IBM Internet Security Systems

Transcription

1 IBM ISS Overview THE VEHICLE THE SKILL THE SOLUTION

2 Agenda The Evolving Threat IBM Security Framework & IBM ISS Protection Platform IBM X-Force Security Research & Development IBM ISS Proventia Security Products & Solutions IBM Data Security Solutions Break IBM ISS Professional Security Services IBM ISS Managed Security Services 2

3 The Security Perfect Storm The evolving threat - From notoriety to profit motive The productivity machine - Business enhancements = risk Security costs growing 3x faster than IT budgets - Point product approaches no longer scale Accelerated growth of IP-aware networks - Accelerates IT risk Rapid growth in data - Data is the new currency Compliance mandates - Driving costs and spending 3

4 The State of Evolving Threats Expanding e-crime - Big business driven by profit - Innovation to capture new markets (victims) - Victim segmentation and focus - Stealth is the new black - Rate of attacks is accelerating - Form of attack is more malicious - Attacks are designer in Nature 4

5 The real security problem New Methods and Motives: Adding to the complexity and sheer number of risks Compliance Spending: Investing in more point products to solve more point problems IT Innovation: Requiring new ways to secure the new ways we collaborate The Global Economy: Driving new security support requirements Flexibility in Business Methods: To improve operations and serve customers Complexity remains the biggest security challenge!* Integration is key to managing the cost and complexity of the evolving landscape *InformationWeek 2008 Security Survey 5

6 Not all risks are created equally Frequency of Occurrences Per Year Virus Data Corruption frequent infrequent 1, /10 1/100 1/1,000 1/10,000 1/100,000 Worms Disk Failure Application Outage System Availability Failures Lack of governance Network Problem Failure to meet Failure to meet Industry standards Compliance Mandates Terrorism/Civil Unrest Workplace inaccessibility Natural Disaster Regional Power Failures Building Fire Pandemic $1 $10 $100 $1,000 $10k $100k $1M $10M $100M low Consequences (Single Occurrence Loss) in Dollars per Occurrence high 6

7 Neither are all Security Solutions Find a balance between effective security and cost - The axiom never spend $100 dollars on a fence to protect a $10 horse Studies show the Pareto Principle (the rule) applies to IT security* - 87% of breaches were considered avoidable through reasonable controls* Small set of critical security controls provide a disproportionately high amount of coverage - Critical controls address risk at every layer of the enterprise - Organizations that use critical security controls have significantly higher performance* Pressure Cost Complexity Effectiveness Agility *Sources: W.H. Baker, C.D. Hylender, J.A. Valentine, 2008 Data Breach Investigations Report, Verizon Business, June 2008 ITPI: IT Process Institute, EMA December 2008 Time 7

8 To address these concerns, CIOs are developing contingency plans for their IT organizations CIO strategies for managing in an uncertain environment include: Cutting operating expense Postponing long-term projects in favor of near-term return on investment (ROI) Deferring or reducing capital expenditures Revisiting existing service contracts Seeking productivity increases in their existing infrastructure Postponing hiring of additional IT staff Postponing the launch of new initiatives CIOs are being challenged to realize near term cost reductions while continuing to drive structural change 8

9 Security Optimization can help gain operational efficiencies and IT capacity -- to save money and increase investments in new solutions IT Spending Liberating Funds 100% New Solutions Liberated funding for direct saving or transformational investment IT Spending Application Enhancements Cost of Operations Strategic Change Capacity New Solutions Operations Support Operations Maintenance Security Optimization Services Application Enhancements Operations Support Operations Maintenance 9

10 Optimization of Security and Resiliency Redefine and Simplify Risk and Risk Management - Re-evaluating business priorities to balance risk in light of evolving challenges and business Requirements Establish a Total Security Framework and Solutions Portfolio - Take Inventory of current security and continuity practices - Leverage innovation and integration and global expertise Simplify the Security & Risk Lifecycle - Aligning with business processes to ensure continuous improvement, Cost & Complexity removal Join with a Transformative Security Partner - Call in the experts - Leverage global knowledge and learning 10

