IBM Protocol Analysis Module



Similar documents
IBM Security Network Intrusion Prevention System

IBM Security Intrusion Prevention Solutions

IBM Endpoint Manager for Core Protection

Introducing IBM s Advanced Threat Protection Platform

CYBERTRON NETWORK SOLUTIONS

IBM Security re-defines enterprise endpoint protection against advanced malware

IBM Security X-Force Threat Intelligence

IBM Security Network Intrusion Prevention System

Emerging Network Security Threats and what they mean for internal auditors. December 11, 2013 John Gagne, CISSP, CISA

Application Firewall Overview. Published: February 2007 For the latest information, please see

IBM Security Network Protection

IBM Advanced Threat Protection Solution

IBM Rational AppScan: Application security and risk management

Certified Ethical Hacker Exam Version Comparison. Version Comparison

IBM Tivoli Endpoint Manager for Security and Compliance

Barracuda Intrusion Detection and Prevention System

IBM Tivoli Endpoint Manager for Lifecycle Management

The Cyber-threat Landscape in 1H 2010

White paper December Addressing single sign-on inside, outside, and between organizations

Security Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis?

Integrated Network Vulnerability Scanning & Penetration Testing SAINTcorporation.com

Firewalls, Tunnels, and Network Intrusion Detection. Firewalls

Firewalls, Tunnels, and Network Intrusion Detection

IBM Tivoli Endpoint Manager for Security and Compliance

CS5008: Internet Computing

WHITE PAPER. Understanding How File Size Affects Malware Detection

Staying a step ahead of the hackers: the importance of identifying critical Web application vulnerabilities.

Comparison of Firewall, Intrusion Prevention and Antivirus Technologies

A Decision Maker s Guide to Securing an IT Infrastructure

Where every interaction matters.

Web site security issues White paper November Maintaining trust: protecting your Web site users from malware.

Web application security: automated scanning versus manual penetration testing.

WEB ATTACKS AND COUNTERMEASURES

The Key to Secure Online Financial Transactions

Contemporary Web Application Attacks. Ivan Pang Senior Consultant Edvance Limited

COORDINATED THREAT CONTROL

Streamlining Web and Security

IBM Tivoli Endpoint Manager for Lifecycle Management

Recommended Practice Case Study: Cross-Site Scripting. February 2007

Guidance Regarding Skype and Other P2P VoIP Solutions

The Top Web Application Attacks: Are you vulnerable?

What is Web Security? Motivation

Securing mobile devices in the business environment

Web App Security Audit Services

IBM Tivoli Remote Control

IBM Security QRadar Vulnerability Manager

How Web Application Security Can Prevent Malicious Attacks

Reducing the cost and complexity of endpoint management

Reference Architecture: Enterprise Security For The Cloud

WHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats

Web Application Security. Radovan Gibala Senior Field Systems Engineer F5 Networks

Types of cyber-attacks. And how to prevent them

Certified Ethical Hacker (CEH) Ethical Hacking & Counter Measures Course 9962; 5 Days, Instructor-Led

Service management White paper. Manage access control effectively across the enterprise with IBM solutions.

WEB SECURITY. Oriana Kondakciu Software Engineering 4C03 Project

10 Things Every Web Application Firewall Should Provide Share this ebook

Defending Against Cyber Attacks with SessionLevel Network Security

Beyond passwords: Protect the mobile enterprise with smarter security solutions

IBM Security Strategy

Cybercrime: evoluzione del malware e degli attacchi. Cesare Radaelli Regional Sales Manager, Italy cradaelli@paloaltonetworks.com

CSCI 4250/6250 Fall 2015 Computer and Networks Security

Network Security and the Small Business

IBM X-Force 2012 Cyber Security Threat Landscape

Cyber Security In High-Performance Computing Environment Prakashan Korambath Institute for Digital Research and Education, UCLA July 17, 2014

FINAL DoIT v.4 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS APPLICATION DEVELOPMENT AND MAINTENANCE PROCEDURES

The Cyber Threat Profiler

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

Tespok Kenya icsirt: Enterprise Cyber Threat Attack Targets Report

Leveraging security from the cloud

Application Security Backgrounder

Selecting the right cybercrime-prevention solution

white paper Malware Security and the Bottom Line

Networking for Caribbean Development

IPv6 SECURITY. May The Government of the Hong Kong Special Administrative Region

Getting Ahead of Malware

Web application security Executive brief Managing a growing threat: an executive s guide to Web application security.

