Introducing IBM s Advanced Threat Protection Platform

Similar documents
IBM QRadar Security Intelligence April 2013

IBM Advanced Threat Protection Solution

IBM Security IBM Corporation IBM Corporation

IBM Security Network Protection

IBM Security Intrusion Prevention Solutions

Security strategies to stay off the Børsen front page

Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence

IBM Security Network Protection

The webinar will begin shortly

IBM Security X-Force Threat Intelligence

Under the Hood of the IBM Threat Protection System

IBM Security QRadar QFlow Collector appliances for security intelligence

Security Intelligence

Mobile, Cloud, Advanced Threats: A Unified Approach to Security

Extreme Security Threat Protection G2 - Intrusion Prevention Integrated security, visibility, and control for next- generation network protection

IBM Security QRadar Vulnerability Manager

IBM Security QRadar Risk Manager

IBM Protocol Analysis Module

IBM Security Intelligence Strategy

The Hillstone and Trend Micro Joint Solution

IBM SECURITY QRADAR INCIDENT FORENSICS

IBM Security QRadar Risk Manager

Safeguarding the cloud with IBM Dynamic Cloud Security

QRadar SIEM 7.2 Flows Overview

Defending Against Cyber Attacks with SessionLevel Network Security

L evoluzione del Security Operation Center tra Threat Detection e Incident Response & Management

The Value of QRadar QFlow and QRadar VFlow for Security Intelligence

IBM QRadar Security Intelligence Platform appliances

Bridging the gap between COTS tool alerting and raw data analysis

Strengthen security with intelligent identity and access management

How to Choose the Right Security Information and Event Management (SIEM) Solution

Breaking down silos of protection: An integrated approach to managing application security

Protecting the Infrastructure: Symantec Web Gateway

AMPLIFYING SECURITY INTELLIGENCE

Addressing Security for Hybrid Cloud

and Security in the Era of Cloud

What is Security Intelligence?

Secure Cloud-Ready Data Centers Juniper Networks

INCREASE NETWORK VISIBILITY AND REDUCE SECURITY THREATS WITH IMC FLOW ANALYSIS TOOLS

Q1 Labs Corporate Overview

IBM Security QRadar SIEM Product Overview

White Paper. Intelligent DDoS Protection Use cases for applying DDoS Intelligence to improve preparation, detection and mitigation

El costo oculto de las aplicaciones Vulnerables. Faustino Sanchez. WW Security Sales Enablement. IBM Canada

McAfee Network Security Platform

Symantec Enterprise Firewalls. From the Internet Thomas Jerry Scott

Barracuda Intrusion Detection and Prevention System

QRadar SIEM and Zscaler Nanolog Streaming Service

Unified Security, ATP and more

The Current State of Cyber Security

BigData Analytics per la sicurezza delle Infrastrutture Critiche

Cybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix

Effectively Using Security Intelligence to Detect Threats and Exceed Compliance

Risk-based solutions for managing application security

Extending security intelligence with big data solutions

Leverage security intelligence for retail organizations

How To Protect Your Network From Attack From A Virus And Attack From Your Network (D-Link)

IBM Software Choosing the right virtualization security solution

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

On and off premises technologies Which is best for you?

Cisco RSA Announcement Update

Comparison of Firewall, Intrusion Prevention and Antivirus Technologies

Game changing Technology für Ihre Kunden. Thomas Bürgis System Engineering Manager CEE

Leveraging security from the cloud

Security Intelligence Solutions

Boosting enterprise security with integrated log management

Application Security from IBM Karl Snider, Market Segment Manager March 2012

Analyzing HTTP/HTTPS Traffic Logs

Requirements When Considering a Next- Generation Firewall

Content-ID. Content-ID URLS THREATS DATA

SANS Top 20 Critical Controls for Effective Cyber Defense

IBM Security. Alle Risiken im Blick und bessere Compliance Kumulierte und intelligente Security Alerts mit QRadar Security Intelligence

Concierge SIEM Reporting Overview

QRadar Security Intelligence Platform Appliances

Choose Your Own - Fighting the Battle Against Zero Day Virus Threats

NetDefend Firewall UTM Services

Networking for Caribbean Development

Securing the Cloud infrastructure with IBM Dynamic Cloud Security

Niara Security Analytics. Overview. Automatically detect attacks on the inside using machine learning

Extreme Networks: A SOLUTION WHITE PAPER

Proactively protecting your messaging infrastructure with the IBM Lotus Protector for Mail Security solution.