11 11

12 IBM Solutions for Security and Resiliency deliver sustainable and optimized business operations Designed to: Enable innovation through secured, end-to-end infrastructure and platforms Reduce number and complexity of required security controls Reduce redundant security expenses Improve organizational and operational agility and resiliency Leverage industry expertise to help unify policy management Deliver needed visibility, control and automation IBM Systems Group 12 12

13 IBM Security Framework Control Description Identity & Access Management Encryption and Key Management Database Protection Release Management Change & Configuration Management Threat & Vulnerability Management Problem & Incident Management Security Information & Event Management Compliance Reporting and Management Process for assuring access to enterprise resources has been given to the right people, at the right time Capability enabling use of pre-existing investments by providing central management of encryption keys Capability that allows for granular protection of data in test and production databases Process for assuring efficiency and integrity of the software development lifecycle Process for assuring routine, emergency and outof-band changes are made efficiently, and in such a manner as to prevent operational outages. Process and capabilities designed to protect the enterprise infrastructure from new and emerging threats Automated workflow and Service Desk designed to assure incidents are escalated and addressed in a timely manner Automated log management, monitor and report security and compliance posture Automated processes for compliance certification, reporting and remediation (E.g. PCI) 13

14 IBM Internet Security Systems Protection Platform Among the most advanced and complete security architectures ever developed delivering preemptive security Integrated security intelligence Comprehensive suite of professional security services Single, integrated view into the network Platform and service extensibility Correlation and integration of multiple data sources Underlying best-in-breed appliances 24/7 outsourced security management Improved system uptime and performance without a large investment in technology or resources Guaranteed protection services Protection Platform 14

15 IBM Security - Backed by the IBM X-Force Research Team Research Technology Solutions Original Vulnerability Research Public Vulnerability Analysis Malware Analysis Threat Landscape Forecasting Protection Technology Research X-Force Protection Engines Extensions to existing engines New protection engine creation X-Force XPU s Security Content Update Development Security Content Update QA X-Force Intelligence X-Force Database Feed Monitoring and Collection Intelligence Sharing The X-Force team delivers reduced operational complexity helping to build integrated technologies that feature baked-in simplification 15

16 Ahead Of The Threat X-Force found Mozilla Unicode URL Stack Overflow. IBM Customers protected. May 13, 2008 Adobe Reader and Adobe Acrobat Remote Code Execution Vulnerability Discovered February 7, 2008 X-Force updated protection engines and vulnerability database IBM Customers protected. February 13, 2008 September 23, 2008 Mozilla Unicode URL Stack Overflow public disclosure MySQL targeted by automated SQL injected attacks Vulnerability Discovered IBM Customers protected. November 13, 2007 August 2008 Widespread Exploitation in the wild April 22, 2008 Automated SQL Injection Attacks 16

17 Ahead Of The Threat Vulnerability Discovered by: CVSS Base Score Vendor Disclosure ISS Protection Shipped Days Ahead of Threat Block by default? Multiple (3) Microsoft Windows TCP/IP Remote Code Execution and DoS Vulnerabilities X-Force 10 / 7.4 Jan 8, 2008 MS Critical CVE and CVE Jan 8, 2007 SSM_List_BO Aug 16, 2007 ICMP_Router_Advertisement_DOS 1 year Yes, drop packet Yes, drop packet Adobe Flash Player Invalid Pointer Vulnerability X-Force 9.3 / 6.9 April 8, 2008 APSB08-11 CVE Nov 13, 2007 Multimedia_File_Overflow 150 days Yes, via rewrite Multiple Vendors Vulnerable to DNS Cache Poisoning Dan Kaminski 6.4 / 5.3 July, 2008 (Several) 2006 CVE May 29, 2003 HTTP_GET_SQL_UnionSelect Nov 13, 2007 July DNS_Cache_Poison Aug 12, 2008 DNS_Cache_Poison_Subdomain_ Attack ~ 5 yrs 240 days present Yes, Block connection Yes, Drop Packet Yes, drop packet Microsoft Windows Server Service RPC Code Execution In the wild 10/8.7 Oct 23, 2008* MS Critical CVE Aug 8, 2006 MSRPC_Srvcs_Bo Oct 27, 2008 MSRPC_Srvsvc_Bo 22 months Block connection 17