Creating Stronger, Safer, Web Facing Code. JPL IT Security Mary Rivera June 17, 2011

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM

WEBTHREATS. Constantly Evolving Web Threats Require Revolutionary Security. Securing Your Web World

REAL-TIME WEB APPLICATION PROTECTION. AWF SERIES DATASHEET WEB APPLICATION FIREWALL

IBM Software Choosing the right virtualization security solution

White Paper. McAfee Web Security Service Technical White Paper

Breaking down silos of protection: An integrated approach to managing application security

IBM Security QRadar Risk Manager

IBM Security Network Protection

Detailed Description about course module wise:

Chapter 9 Firewalls and Intrusion Prevention Systems

CRYPTUS DIPLOMA IN IT SECURITY

IBM Security Privileged Identity Manager helps prevent insider threats

Web Application Threats and Vulnerabilities Web Server Hacking and Web Application Vulnerability

Safeguarding the cloud with IBM Security solutions

IBM Security QRadar Risk Manager

Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs

Strengthen security with intelligent identity and access management

NSFOCUS Web Application Firewall White Paper

Sitefinity Security and Best Practices

NETASQ & PCI DSS. Is NETASQ compatible with PCI DSS? NG Firewall version 9

Transcription:

IBM Protocol Analysis Module The protection engine inside the IBM Security Intrusion Prevention System technologies. Highlights Stops threats before they impact your network and the assets on your network such as servers, desktops and network infrastructure. Protects end users against exploits hidden in applications used everyday such as document formats, spreadsheets, presentations, multimedia files and web browsers. Modular extensible framework that allows the addition of new security technology and functionality as threats evolve. Staying ahead of the threat stopping Internet threats before they impact your business. The IBM Security Intrusion Prevention System (IPS) technologies stop Internet threats before they impact your business. The basis for our unique form of security lies in our engine, the IBM Protocol Analysis Module (PAM), which enables preemptive protection against a wide variety of Internet threats. PAM is built upon years of security intelligence gathered by the IBM X-Force research and development team. The X-Force is a world-renowned security research organization dedicated to proactive examination of threats and the underlying software vulnerabilities they seek to exploit. With its modular extensible framework, PAM is constantly evolving to block your most challenging security threats, eliminating the need to purchase additional point solutions. Backed by the world-renowned IBM X-Force research and development team, PAM is regularly and automatically infused with new security intelligence to keep you ahead of the latest threats. Other solutions can only hope to match individual protection signatures with exploits a process that is too slow to stop evolving threats and results in higher rates of false positives and false negatives.

DNS POISONING IBM Software IBM Protocol Analysis Modular Technology FEATURING VIRTUAL PATCH TECHNOLOGY APPLICATION CONTROL VIRUS Client-side Application Protection Web Application Protection Threat Detection and Prevention Data Security Application Control IBM Protocol Analysis Modular Technology What It Does: Client-side Application Protection Web Application Protection Threat Detection and Prevention Data Security Shields vulnerabilities from exploitation independent of a software patch and provides the security you need to eliminate the patching fire drills for new threats. Critical systems should still be patched, but now you can execute your own tested processes for patch management. If your patch management process doesn t live up to best practices, IBM can help integrate endpoint management into a holistic approach to security that includes network, servers and clients. Protects end users against attacks targeting applications used everyday such as Microsoft Office files, Adobe PDF files Multimedia files and Web browsers. Protects web servers against sophisticated application-level attacks such as SQL Injection, XSS (Cross-site scripting), PHP file-includes, CSRF (Cross-site request forgery). Detects and prevents entire classes of threats as opposed to a specific exploit or vulnerability. Monitors and identifies unencrypted personally identifiable information (PII) and other confidential information for data awareness. Also provides capability to explore data flow through the network to help determine if any potential risks exist. Manages control of unauthorized applications and risks within defined segments of the network, such as ActiveX fingerprinting, Peer To Peer, Instant Messaging, and tunneling. 2

