
Proventia Server
Multi-layered Protection Agent
Windows
Linux
RealSecure Server Sensor
Windows
Solaris
11/02/2008
Proventia Network Intrusion
Protection System
Network Security Challenges
Service outages due to denial-of-service attacks
Unauthorized access to network resources
Exponentially increasing number of required software patches
Increasing requirements to demonstrate compliance
Lack of qualified in-house information security specialists
Detection vs. Prevention
Intrusion Prevention
Intrusion Prevention Systems
Block malicious and unwanted traffic other technologies
cannot recognize.
Bots / Trojans / Worms / Spyware / P2P / IM / DoS
Compliment patch management by shielding
new vulnerabilities.
2007 IBM Corporation 25 25
Firewall & NIPS comparison
Firewall :
Like the Immigration at the Airport
Controls WHO & WHEN the entity is
permitted to enter or leave
Based on the Passport
Network Intrusion Prevention Systems :
Like the Customs at the Airport
Controls WHAT & HOWis permitted to enter or
leave
Based on What you Bring/Carry
The Airport Analogy
Ports
GX4002
GX4004
GX5008
GX5108
GX5208
2
4
8
8
8
Model
GX3002 2
GX6116 16
Throughput
200Mbps
200Mbps
400Mbps
1.2Gbps
2Gbps
10Mbps
6Gbps
Block network attacks
Help address patching problems
Deployment Considerations
* Requires External Bypass Unit
GX3002 GX4002 GX4004 GX5008 GX5108 G5208 G6116
Typical Deployment
Remote Office Remote Office
Network
Perimeter
Network
Perimeter
Network
Core
Network
Core
Network
Core
Form Factor
Desktop 1U 1U 2U 2U 2U 2U
Throughput
10Mbps 200Mbps 200Mbps 400Mbps 1.2Gbps 2Gbps 15Gbps
Concurrent Sessions
220000 1.200.000 1.200.000 1.200.000 1.450.000 1.800.000 4.600.000
Redundant Power
Supplies
No No No Yes Yes Yes Yes
Redundant Storage
No No No Yes Yes Yes Yes
Hardware Level
Bypass
Yes Yes Yes Yes* Yes* Yes* Yes*
Inline IPS Segments
1 1 2 4 4 4 4
Network Protection - Deployment
4/13/2005
ISS implements protection for
MS PnP vulnerability into ISS
products. ISS Virtual Patch
protection begins.
4/13/2005
Others do not have internal
research to find and
understand vulnerabilities;
therefore, they have no
knowledge of the MS Plug
and Play vulnerability.
8/9/2005
Microsoft publicly
announces
vulnerability and
availability of a
patch.
8/11/2005
Plug and Play
exploits become
public
8/13/2005
Zotob Bot runs rampant
and causes damage to
organizations worldwide.
ISS customers enjoy
protection since 4/13/2005.
8/9/2005
Other claim preemptive
protection through
broad blocking and
alerting methods which
are prone to false
positives and false
negatives
8/11/2005
Plug and Play
exploits become
public
8/13/2005
Zotob Bot propagates, some
competition see the bot, but
none of the (many) variants,
resulting in continuous
updates offering little to no
zero day coverage.
8/16/2005
Exploit-based
signatures released
to reactively protect
against the Zotob Bot
Proventia Network IPS Security
Patching is part security management and part system
administration
Considering a company that takes half man day to
patch a server
1000 servers will take them 500 man days
An NIPS will block attacks targeting unpatched servers,
while the administrator can schedule patching at a
convenient time
When the patch is available for download
After the patch had been tested on test servers
No issues found between the patch and business applications
NIPS provides Administrative Benefits
Protocol Analysis Module (PAM)
Importance of VoIP security
VoIP security solution ?
VoiIP demo
Proventia Network IPS Security
Backed by the industry-leading
X-Force
research and
development team:
Original Vulnerability Research
Public Vulnerability Analysis
Malware Analysis
Threat Landscape Forecasting
Protection Technology Research
Proventia Network IPS Ease of Use
Three management interfaces:
SiteProtector
Proventia Manager (Web-based)
Command line interface
Trust X-Force Default Blocking
automatically enables new
security content
Granular security policy control (based on device, port, VLAN or IP)