18 Ahead of the Threat: Conficker Nov 21, 2008 Conficker.A discovered Dec 29, 2008 Conficker.B discovered Feb 20, 2009 Conficker.B++/C discovered Mar 4, 2009 Conficker.C/D discovered DEC-08 JAN-09 FEB-09 MAR-09 APR-09 X-Force is the first to reverse- engineer the worm s Peer-to-Peer communication protocol. 18

19 Proventia Network IPS IBM ISS Virtual Patch What it does - Provides a buffer of time where newly discovered vulnerabilities are addressed before scheduled patches can be applied. How it works - X-Force research focuses on high-risk security vulnerabilities. - Virtual Patch TM technology focuses on the underlying vulnerability instead of the exploit. How this helps - Prevent zero-day attacks & conveniently manage new patches. Why IBM ISS - X-Force leads the industry in primary vulnerability research. 19

20 20

21 The Power To Deliver The Most Advanced Internet Security Solutions Security Products Central Management Platform Network Intrusion Protection System Virtual IPS & Web Application Security Host-based Intrusion Protection System Enterprise Vulnerability Management Multi-Function Security (UTM) Enterprise Data Leakage Protection Endpoint Data Leakage Protection Network Data Leakage Protection Gartner has positioned ISS in the leader quadrant of the Magic Quadrant for Managed Security Service Providers & Intrusion Prevention products NSS IPS + Enterprise 2006 Award **The GX5108 was the first in the industry to receive the IPS + Enterprise certification** Certified by J.D. Power and Associates for Technology Service and Support Excellence - First in Security Industry To Be Certified - First Technology Company To Be Certified Globally ISS Named Best Security Company USA by SC Magazine. February

22 Uncompromising Protection for Every Layer of Your Network 22

23 This one s a bit of an Eye Chart! 23

24 Uncompromising Protection for Every Layer of Your Network IBM Proventia Network Intrusion Prevention Business Challenges The Proventia Solution 24

25 Uncompromising Protection for Every Layer of Your Network IBM Proventia Network Intrusion Prevention The most complete portfolio available 25

26 Uncompromising Protection for Every Layer of Your Network IBM Proventia Network Intrusion Prevention Model GX4002 GX4004 GX5008 GX5108 GX5208 Ports US List $10,995 $15,995 $37,995 $57,995 $85,995 GX $188,995 26

27 Uncompromising Protection for Every Layer of Your Network IBM Proventia Server Business Challenges Managing disperse security agents Demonstrating risk and compliance Protecting critical data, intellectual property and access to vulnerable servers Maintaining server uptime along while providing strong host intrusion prevention technologies Tracking file access and changes among business critical servers The Proventia Solution Reduces security costs, protects server environments and reduces downtime Enforces corporate security policy for servers Provides out-of-the-box protection with advanced intrusion prevention and blocking Utilizes multiple layers of defense to provide preemptive protection Support operating system migration paths Protects at-risk systems before vendor-supplied patches are available Industry s broadest operating system support: 27

28 Uncompromising Protection for Every Layer of Your Network IBM Proventia Network Enterprise Scanner Business Challenges Managing enterprise security risk Demonstrating risk reduction and compliance Optimizing protection against existing vulnerabilities Automating the vulnerability scanning process Managing the vulnerability remediation workflow Improving efficiency and decreasing operating costs The Proventia Solution Increase network uptime and bandwidth Perform fast, accurate vulnerability scans Free up resources by automating the scan process Leverage your existing IT infrastructure Monitor vulnerability status and maintain compliance Combine with Proventia Platform for Scan and Block capabilities #1 Network VA Vendor (2005) 28