NetDefend Firewall UTM Services

Threat Center. Real-time multi-level threat detection, analysis, and automated remediation

How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

Extreme Networks Security Analytics G2 Vulnerability Manager

On-Premises DDoS Mitigation for the Enterprise

10 Things Every Web Application Firewall Should Provide Share this ebook

REVOLUTIONIZING ADVANCED THREAT PROTECTION

The Advanced Attack Challenge. Creating a Government Private Threat Intelligence Cloud

A Layperson s Guide To DoS Attacks

QRadar SIEM and FireEye MPS Integration

How To Protect Your Network From Intrusions From A Malicious Computer (Malware) With A Microsoft Network Security Platform)

Providing Secure IT Management & Partnering Solution for Bendigo South East College

Find the needle in the security haystack

How To Buy Nitro Security

Benefits. Product Overview. There is nothing more important than our customers. DATASHEET

Cisco Security Intelligence Operations

Transcription:

Introducing IBM s Advanced Threat Protection Platform Introducing IBM s Extensible Approach to Threat Prevention Paul Kaspian Senior Product Marketing Manager IBM Security Systems 1 IBM NDA 2012 Only IBM Pending Corporation Launch

The Advanced Threat Protection Platform Security Intelligence Platform Log Manager SIEM Network Activity Monitor Risk Manager Threat Intelligence and Research Vulnerability Data Malicious Websites Malware Information IP Reputation Advanced Threat Protection Platform Intrusion Prevention Content Web Network and Data Application Anomaly Security Protection Detection Application Control Q1 Q2 Q3 IBM Network Security Advanced Threat Protection Platform Ability to prevent sophisticated threats and detect abnormal network behavior by leveraging an extensible set of network security capabilities - in conjunction with real-time threat information and Security Intelligence Expanded X-Force Threat Intelligence Increased coverage of world-wide threat intelligence harvested by X-Force and the consumption of this data to make smarter and more accurate security decisions across the IBM portfolio Security Intelligence Integration Tight integration between the Advanced Threat Protection Platform and QRadar Security Intelligence platform to provide unique and meaningful ways to detect, investigate and remediate threats

Q1 2012: The Introduction of Hybrid Protection Simplify your IPS strategy and deployment by migrating your custom SNORT rules to IBM Security Network IPS appliances Hybrid protection combines market leading X-Force Protocol Analysis with the ability to create and import custom SNORT rules Proven protection beyond traditional IPS including protection from advanced threats such as browser attacks, data leakage, and malicious web applications designed to evade most security technologies Make the move to IBM Security Network IPS and Hybrid Protection Take your custom rules with you! Custom Rules Custom Rules

Q2 2012: The Introduction of QRadar Network Anomaly Detection QRadar Network Anomaly Detection is a new QRadar product that brings Increased security insight to IBM Security SiteProtector and IBM Security Network IPS The addition of QRadar s behavioral analytics and real-time correlation helps better detect and prioritize stealthy attacks Comprehensive Approach SiteProtector as core for command & control QRadar Network Anomaly Detection for enhanced analytics QRadar QFlow and VFlow Collectors provide network awareness via deep packet inspection Integrated policy management & workflows within SiteProtector facilitate a rapid response to threat and more proactive visibility

The challenging state of network security Stealth Bots Targeted Attacks Worms Trojans Designer Malware SOPHISTICATED ATTACKS Increasingly sophisticated attacks are using multiple attack vectors and increasing risk exposure STREAMING MEDIA Streaming media sites are consuming large amounts of bandwidth SOCIAL NETWORKING Social media sites present productivity, privacy and security risks including new threat vectors URL Filtering IDS / IPS IM / P2P Web App Protection Vulnerability Management POINT SOLUTIONS Point solutions are siloed with minimal integration or data sharing

Attack Vectors

Network Defense: Traditional solutions not up to today s challenges Current Limitations Threats continue to evolve and standard methods of detection are not enough Streaming media sites and Web applications introduce new security challenges Basic Block Only mode limits innovative use of streaming and new Web apps Poorly integrated solutions create security sprawl, lower overall levels of security, and raise cost and complexity Internet Stealth Bots Worms, Trojans Targeted Attacks Designer Malware Firewall/VPN port and protocol filtering Requirement: Multi-faceted Protection 0-day threat protection tightly integrated with other technologies i.e. network anomaly detection Ability to reduce costs associated with nonbusiness use of applications Controls to restrict access to social media sites by a user s role and business need Augment point solutions to reduce overall cost and complexity Email Gateway message and attachment security only Everything Else Web Gateway securing web traffic only, port 80 / 443 Multi-faceted Network Protection security for all traffic, applications and users

How to protect today's networks from tomorrows threats Web Category Protection Allow marketing and sales teams to access social networking sites Server Network Web Applications Non-web Applications Access Control Protocol Aware Intrusion Protection Client-Side Protection Block attachments on all outgoing emails and chats A more strict security policy is applied to traffic from countries where I do not do business Geography Reputation Botnet Protection Advanced inspection of web application traffic destined to my web servers User or Group Network Awareness Web Protection Block known botnet servers and phishing sites Reputation Allow, but don t inspect, traffic to financial and medial sites Who What Controls Security 172.29.230.15, 192.168.0.0 /16 80, 443,25, 21, 2048-65535? July