PAM has the ability to monitor, detect or prevent the following classes of network threats: Classes of Threats Monitor Detect Prevent Application Attacks Attack obfuscation Buffer overflow attacks Cross-site scripting attacks Data leakage Database attacks DoS and DDoS attacks Drive-by downloads Insider threats Instant messaging Malicious document types Malicious media files Operating system attacks Peer to peer Protocol tunneling SQL injection attacks Web browser attacks Web server attacks 3

In order to address these attack categories, PAM employs multiple intrusion prevention technologies working in tandem, including: Port assignment Port following Protocol analysis Protocol tunneling Pattern matching Content Analysis Injection Logic Engine Shellcode Heuristics RFC compliance checking TCP reassembly Flow assembly Primary network threats stopped by the IBM Protocol Analysis Module While Internet threats continue to evolve, older attack methods cannot be discounted and many attackers build upon known intrusion techniques to evade detection. The IBM Protocol Analysis Module is dedicated to stopping the following list of Internet threats: Internet Attack Types What Makes It Dangerous PAM Module That Stops It Backdoors Botnets Client Side Attacks Cross-site scripting Distributed Denial of service (DDoS) Provides system entry points that bypass traditional login verification. Collections of compromised computers that perform tasks at the behest of a controller usually with malicious intent to spread spam and/or malware. Exploits affecting the operating system or applications running on personal computers. Exploits could target e-mail clients, Web browsers, document viewers, and multimedia applications. A Web-based exploit used to embed malicious code into a supposedly legitimate link that can execute on a user s computer, typically in an attempt to steal information. Utilizes a multitude of compromised systems to attack a single target with a flood of messages to shut the target system down Web Application Protection 4

Internet Attack Types What Makes It Dangerous PAM Module That Stops It Insider threats Instant Messaging Malicious content Malicious e-mail Peer to Peer (P2P) networks Protocol tunneling Reconnaissance Root kits Spam Spear Phishing SQL injection Trojans Worms Zero Day Attacks Internal users can introduce viruses, worms and Trojans into a network, or attempt to steal proprietary data Can be used to introduce Trojans, viruses and other malware into the network. Malicious multimedia and shell code attackers embed in documents. A common carrier for spyware and phishing scams that entice users to visit malicious Web sites, and then potentially introduce malware to the network. Facilitates the transfer of files infected with Trojans and viruses designed to introduce denial of service attacks and corrupt data. Layers malicious data usually within a higher level protocol, allowing it to traverse network segments where lower level protocols might be blocked. A collection of threats including brute force, enumeration, password guessing and port scans A collection of tools or programs that provide hackers with administrator level privileges or root access to a network or system. Unsolicited email usually sent in bulk messages across the Internet. A carefully crafted attack targeting high value targets with the purpose of stealing confidential information. Piggybacks malicious SQL code on intended commands through the dynamic logic layer of a Web application in order to trick the application into providing database access Harbor dangerous code inside apparently harmless programming or data. Virus that self-replicates by resending itself as an e-mail attachment or part of a network message. Threats that attempt to exploit undisclosed vulnerabilities before software vendors are able to provide a patch. Data Security Web Application Protection 5

Multilayered prevention technologies within the IBM Protocol Analysis Module PAM combines the power of multiple threat prevention technologies all working in concert to stop Internet threats. PAM utilizes the following attack prevention methods: Attack Prevention Methods Browser Exploit Prevention Content Analysis Flow Assembly Injection Logic Engine Port Assignment Port Following Protocol Analysis What It Means Prevents attacks to Web browsers using JavaScript obfuscation. Inspects and blocks unencrypted data in your network using predefined and custom signatures. This technology provides the ability to create compound data-set search inspections and inspect compound documents including Microsoft Office documents, PDFs, Zip files and over 10 different protocols. Analyzes the entire network connection not just the individual packets to block malicious traffic that may have been inserted into the communication stream to take advantage of an open connection. Flow assembly complements TCP reassembly by analyzing traffic at a higher level to prevent advanced threats. Heuristically identifies malicious injection attempts such as SQL injection and shell command injection. Covers current and future vulnerabilities without signature updates. IPS should not assume that a particular type of traffic will appear on a particular TCP/IP port. If they do and the traffic type matches the assumed port, and is allowed through, attackers could gain access. IBM Security IPS products inspect all traffic regardless of the port that traffic is destined to. Tracks communication sessions to ensure that the port initially used to establish a connection is the only one used. This prevents attackers who access an open port with authentic credentials from connecting to another open port to transfer data unnoticed. Examines network traffic for deviant behavior that does not match accepted norms and can decode protocols down to Layer 2 of the OSI model. Protocol analysis enables IBM Security IPS products to detect anomalous behavior without relying on signatures. PAM Module That Supports It Data Security Web application Protection 6