29 Uncompromising Protection for Every Layer of Your Network IBM Proventia Network Multi-Function Security Business Challenges Protect your business from internet threats without jeopardizing bandwidth or availability Secure your end users from spam, incompliant activity and other productivity drainers Conserve your resources by eliminating the need for special security expertise The Proventia Solution Complete protection against all types of Internet threats, with firewall, intrusion prevention, and Virus Prevention System Spam effectiveness ~95%, define Web browsing policies, filter database of +63 Million URLs in 62 categories Set and forget security, automatically updated to protect against the next threat and tailored to needs of your small business or remote offices 29

30 Uncompromising Protection for Every Layer of Your Network IBM Proventia SiteProtector Business Challenges Enterprise-wide view of asset, threat & vulnerability data Comprehensive visibility into network communications Securing Enterprise asset Keeping the network available, bandwidth utilization Maintaining too many security management systems Acceptable use of network resources The Proventia Solution Documents the security process Provides centralized management of high performance network security in addition to host and gateway devices Ease of use through console consolidation Offers visibility through the detection system Enables keeping ahead of rising standard of due care Keeps workflow support for policy mgmt, incident response and vulnerability remediation 30

31 Uncompromising Protection for Every Layer of Your Network 31

32 IBM Data Security Services Endpoint Encryption - powered by PGP Corporation - Full Disk (protect data when device lost or stolen) - File / folder / vdisk / removable media, shared media Network Data Loss Prevention (ndlp) - powered by Fidelis Security Systems - Policy-based enforcement of data protection policy (notify, block, encrypt, remove, relocate) Endpoint Data Loss Prevention (edlp) - powered by Verdasys Inc. - Automated discovery of sensitive content, classifying / tagging of files, - Policy-based enforcement of data protection policy (notify, block, encrypt, remove, relocate) - Close the gap between user action and automated policy-enforced action - Removable media port control with Fine-grain control of external I/O ports Activity Compliance Monitoring & Reporting - powered by Application Security Inc. and Tivoli Compliance Insight Manager (TCIM) - Help assess the security strength of network-based database applications by identifying vulnerabilities - Locate, examine, report on and suggests fixes for security holes and misconfigurations - Policy-based, compliance-focused solution to monitor user activity across heterogeneous systems 32

33 Enterprise Content Protection (ECP) Prevent leakage of sensitive data outside and inside. Protect valuable information and comply with regulations. Framework allowing tailored solution for protection at the network and endpoint levels. In combination, or as separate components (Network / Endpoint) Proven, best technical capability from IBM Business Partners integrating with IBM Professional Security Services and Managed Security Services to protect data, brands, intellectual property and resources. Scalable to support the enterprise of any size and distribution 33

34 Definition: Podslurping Podslurping: the act of using a portable data storage device such as an ipod digital audio player to illicitly download large quantities of confidential data by directly plugging it into a computer where the data is held, and which may be on the inside of a firewall. As these storage devices become smaller and their storage capacity becomes greater, they are becoming an increasing security risk to companies and government agencies. 34

35 Enterprise Content Protection (ECP) Automated discovery of sensitive content, classifying / tagging of files Policy-based enforcement of data protection policy (prevent, allow, encrypt, etc.) Close the gap between user action and automated policy-enforced action Endpoint Network Server / Data Center Key Business Partners: - Fidelis Security Systems - Verdasys 35

36 Data-Centric Security Process Where and What is Sensitive Data What is the User Doing With It? Where Is the Data Going? Apply Risk Appropriate Policy & Actions Discovery Desktops Laptops Servers Classification Tagging Content Similarity Keyword Pattern Dictionary Context Server Application File Type User Unstructured Data Read Write Move Print Burn Copy/Paste Upload Structured Data View Delete Modify Devices Applications Networks Alert Detection Warn Awareness Prompt Justify Encrypt Protection Block Prevention Mask Need to Know Continuous Audit Logging 36

37 Complementary technologies, comprehensive protection FW Complementary technologies - IBM ISS Proventia prevents intrusions, attacks and compromises - Fidelis XPS prevents leakage of sensitive content Comprehensive protection - Inbound and outbound security for enterprise networks - Asymmetrical depth of defense 37 37