Introducing IBM Security Network Protection XGS 5000 NEW WITH XGS NEW WITH XGS PROVEN SECURITY ULTIMATE VISIBILITY COMPLETE CONTROL Extensible, 0-Day protection powered by X-Force Understand the Who, What and When for all network activity Ensure appropriate application and network use IBM Security Network Protection XGS 5000 builds on the proven security of IBM intrusion prevention solutions by delivering the addition of next generation visibility and control to help balance security and business requirements

Proven Security: Extensible, 0-Day Protection Powered by X-Force Next Generation IPS powered by X-Force Research protects weeks or even months ahead of the threat Full protocol, content and application aware protection goes beyond signatures Expandable protection modules defend against emerging threats such as malicious file attachments and Web application attacks When we see these attacks coming in, it will shut them down automatically. Melbourne IT [The IBM Threat Protection Engine] defended an attack against a critical government network another protocol aware IPS missed Government Agency IBM Security Network Protection XGS 5000 IBM Security Threat Protection Vulnerability Modeling & Algorithms Stateful Packet Inspection Port Variability Port Assignment Port Following Protocol Tunneling Application Layer Preprocessing Shellcode Heuristics Context Field Analysis RFC Compliance Statistical Analysis TCP Reassembly & Flow Reassembly Host Response Analysis IPv6 Tunnel Analysis SIT Tunnel Analysis Port Probe Detection Pattern Matching Custom Signatures Injection Logic Engine Backed by X-Force 15 years+ of vulnerability research and development Trusted by the world s largest enterprises and government agencies True protocol-aware intrusion prevention, not reliant on signatures Specialized engines Exploit Payload Detection Web Application Protection Content and File Inspection Ability to protect against the threats of today and tomorrow

Ultimate Visibility: Understanding Who, What and When Immediately discover which applications and web sites are being accessed Quickly Identify misuse by application, website, user, and group Understand who and what are consuming bandwidth on the network Network Traffic and Flows Employee B Employee A Employee C Good Application Good Application Bad Application Superior detection of advanced threats through integration with QRadar for network anomaly and event details We were able to detect the Trojan Poison Ivy within the first three hours of deploying IBM Security Network Protection Australian Hospital Network Flow Data provides real time awareness of anomalous activities and QRadar integration facilitates enhanced analysis and correlation Complete Identity Awareness associates valuable users and groups with their network activity, application usage and application actions Application Awareness fully classifies network traffic, regardless of address, port, protocol, application, application action or security event Increase Security Reduce Costs Enable Innovation

Complete Control: Overcoming a Simple Block-Only Approach Network Control by users, groups, systems, protocols, applications & application actions Block evolving, high-risk sites such as Phishing and Malware with constantly updated categories Comprehensive up-to-date web site coverage with industry-leading 15 Billion+ URLs (50-100x the coverage comparatively) Rich application support with 1000+ applications and individual actions We had a case in Europe where workers went on strike for 3 days after Facebook was completely blocked so granularity is key. IBM Business Partner Limit the use of social networking, file sharing, and web mail for common users Allow full access to social networking sites for marketing and HR teams Flexible network access policies controls access to systems and applicable security policy Stop broad misuse of the corporate network by blocking sites that introduce undue risk and cost

The XGS 5000: The Best Solution for Threat Prevention Better Network Control Natural complement to current Firewall and VPN Not rip-and-replace works with your existing network and security infrastructure More flexibility and depth in security and control over users, groups, networks and applications Internet Stealth Bots Worms, Trojans Targeted Attacks Designer Malware Firewall/VPN port and protocol filtering Better Threat Protection True Protocol aware Network IPS Higher level of overall security and protection More effective against 0-day attacks Best of both worlds true protocol and heuristicbased protection with customized signature support Email Gateway message and attachment security only Everything Else Web Gateway securing web traffic only, port 80 / 443 IBM Security Network Protection XGS 5000 Proven Security Ultimate Visibility Complete Control IBM Security Network Protection Security for all types of traffic, applications and users

Part of IBM s vision for Advanced Threat Protection Security Intelligence Platform Log Manager SIEM Network Activity Monitor Risk Manager Threat Intelligence and Research Vulnerability Data Malicious Websites Malware Information IP Reputation Advanced Threat Protection Platform Intrusion Prevention Content Web Network and Data Application Anomaly Security Protection Detection Application Control IBM Network Security Advanced Threat Protection Platform Ability to prevent sophisticated threats and detect abnormal network behavior by leveraging an extensible set of network security capabilities - in conjunction with real-time threat information and Security Intelligence Expanded X-Force Threat Intelligence Increased coverage of world-wide threat intelligence harvested by X-Force and the consumption of this data to make smarter and more accurate security decisions across the IBM portfolio Security Intelligence Integration Tight integration between the Advanced Threat Protection Platform and QRadar Security Intelligence platform to provide unique and meaningful ways to detect, investigate and remediate threats

ibm.com/security Copyright IBM Corporation 2012. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, 2012 product, IBM Corporation or service names may be trademarks or service marks of others.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information