Attack Prevention Methods Protocol tunneling RFC compliance checking Shellcode Hueristics Stateful pattern matching TCP reassembly What It Means Sometimes used in conjunction with port assignment, IBM Security IPS products detect and prevent protocol tunneling to find malicious and/or proprietary data embedded in higher level protocols that could be allowed to traverse network segments where lower level protocols might be blocked. Protocol tunneling prevents attackers from bypassing firewalls to gain uncontested network access and prevents both insiders and attackers from establishing and using tunnels to extract data from within a corporation. Compares traffic against RFC standards for network communications between hosts, applications and the network stack. If the traffic does not conform, IBM Security IPS products will block it. Identifies and stops malicious code based on its behavior, rather than matching a particular attack signature or pattern. Heuristics can prevent evolving threats, which will change minor aspects of their signatures to bypass traditional IPS solutions. Uses advanced algorithms to detect attack patterns but only in particular portions of traffic where an attack could actually exist greatly reducing false positives. IBM Security IPS products use stateful pattern matching in conjunction with heuristics to prevent evolving threats that change their patterns to evade detection. Reassembles network packets, examining them for potential threats. PAM Module That Supports It 7

The IBM Protocol Analysis Module advantage The IBM Protocol Analysis Module within the IBM Security IPS technologies is the result of continuous research into the nature of vulnerabilities and attack methods. As threats continue to evolve, but older exploits never truly become extinct, IBM constantly strengthens the PAM engine with technologies designed to block entire classes of threats both new and old. For more information To learn more about and preemptive protection, please contact your IBM Sales representative or IBM Business Partner, or visit the following Web site: ibm.com/tivoli/solutions/threat-mitigation. About software from IBM software from IBM helps organizations efficiently and effectively manage IT resources, tasks and processes to meet ever-shifting business requirements and deliver flexible and responsive IT service management, while helping to reduce costs. The portfolio spans software for security, compliance, storage, performance, availability, configuration, operations and IT life-cycle management, and is backed by world-class IBM services, support and research. Additionally, financing solutions from IBM Global Financing can enable effective cash management, protection from technology obsolescence, improved total cost of ownership and return on investment. Also, our Global Asset Recovery Services help address environmental concerns with new, more energy-efficient solutions. For more information on IBM Global Financing, visit: ibm.com/financing Copyright IBM Corporation 2010 IBM Corporation Software Group Route 100 Somers, NY 10589 U.S.A. Produced in the United States of America May 2010 All Rights Reserved IBM, the IBM logo, ibm.com, and X-Force are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both. If these and other IBM trademarked terms are marked on their first occurrence in this information with a trademark symbol ( or ), these symbols indicate U.S. registered or common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries. A current list of IBM trademarks is available on the Web at Copyright and trademark information at ibm.com/legal/copytrade.shtml Java and all Java-based trademarks and logos are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both. Microsoft is a trademark of Microsoft Corporation in the United States, other countries, or both. Other product, company or service names may be trademarks or service marks of others. References in this publication to IBM products and services do not imply that IBM intends to make them available in all countries in which IBM operates. Product data has been reviewed for accuracy as of the date of initial publication. Product data is subject to change without notice. Any statements regarding IBM s future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only. The information provided in this document is distributed as is without any warranty, either express or implied. IBM expressly disclaims any warranties of merchantability, fitness for a particular purpose or noninfringement. IBM products are warranted according to the terms and conditions of the agreements (e.g. IBM Customer Agreement, Statement of Limited Warranty, International Program License Agreement, etc.) under which they are provided. The customer is responsible for ensuring compliance with legal requirements. It is the customer s sole responsibility to obtain advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulatory requirements that may affect the customer s business and any actions the customer may need to take to comply with such laws. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the customer is in compliance with any law or regulation. Please Recycle WGD03001-USEN-00

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information