Attack traffic logging support
Integrates with SNMP-
based health monitoring
systems
Proventia Network IPS Reliability
Automatic Bypass Operation allows all traffic
to pass in the event of:
Hardware failure
Power failure
Software crash
Redundant components*:
Hard drives
Power supplies
Cooling fans
* Available in GX5008, GX5108, GX5208, and GX6116
Internet
Proventia Network IPS Redundancy
SWITCH
High Availability:
Support for
Non - Asymmetric
Routing
SWITCH
Proventia Network IPS Redundancy
High Availability:
Support for
Asymmetric Routing
Proventia Network IPS Deployment
Three Operating Modes:
Proventia Network IPS Management
Browser-based local
management interface (LMI)
Central Management through
Proventia Management
SiteProtector:
Simple, powerful configuration
and control
Robust reporting, customized
event viewing and event
correlation
Comprehensive alerting and
response options
Scheduled data retention to be
used for compliance efforts
Highly scalable to accommodate
hundreds of Proventia Network
IPS appliances and other ISS
solutions
Pull-down list provides means for user
to change view
Replaces the tabs that are currently
used in SP
Right click on any Events for details
Increased productivity
Console
Consolidation
Lower TCO sets
up quicker ROI
Still decentralized
command and control
Significantly reduces operational cost
Proventia Network IPS Management
Command and Control
SiteProtector
Proventia Manager (LMI)
Command Line Interface
Policy Management
Policy per Device
Policy per Port
Policy per VLAN Tag
Policy per IP Address / Range
Support for Custom / SNORT Rules
Intrusion Responses
Block
Ignore
Log
Email
Quarantine
SNMP
User Defined
Logging
Attack Packet Logging
IBM ISS Awards
ISS Product Date Category Award
Proventia GX6116 V2.2 04/08 IPS Approved
Proventia M50 V3.2 10/05 UTM Approved
Proventia A604 03/05 IDS Approved
Proventia G200 RevA 01/04 IPS Approved
RSN Gigabit 7.0 08/03 Gig IDS Approved
Proventia A201 08/03 IDS Approved
RSN 7.0 Gigabit Sensor 12/02 Gig IDS Approved
RSN 7.0 07/02 IDS Approved
RSN 5.0 12/01 IDS Approved
No product or signature updates are allowed during the tests.
http://www.nss.co.uk/certification/tested.htm
ISS Awarded
11 times
NSS Tested and Certified
IBM is Leader in IDS/IPS Market for 2007
Proventia Network IPS Confidence
All in all, Proventia continues to be one of the most consistently
accurate IDS/IPS systems we have tested.
- Bob Walder, Director, The NSS Group (www.nss.co.uk)
We have a number of IBM Proventia appliances and have found
them to function flawlessly in terms of performance.
- John Libbeter, Capita Business Services
The Proventia Network Intrusion Prevention System provides the
granularity that is required to protect, without interfering with
business processes.
- Eric Ayotte, Network Security Solutions Group, M&T Bank Corporation
Questions to Consider
Are you able to patch every system in your network every time
a new vulnerability is announced?
Is there confidential information stored on computers within
your network?
What would be the impact on your firms business operations
if your network went down?
Does your organization have the security expertise required to
defend against attacks, investigate and remediate breaches,
and demonstrate compliance?
Key Take Aways
ngocdv@misoft.com.vn
IBM Proventia Network IPS
Block network attacks
Help address patching problems
PAM Protocol Analysis Module vulnerability centric
IBM is Market Leader for IDS/IPS for 2005, 2006, 2007
IBM integrates network and host based solutions to
provide a unified solution to customers
IBM end-to-end preemptive protection provides a value
proposition that significantly aids deployment and
management of security infrastructure.
Thank you!

3 Proventia Network IPS

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

3 Proventia Network IPS

Uploaded by

Copyright:

Available Formats

IBM Global Technology Services

2008 IBM Corporation

Security Framework and Solutions

You might also like