38 38 38

39 SiteProtector Unified Enterprise Security Console for all products Enterprise Protection Products Vulnerability Assessment Network Protection Server Protection Behavior Protection Data Security Services Enterprise Scanner helps to ensure the availability of your revenue producing services and protects your corporate data by identifying where risk exists, prioritizing and assigning protection activities, and then reporting on results High performance network security with real-time attack, malicious code and hybrid threat blocking. Allows secure open transactions in a SOA environment which is an effective way to preserve network availability, reduce the burden on your IT resources and prevent security breaches. Protects systems and the data that can leak from these systems Data Security -- Provides historical data that enables companies to find the origin of a change, breach or string of behavior Insider Threats -- Tracks the who, what, when, where of user/administrator behavior Compliance -- Provides the reporting necessary to prove the security of sensitive information IBM Proventia Network Anomaly Detection System (ADS) is designed to deliver a clear view of your network's behavior while automatically detecting active security threats, risky user behavior, performance issues and noncompliant activities, such as policy violations and unapproved network changes

40 BREAK 40

41 41

42 ISS Professional Security Services Professional Security Services - Assessment Services Application Security Assessment Information Security Assessment Penetration Testing PCI Assessments SCADA Assessment - Design Services - Education Services - Emergency Response Services Benefits - Identification of security weaknesses Unsecured networks and applications Weak security policies - Implementation of a best practices approach to security - Aid compliance with regulations SoX, HIPAA, GLB, PCI 42

43 IBM ISS Professional Security Services ADDME - A Proven Methodology Phase 5. Education IBM ISS Product Training Security Awareness Training Phase 4. Management and Support Emergency Response Service Forensic Analysis Service Staff Augmentation and Support Phase 1. Assessment Application Security Assessment Information Security Assessment Penetration Testing PCI Assessment SCADA Assessment Policy and ISO Gap Analysis Phase 2. Design Implementation Planning Network Security Architecture Design Policy Design and Development Standards and Procedures Development Phase 3. Deployment Deployment Services Migration Services 43

44 Application Security Assessment (ASA) Application security an often-overlooked part of a security plan - Applications house companies critical data customer information, HR data and intellectual property - Security holes in custom applications create opportunities for attackers ASA looks for the vulnerabilities in Web and custom applications - Comprehensive vulnerability assessment of the application and network infrastructure directly supporting the application - Remote attack simulation in which security experts attempt to penetrate an application, using techniques similar to those used by malicious attackers - Targeted code review to provide solid recommendations for improving application security - Assessments performed by security consultants with application development backgrounds Detailed report of findings - Specific recommendations for remediating any vulnerability found 44

45 Information Security Assessment (ISA) Comprehensive evaluation of an organization s security posture - Based on ISO security standard and industry best practices - Provides complete internal and external assessment of information security state Provides a clear understanding of current information security risks - Identifies the potential impact of vulnerabilities - Raises internal awareness of information security risks - Enables more informed decision-making and identifies the gaps in organizational security controls, policies and processes - Provides a specific, actionable plan to improve overall security posture based on business needs - Helps to meet regulatory compliance requirements Includes a thorough assessment of: - Information security policies - Procedures, controls and mechanisms - Physical security - Networks, servers, desktops and databases Detailed deliverables - Prioritized, actionable remediation steps presented in a workshop format 45

46 PCI Compliance Services IBM ISS is a Qualified Security Assessor (QSA), having met the requirements as a QSAC to perform PCI assessments IBM ISS is a Approved Scanning Vendor (ASV), having met the requirements to perform PCI DSS-approved quarterly network scans ISS PCI services include: - PCI Assessments Pre-assessment Annual on-site audit and Report on Compliance (ROC) Quarterly network scans - Remediation Assistance remediating any issues found during preassessment - Payment Application Assessments Assessing the security of payment applications IBM ISS is an Approved Qualified Payment Application Security Company (QPASC) - Visa Cardholder Information Security Program (CISP) Incident Response IBM ISS is a Visa Qualified CISP Incident Response Assessor IBM ISS can respond to security incidents and provide forensic analysis when there is a loss of cardholder data 46

