IBM Internet Security Systems Technical Overview

IBM Internet Security Systems
IBM ISS Overview
THE VEHICLE THE SKILL THE SOLUTION
© Copyright IBM Corporation 2007

Agenda
The Evolving Threat
IBM Security Framework & IBM ISS Protection Platform
IBM X-Force Security Research & Development
IBM ISS Proventia Security Products & Solutions
IBM Data Security Solutions
Break
IBM ISS Professional Security Services
IBM ISS Managed Security Services
2 Customer Presentation | Feb 2008 © Copyright IBM Corporation 2007

The Security “Perfect” Storm

The evolving threat
- From notoriety to profit motive
The productivity machine
- Business enhancements = risk
Security costs growing 3x faster than IT budgets
- Point product approaches no longer scale
Accelerated growth of IP-aware networks
- Accelerates IT risk
Rapid growth in data
- Data is the new currency
Compliance mandates
- Driving costs and spending
The State of Evolving Threats

Expanding e-crime
- Big business driven by profit
- Innovation to capture new
markets (victims)
- Victim segmentation and focus
- Stealth is the new “black”
- Rate of attacks is accelerating
- Form of attack is more
malicious
- Attacks are “designer”
in Nature

The real security problem

New Methods and Motives:
Adding to the complexity and sheer number of risks
Compliance Spending: IT Innovation:

Investing in more point Requiring new ways to
products to solve more secure the new ways
point problems we collaborate
Flexibility in
The Global Economy: Business Methods:
Driving new security To improve operations
support requirements and serve customers
Complexity remains the biggest security challenge!*

Integration is key to managing the cost and complexity of the evolving landscape
*InformationWeek 2008 Security Survey

Not all risks are created equally
Frequency of
Occurrences
Per Year Virus
Data Corruption
Worms Disk Failure

frequent
1,000
Application Outage
100 System Availability Failures
Lack of governance
Network Problem
10 Failure to meet
Failure to meet Industry standards
1 Terrorism/Civil Unrest
Compliance Mandates
1/10 Workplace inaccessibility Natural Disaster
infrequent
1/100 Regional Power Failures

Pandemic
1/1,000 Building Fire
1/10,000 $1 $10 $100 $1,000 $10k $100k $1M $10M $100M

low Consequences (Single Occurrence Loss) in Dollars per Occurrence high
1/100,000

Neither are all Security Solutions…
Find a balance between effective

security and cost Cost
Pressure
- The axiom… never spend $100 dollars on a
Complexity
fence to protect a $10 horse
Studies show the Pareto Principle Effectiveness
(the 80-20 rule) applies to IT security*

- 87% of breaches were considered avoidable
Agility
through reasonable controls*
Small set of critical security controls
provide a disproportionately high Time
amount of coverage
- Critical controls address risk at every layer of
the enterprise *Sources: W.H. Baker, C.D. Hylender, J.A. Valentine, 2008 Data Breach
Investigations Report, Verizon Business, June 2008
ITPI: IT Process Institute, EMA December 2008
- Organizations that use critical security

controls have significantly higher
performance*

To address these concerns, CIOs are developing contingency

plans for their IT organizations
CIO strategies for managing in an uncertain environment include:
Cutting operating expense
Postponing long-term projects in favor of near-term return on
investment (ROI)
Deferring or reducing capital expenditures
Revisiting existing service contracts
Seeking productivity increases in their existing infrastructure
Postponing hiring of additional IT staff
Postponing the launch of new initiatives
…CIOs are being challenged to realize near term cost reductions while continuing
to drive structural change

Security Optimization can help gain operational efficiencies and IT capacity --

to save money and increase investments in new solutions
IT Spending – Liberating Funds
100%
New Solutions Liberated funding

for direct saving or
transformational
investment
Strategic Change
IT Spending
Application Enhancements Capacity
New Solutions
Cost of
Operations
Operations Support
“Security Application Enhancements
Optimization
Services” Operations Support
Operations Maintenance
Operations Maintenance

Optimization of Security and Resiliency
Redefine and Simplify Risk and Risk Management

- Re-evaluating business priorities to balance risk in light of
evolving challenges and business Requirements
Establish a Total Security Framework and Solutions Portfolio

- Take Inventory of current security and continuity practices
- Leverage innovation and integration and global expertise
Simplify the Security & Risk Lifecycle

- Aligning with business processes to ensure
continuous improvement, Cost & Complexity removal
Join with a Transformative Security Partner
- Call in the experts
- Leverage global knowledge and learning


IBM Solutions for Security and Resiliency deliver sustainable

and optimized business operations
Designed to:
Enable innovation through secured,

end-to-end infrastructure and platforms
Reduce number and complexity
of required security controls
Reduce redundant security expenses
Improve organizational and operational agility
and resiliency
Leverage industry expertise to help
unify policy management
Deliver needed visibility, control
and automation
IBM Systems Group
12
IBM Security Framework
Control Description
Process for assuring access to enterprise

