IBM Global Services IBM Internet Security Systems Norberto Gazzoni Italy Channel Manager norberto_gazzoni@it.ibm.com +39 347 3499617 IBM Internet Security Systems Ahead of the threat. 2006 IBM Corporation
IBM Security Innovation IBM has developed several comprehensive offerings & delivery capabilities across the framework today we will review the following: Governance, Risk & Compliance Processes for managing Security & Privacy, and Risk & Compliance across the organization. Assessments & strategy to determine capabilities, gaps, next steps Data security Processes for data / back-up encryption, content security, as well as protecting the security of information about the business and its customers, employees and partners Threat Mitigation Processes for managing access and threats to networking capabilities, including wireless networks & Host, end user systems Threat Mitigation Governance Privacy Transaction and Data Integrity Identity & Access management Processes for provisioning and monitoring users, and granting or restricting their access to business assets or resources Identity & Access Management Application Security Physical security & DVS Complete offerings to architect & implement complex digital video surveillance solutions. Integration of logical & physical security via Universal/Smart ID s. Physical Security Personnel Security
The Evolving Threat e-crime Big business driven by profit Innovation to capture new markets (victims) Victim segmentation and focus Stealth is the new black
The Evolving Enterprise: Heterogeneity = Security Risk Past Present + Network Tens of targets Megabits of traffic Thousands of targets Gigabits of traffic Applications Tens of applications Web, mail, domain name server (DNS) Hundreds of applications custom protocols, payroll, trading Policy Inside and outside groups default deny Hundreds of groups default allow The evolving enterprise (networks, applications and systems) pose a unique challenge not satisfactorily addressed by traditional REACTIVE technologies and approaches
The Silo Problem: Point Solutions no longer provide an effective defense against today s complex threats Spam AntiVirus Malware SpyWare Etc Issue of: Complexity, Scalability, Reporting No longer addresses complex security issues
X-Force R&D Drives IBM Internet Security Systems Security Innovation X-Force Protection Engine Extensions to existing Engines New Protection Engine Creation Products Services Original Vulnerability Research Public Vulnerability Analysis Malware Analysis Threat Landscape Forecasting Protection Technology Research X-Force XPU s Security Content Update Doc Security Content Update QA Solutions X-Force Intelligence X-Force Database Feed Monitoring and Collections Intelligence Sharing X-Force Security Content Integrated Intelligence Research Technology Solutions Security Innovation
MS Plug and Play / Zotob Timeline 4/13/2005 ISS implements protection for MS PnP vulnerability into ISS products. ISS Virtual Patch protection begins. 8/9/2005 Microsoft publicly announces vulnerability and availability of a patch. 8/11/2005 Plug and Play exploits become public 8/13/2005 Zotob Bot runs rampant and causes damage to organizations worldwide. ISS customers enjoy protection since 4/13/2005. 4/13/2005 Others do not have internal research to find and understand vulnerabilities; therefore, they have no knowledge of the MS Plug and Play vulnerability. 8/9/2005 Other claim preemptive protection through broad blocking and alerting methods which are prone to false positives and false negatives 8/11/2005 Plug and Play exploits become public 8/13/2005 Zotob Bot propagates, some competition see the bot, but none of the (many) variants, resulting in continuous updates offering little to no zero day coverage. 8/16/2005 Exploit-based signatures released to reactively protect against the Zotob Bot
Professional Security Services A Proven Methodology Phase 5. Education Action: Education of organization on security best practices and best-of-breed technology. Result: Ensures employees understand their responsibilities with security best practices and regulatory compliance. Phase 4. Management and Support Action: Management of security program to serve business role. Result: Insures gaps remain closed and new gaps are not opened. Phase 1. Assessment Action: Assessment of the current level of information security. Result: Gap analysis between current state and requirements. Phase 2. Design Action: Design and documentation of policies, procedures and solutions to ensure protection. Result: Creation of gap closure plan. Phase 3. Deployment Action: Deployment of protection technology and services. Result: Helps client execute gap closure plan.