47 Penetration Testing Penetration testing uncovers network vulnerabilities and assesses the business risk of those vulnerabilities - Real-life network attack simulation in which security experts attempt to penetrate a network mimicking the techniques used by malicious attackers - Demonstrates how attackers can significantly impact a business IBM ISS security expertise - More than a simple vulnerability assessment Use of a combination of proprietary and industry-leading security assessment tools, complete with an in-depth analysis of vulnerability data by a security expert - Leverages security intelligence of ISS X-Force Detailed deliverables - Prioritized, actionable remediation steps 47

48 Emergency Response Services Incident response, preparedness planning and forensic analysis experts - Responds quickly to attacks in progress - Works with customers to develop customized emergency response plans to minimize the effect of future attacks Customers benefit from: - Immediate attack response 24/7/365 to stop attacks in progress and minimize their impact - Forensic analysis to help find and prosecute perpetrators - Incident response methodology that includes steps for analysis and intelligence gathering, containment, eradication, recovery and prevention - Customized incident response plans and procedures to guide you in case of an attack Available as a subscription service or as an on demand service - Subscription service includes incident response planning and phone support to help customers prepare before a security incident occurs Customers experiencing a security emergency can call the IBM ISS Emergency Response Team 24/7/365: 48

49 Additional IBM ISS Professional Security Services Governance, Risk & Compliance Services - Strategic Threat & Risk Analysis (TRA) - Security Policy Development - Network Security Architecture Design - Security Technology Implementation Planning - Deployment Consulting - Staff Augmentation Professional Services Identity & Access Management (IAM) Professional Services - Specifically with respect to Tivoli Identity Manager (TIM) and Tivoli Access Manager (TAM) design, installation & configuration 49

50 50

51 The Power To Deliver The Most Advanced Internet Security Solutions Managed Security Services Managed Protection Services Managed and Monitored Firewall Services Managed IDS/IPS Services Vulnerability Management Service Security Event and Log Management Services Managed and Web Security Services 51

52 IBM Global Security Operations and R&D IBM has the unmatched global expertise to deliver complete solutions and manage the cost and complexity of security 52

53 Breadth of Services 53

54 Breadth of Services Managed Security Services Key Benefits Protect company assets, brand reputation and business continuity with 24x7 reliable monitoring and management Reduces in-house security costs by up to 55 percent Achieves security compliance with industry and governmental regulations Maximizes existing security investments Improves productivity by freeing IT resources to focus on strategic initiatives Reassures clients, partners and shareholders that critical data is protected by trusted resources Reduces operational complexity 54

55 Managed Protection Services (MPS) Guaranteed Protection Services Based on IBM ISS Security Technologies Proventia G (IDPS) Proventia M (UTM) Proventia Server Proventia Desktop Best-in-Class Service Level Agreements Performance based SLAs Multiple Service Level Options Standard, Select, Premium Choose services per device for custom solutions Industry Leading Customer Portal Embedded X-Force Intelligence 55 55

56 Managed Protection Service Features Industry Leading Performance-based SLAs Completely Web-Driven Interface Virtual-SOC Portal enhances customer control and SOC communications 24/7 Expert Monitoring and Management Security Incident Escalation Standard & Customizable Reporting Systrust & SAS-70 Certified SOC Integrated Vulnerability Management Subscription to XFTAS Security Intelligence 56 56

57 MPS Offerings and Service Levels Benefit from guaranteed service level agreements and a $50,000 money-back warranty ensuring 100% accountable, reliable protection* *Money-back payment (for Managed Protection Services - Premium Level only): If IBM Internet Security Systems fails to meet the Security Incidents Prevention Guarantee the customer's account shall be paid US$50,000 for each instance this guarantee has not been met. Please see IBM Internet Security Systems Service Level Agreements for more details