Identity & Access
resources has been given to the right people, at the
Management
right time
Capability enabling use of pre-existing investments
Encryption and Key
by providing central management of encryption
Management
keys
Capability that allows for granular protection of
Database Protection
data in test and production databases
Process for assuring efficiency and integrity of the
Release Management
software development lifecycle
Process for assuring routine, emergency and out-
Change & Configuration
of-band changes are made efficiently, and in such a
Management
manner as to prevent operational outages.
Process and capabilities designed to protect the
Threat & Vulnerability
enterprise infrastructure from new and emerging
Management
threats
Automated workflow and Service Desk designed to
Problem & Incident
assure incidents are escalated and addressed in a
Management
timely manner
Security Information & Automated log management, monitor and report

Event Management security and compliance posture
Compliance Reporting
Automated processes for compliance certification,
and Management reporting and remediation (E.g. PCI)

IBM Internet Security Systems Protection Platform

Among the most
advanced and complete
security architectures
ever developed—
delivering preemptive
security
Integrated security intelligence

Comprehensive suite of professional security
services
Single, integrated view into the network
Platform and service extensibility
Correlation and integration of multiple data sources
Underlying “best-in-breed” appliances
24/7 outsourced security management
Improved system uptime and performance without
a large investment in technology or resources
Guaranteed protection services Protection Platform

IBM Security - Backed by the IBM X-Force® Research Team
Research Technology Solutions
X-Force Protection Engines

Original Vulnerability
Research Extensions to existing engines
New protection engine creation
Public Vulnerability
Analysis X-Force XPU’s
Security Content Update

Malware Analysis Development
Security Content Update QA
Threat Landscape
Forecasting X-Force Intelligence
X-Force Database
Protection Technology
Feed Monitoring and Collection
Research
Intelligence Sharing
The X-Force team delivers reduced operational complexity –

helping to build integrated technologies that feature “baked-in” simplification

“Ahead Of The Threat”

X-Force found Mozilla Unicode
URL Stack Overflow.
IBM Customers protected.
May 13, 2008
September 23, 2008

X-Force updated protection Mozilla Unicode URL Stack
Adobe Reader and Adobe engines and vulnerability
Acrobat Remote Code Overflow public disclosure
database
Execution Vulnerability
Discovered IBM Customers protected.
February 7, 2008 February 13, 2008
August 2008
Widespread Exploitation in the
wild
MySQL targeted by automated SQL injected
attacks Vulnerability Discovered
IBM Customers protected.
November 13, 2007
April 22, 2008
Automated SQL Injection Attacks

Ahead Of The Threat

CVSS
Discovered Days Ahead Block by
Vulnerability Base Vendor Disclosure ISS Protection Shipped
by: of Threat default?
Score
Multiple (3) X-Force 10 / 7.4 Jan 8, 2008 Jan 8, 2007 1 year Yes, drop
Microsoft Windows MS08-001 – Critical SSM_List_BO packet
TCP/IP Remote CVE-2007-0066 and CVE-
Code Execution and 2007-0069 Aug 16, 2007 Yes, drop
DoS Vulnerabilities ICMP_Router_Advertisement_DOS packet
Adobe Flash Player X-Force 9.3 / 6.9 April 8, 2008 Nov 13, 2007 150 days Yes, via
Invalid Pointer APSB08-11 Multimedia_File_Overflow rewrite
Vulnerability CVE-2007-0071
Multiple Vendors Dan Kaminski 6.4 / 5.3 July, 2008 (Several) May 29, 2003 ~ 5 yrs Yes, Block
Vulnerable to DNS 2006 CVE-2008-1447 HTTP_GET_SQL_UnionSelect connection
Cache Poisoning Nov 13, 2007 – July 17 2008 240 days –
DNS_Cache_Poison present Yes, Drop
Aug 12, 2008 Packet
DNS_Cache_Poison_Subdomain_
Attack Yes, drop
packet
Microsoft Windows In the wild 10/8.7 Oct 23, 2008* Aug 8, 2006 22 months Block
Server Service RPC MS08-067 – Critical MSRPC_Srvcs_Bo connection
Code Execution CVE-2008-4250
Oct 27, 2008
MSRPC_Srvsvc_Bo

Ahead of the Threat: Conficker
Nov 21, 2008 Dec 29, 2008 Feb 20, 2009 Mar 4, 2009
Conficker.A discovered Conficker.B discovered Conficker.B++/C discovered Conficker.C/D discovered
DEC-08 JAN-09 FEB-09 MAR-09 APR-09
X-Force is the first to

reverse- engineer the
worm’s Peer-to-Peer
communication protocol.