Proventia ESP Product & Service View
Business Challenges The Proventia Solution
Uncompromising Protection for Every Layer of Your Network
Uncompromising Protection for Every Layer of Your Network Business Challenges Managing enterprise security risk Demonstrating risk reduction and compliance Optimizing protection against existing vulnerabilities Automating the vulnerability scanning process Managing the vulnerability remediation workflow Improving efficiency and decreasing operating costs The Proventia Solution Increase network uptime and bandwidth Perform fast, accurate vulnerability scans Free up resources by automating the scan process Leverage your existing IT infrastructure Monitor vulnerability status and maintain compliance Combine with Proventia Platform for Scan and Block capabilities #1 Network VA Vendor (2005)
Uncompromising Protection for Every Layer of Your Network IBM Proventia Network Mail Security System Business Challenges Safeguard the confidentiality of your corporate information and email communication channel Shield the inboxes of your end users from spam and other productivity drainers Secure your email infrastructure from viruses and other email-based attacks The Proventia Solution Inbound and outbound content filtering with customizable policies, i.e. Credit Card / Social Security Number Detector Spam detection rate ~98%, automatically updated to control new spam techniques, including image-based spam Zero-day Virus Prevention System + integrated intrusion prevention technology
Uncompromising Protection for Every Layer of Your Network IBM Proventia Network Multi-Function Security Business Challenges Protect your business from internet threats without jeopardizing bandwidth or availability Secure your end users from spam, incompliant activity and other productivity drainers Conserve your resources by eliminating the need for special security expertise The Proventia Solution Complete protection against all types of Internet threats, with firewall, intrusion prevention, and Virus Prevention System Spam effectiveness ~95%, define Web browsing policies, filter database of +63 Million URLs in 62 categories Set and forget security, automatically updated to protect against the next threat and tailored to needs of your small business or remote offices
Uncompromising Protection for Every Layer of Your Network IBM Proventia Desktop Endpoint Security Business Challenges Mitigating business-threatening risks posed by zero-day, targeted attacks Moving to a single security agent to eliminate extra costs & management challenges of multiple vendors Protecting critical data and intellectual property Minimizing costs and lost productivity associated with remediating infected endpoints Reducing help desk calls The Proventia Solution Multi-layered preemptive protection in a single agent Mitigates against application- and network-vector attacks Patented Virus Prevention System blocks malware based on behavior, not signatures, at day zero, before it infects the endpoint Includes signature antivirus/anti-spyware signatures, in addition to preemptive technologies
Uncompromising Protection for Every Layer of Your Network Server IBM Proventia Business Challenges Managing disperse security agents Demonstrating risk and compliance Protecting critical data, intellectual property and access to vulnerable servers Maintaining server uptime along while providing strong host intrusion prevention technologies Tracking file access and changes among business critical servers The Proventia Solution Reduces security costs, protects server environments and reduces downtime Enforces corporate security policy for servers Provides out-of-the-box protection with advanced intrusion prevention and blocking Utilizes multiple layers of defense to provide preemptive protection Support operating system migration paths Protects at-risk systems before vendor-supplied patches are available Industry s broadest operating system support:
Uncompromising Protection for Every Layer of Your Network SiteProtector IBM Proventia Business Challenges Enterprise-wide view of asset, threat & vulnerability data Comprehensive visibility into network communications Securing Enterprise asset Keeping the network available, bandwidth utilization Maintaining too many security management systems Acceptable use of network resources The Proventia Solution Documents the security process Provides centralized management of high performance network security in addition to host and gateway devices Ease of use through console consolidation Offers visibility through the detection system Enables keeping ahead of rising standard of due care Keeps workflow support for policy mgmt, incident response and vulnerability remediation
Integrated Products Proventia Network MFS MX5010, MX3006, MX1004 All-in-One Protection Appliance - IDS/IPS - FW / VPN - AntiVirus (signature & behavioral) - AntiSpam - Web Filter - Spyware Proventia ADS Series Anomaly/Behavioral Protection and Network Visability Appliances Proventia Network IPS Preemptive Security for Enterprise Networks GX4002, GX4004, GX5008, GX5108 G400, G2000 Proventia Server Multi-layered Protection Agent Windows Linux RealSecure Server Sensor Windows Solaris AIX HP-UX Proventia Desktop All-in-One Protection Agent - Firewall - Virus Prevention System - Intrusion Protection - VPN Enforcer - Buffer Overflow Protection
The Next Generation Of MSS
The Next Generation Of MSS
IBM ISS Managed Security Services Offerings Managed Protection Services offer the most comprehensive protection services for networks, servers, and desktops, featuring the industry's only money-back cash payment. Managed and Monitored Firewall Services offers 24/7/365 expert daily management of a variety of firewall platforms. Managed IDS/IPS Services provides 24/7/365 monitoring, intrusion detection, and prevention, as well as incident response services for networks and servers. Vulnerability Management Service performs regularly-scheduled, automated scans of internal and external devices for hundreds of known security vulnerabilities. Security Event and Log Management Services provides all the benefits of a security event management product suite without the expensive upfront capital investments and on-going overhead. Managed E-mail and Web Security Services is designed to provide a variety of solutions to enhance clients existing security posture, help prevent viruses, and spam, and control unwanted content in e-mail. Fixed price/scope, allows for quick turn-up, Performance-based SLAs
Industry Leading Customer Support Serving over 12,000 customers worldwide, ISS is dedicated to providing the industry leading security support required to stay Ahead of the Threat. First in the IT industry to be recognized by J.D. Power and Associates for globally delivering excellent technology service and support under the Certified Technology Service and Support (CTSS) Program With a satisfaction rate of 94%, ISS is first in the security industry to receive Global SCP Certification The ISS support management team serves on the SSPA Advisory Board An Outstanding Customer Service Experience J.D. Power and Associates Certified Technology and Support Program SM, developed in conjunction with the Service & Support Professionals Association (SSPA). For more information, visit www.jdpower.com or the sspa.com.
The Industry Pundits Applaud ISS Innovation IPS capabilities are excellent, demonstrating wide coverage and good resistance to evasion techniques. ISS was the ONLY vendor to score a perfect 5 in the security effectiveness category. The G2000 exceeded maximum rated throughput and blocked 100% of malicious traffic. ISS is the leader in Worldwide IDS/IPS for the 5th Consecutive Year. The leader in Network Intrusion Control Systems (IDS/IPS). ISS wins the Technology Leadership Award in Host IPS & the Market Leadership Award in Network IPS for 2005.