58 Managed Security Services (MSS) - Summary Industry Proven Managed Security Services Managed Network Intrusion Detection / Prevention Managed Network Firewall Multi-Vendor Security Technology Support Firewalls: IBM ISS, Cisco, Check Point, Juniper IPS: IBM ISS, McAfee, Sourcefire Best-in-Class Service Level Agreements Multiple Service Level Options Standard, Select Standard, Select, Premium Industry Leading Customer Portal Embedded X-Force Intelligence 58 58

59 Managed IPS & Firewall Service Features Best-of-Breed Security Platform Support ISS (IDS/IPS), Cisco (IDS/IPS), Sourcefire, McAfee (IPS) Check Point, Cisco, Juniper, ISS Completely Web-Driven Interface Virtual-SOC Portal enhances customer control and SOC communications Industry Leading Performance-based SLAs Systrust & SAS-70 Certified SOC Integrated Vulnerability Management Access to XFTAS Security Intelligence 24/7 Expert Monitoring and Management Security Incident Escalation (IPS Service) Standard & Customizable Reporting 59 59

60 Managed IDPS Service Features Summary Network Features Standard Level Select Level In which document can the latest platform support and sizing information be found? IDS/IPS: Policy management: Device management: Critical attacks, denial of service, and worms Performed by IBM Performed by IBM All Attack activity, suspicious activity, and network misuse Performed by IBM, unlimited policy change requests per month Performed by IBM Security event monitoring: Vulnerability Management: Log Storage / Availability: Health and Availability Monitoring: Security Content Upgrades: Customer Portal Access: Detailed Reporting: Out of Band Required: High Availability: Automated analysis; escalation 1 IP Quarterly 1 year Yes Yes Yes Yes Optional Optional Add-on Capabilities When supported by the platform Automated plus realtime 24/7 human analysis; or telephone escalation 2 IPs Quarterly Up to 7 Years Yes Yes Yes Yes Yes When supported by the platform 60 60

61 61 61 Managed Firewall Service (MFW) Features Summary Network Supported Bandwidth: Features Policy or Configuration In which document Changes Per Month: can the latest platform support Emergency and Policy sizing information Changes be per Month: found? Maintenance Window for Policy / Configuration Changes: Site to Site VPN Support: Client / SSL VPN Support: Vulnerability Assessment: Log Storage / Availability Device Management: Health and Availability Monitoring: Application / OS Upgrades: Customer Portal Access: Detailed Reporting: Out of Band Required: High Availability: Standard Level Up to 100MB* 2 No No Up to 2 Tunnels No 1 IP Quarterly 1 year Yes Yes Yes Yes Yes Optional Optional Add-on Capabilities When supported by the platform Select Level 100MB through 1 GB and up* 4 No No Unlimited Yes 2 IPs Quarterly Up to 7 Years Yes Yes Yes Yes Yes Yes When supported by the platform Premium Level 100MB through 1 GB and up* Unlimited 1 Yes Unlimited Yes 3 IPs Quarterly Up to 7 years Yes Yes Yes Yes Yes Yes When supported by the platform

62 Managed Unified Threat Management (UTM) Service Unified Threat Management (UTM) Customizable support for best-of-breed multi-function devices Multi-Vendor Security Technology Support IBM ISS, Cisco, Juniper, Check Point Best-in-Class Service Level Agreements Multiple Service Level Options Standard, Select, Premium Industry Leading Customer Portal Embedded X-Force Intelligence 62 62

63 Managed Unified Threat Management (UTM) Service Features Best-of-Breed Security Platform Support IBM ISS, Cisco, Juniper, Check Point Completely Web-Driven Interface Virtual-SOC Portal enhances customer control and SOC communications 24/7 Expert Monitoring and Management Security Incident Escalation Two Packages Protection Content Multiple Service Levels Standard, Select, & Premium Standard & Customizable Reporting Industry Leading Performance-based SLAs Systrust & SAS-70 Certified SOC Integrated Vulnerability Management Embedded XFTAS Security Intelligence 63 63

64 64

65 Security Enablement Services Key Benefits Centralized command center to monitor and control Virtual-SOC services Run queries and generate reports on multi-vendor security devices, security events, service level agreement (SLA) activity and more Automated analysis of security events and logs alerts for remediation Unlimited archive system stores one year of online event/log storage and seven years of offline archiving Authorized access to portal for increased internal protection Integrated with X-Force security intelligence feeds and daily threat assessments 65

66 Vulnerability Management Service Internal & External Vulnerability Assessments Vulnerability Remediation Workflow Embedded Step-by-step Remediation Actions Complete Ticketing System Virtual Patch ties to MPS/MSS Granular Access Control & Permissions Fully functioned Reporting Industry Leading Customer Portal Embedded X-Force Intelligence 66 66

67 Vulnerability Management Service - SLAs Vulnerability Scan Execution Scan will execute +/-1 hour of scheduled time. Virtual Patch Application Virtual patch will be applied within 2 hours of request. Proactive System Monitoring (Internal) 15 minute notification of internal agent unreachable. Security Content Update Content updates completed within 72 hours of release. Customer Portal 99.9% uptime Internet Emergency 15 minute notification 67 67

68 Security Event & Log Management Service (SELM) Log and Event Collection & Archival Syslog, Universal Logging Agent (ULA) On Site Aggregation, Compression, Encryption Secured Communications Forensically Sound Storage Automated Alerting (Select Level Only) Security Incident Tracking Systrust and SAS-70 Certified SOC Industry Leading Customer Portal Embedded X-Force Intelligence 68 68

69 X-Force Threat Analysis Service X-Force Threat Analysis Service News Vulnerabilities Exploits Worms/Virus Breaking Security Intelligence Alerts Configurable Alerting/Advisories Daily s Direct Feed from X-Force Research 30,000+ Records 69 69

70 Managed & Web Security Features: 100% Virus Protection 99.2% Spam Effectiveness with 1 in 1 Million False Positives 90%+ effective in identifying pornographic attachments Enforces Acceptable Use Policy Multiple Layers of Defense Highly redundant infrastructure Assists in stopping confidential information leaving your company Industry Leading Performance-based SLAs 70 70

71 Managed & Web Security Service Details: Anti-Virus - Multiple Scanners - Inbound & Outbound Filtering - Proactive scanning for new threats - Phishing detection - Protection for Zero-Hour Outbreaks - 7-day offsite Virus Quarantine - 100% protection against known and unknown Viruses Anti-Spam - Multiple filters - TCP/IP Traffic Shaping - Highly Effective with minimal False Positives - Transparent Knowledge Base Updates - Multiple-handling options, including end user Quarantine; Confidence to block and delete on signature detection - Configurable White and Black lists 71

72 Managed & Web Security Service Details: Image Control - Proactive Monitoring - Detects 90%+ of borne inappropriate image attachments - Fights Harassment in the workplace and protects Company image - Configurable Sensitivity settings to adjust based on your appetite for risk - Supports Compliance with Internet Acceptable Use Policy and Legal Liability Content Control - Protect Corporate and brand reputation - Maintain Confidential and Intellectual Property - Advance Policy setting criteria including, Group, Users, Sizes, Types, Times of Day - Keyword & Contextual Analysis - Investigate suspicious activity - Preserve Confidentiality and Security and reduce Legal Liability - Defend against careless and malicious actions 72

73 Managed & Web Security Service Details: Web Web Anti-Virus/Anti- Spyware - Real-time Scanning and Analysis of Web Traffic - Combined protection from Spyware, Viruses and all other types of Malware at the Internet level - Skeptic Technology layered over multiple commercial scanning engines - Converged Threat Analysis, taking recent threat information from and IM and applying to Web - Customizable Block messages and alerting Web URL Filter - Combined Real-Time filtering with Sophisticated URL Categorization database - Policy engine with intuitive rule-building - MIME and file type lists - Customizable Block Messages and Alerting - Content Categories include Webmail, blogs, chat and uncategorized - Enforces Web Acceptable Use Policy - Optimizes bandwidth 73

74 74

75 Rick Young, Account Executive IBM Internet Security Systems Questions? 75

76 Thank You! Rick Young, Account Executive IBM Internet Security Systems THE VEHICLE THE SKILL THE SOLUTION