Proventia® Network IPS

IBM ISS Virtual Patch
What it does…
- Provides a buffer of time where newly discovered vulnerabilities are
addressed before scheduled patches can be applied.
How it works…
- X-Force™ research focuses on high-risk security
vulnerabilities.
- Virtual PatchTM technology focuses on the
underlying vulnerability instead of the exploit.
How this helps…

- Prevent zero-day attacks & conveniently manage new patches.
Why IBM ISS…
- X-Force leads the industry in primary vulnerability research.


The Power To Deliver The Most

Advanced Internet Security Solutions
Security Products
Central Management Platform

Network Intrusion Protection System
Virtual IPS & Web Application Security
Host-based Intrusion Protection System
Enterprise Vulnerability Management
Multi-Function Security (UTM)
Enterprise Data Leakage Protection
Endpoint Data Leakage Protection
Network Data Leakage Protection
Certified by J.D. Power and Associates for ISS Named Best

Gartner has positioned ISS in the leader Technology Service and Support Excellence Security Company USA
quadrant of the Magic Quadrant for NSS IPS + Enterprise 2006 Award by SC Magazine.
- First in Security Industry To Be Certified
Managed Security Service Providers **The GX5108 was the first in the industry to February 2006
- First Technology Company To Be Certified Globally
& Intrusion Prevention products receive the IPS + Enterprise certification**

Uncompromising Protection for Every Layer of Your Network

“This one’s a bit of an Eye Chart!”

IBM Proventia® Network Intrusion Prevention

Business Challenges The Proventia Solution


The most complete portfolio available

Model Ports US List

GX4002 2 $10,995
GX4004 4 $15,995
GX5008 8 $37,995
GX5108 8 $57,995
GX5208 8 $85,995
GX6116 16 $188,995


IBM Proventia® Server
• Managing disperse security agents • Reduces security costs, protects server
environments and reduces downtime
• Demonstrating risk and compliance
• Enforces corporate security policy for servers
• Protecting critical data, intellectual property and
access to vulnerable servers • Provides out-of-the-box protection with advanced
intrusion prevention and blocking
• Maintaining server uptime along while providing
strong host intrusion prevention technologies • Utilizes multiple layers of defense to provide
preemptive protection
• Tracking file access and changes among business
critical servers • Support operating system migration paths
• Protects at-risk systems before vendor-supplied
patches are available
Industry’s broadest operating system support:


IBM Proventia® Network Enterprise Scanner
• Managing enterprise security risk • Increase network uptime and bandwidth
• Demonstrating risk reduction and compliance • Perform fast, accurate vulnerability scans
• Optimizing protection against existing vulnerabilities • Free up resources by automating the scan process
• Automating the vulnerability scanning process • Leverage your existing IT infrastructure
• Managing the vulnerability remediation workflow • Monitor vulnerability status and maintain compliance
• Improving efficiency and decreasing operating costs • Combine with Proventia® Platform for “Scan and
Block” capabilities
#1 Network VA Vendor (2005)


IBM Proventia® Network Multi-Function Security
• Protect your business from internet threats without • Complete protection against all types of Internet threats,
jeopardizing bandwidth or availability with firewall, intrusion prevention, and Virus Prevention
• Secure your end users from spam, incompliant activity System
and other productivity drainers • Spam effectiveness ~95%, define Web browsing
• Conserve your resources by eliminating the need for policies, filter database of +63 Million URLs in 62
special security expertise categories
• “Set and forget” security, automatically updated to
protect against the next threat and tailored to needs of
your small business or remote offices

IBM Proventia® SiteProtector

• Enterprise-wide view of asset, threat & vulnerability • Documents the security process
data • Provides centralized management of high
• Comprehensive visibility into network performance network security in addition to host
communications and gateway devices
• Securing Enterprise asset • Ease of use through console consolidation
• Keeping the network available, bandwidth utilization • Offers visibility through the detection system
• Maintaining too many security management systems • Enables keeping ahead of rising standard of due
• Acceptable use of network resources care
• Keeps workflow support for policy mgmt, incident
response and vulnerability remediation


IBM Data Security Services
Endpoint Encryption Network Data Loss Prevention

- powered by PGP Corporation (nDLP)
- Full Disk (protect data when device - powered by Fidelis Security Systems
lost or stolen) - Policy-based enforcement of data
- File / folder / vdisk / removable protection policy (notify, block,
media, shared media encrypt, remove, relocate)
Endpoint Data Loss Prevention Activity Compliance Monitoring &

(eDLP) Reporting
- powered by Verdasys Inc. - powered by Application Security Inc.
- Automated discovery of sensitive and Tivoli Compliance Insight
content, classifying / tagging of files, Manager (TCIM)
- Policy-based enforcement of data - Help assess the security strength of
protection policy (notify, block, network-based database applications
encrypt, remove, relocate) by identifying vulnerabilities
- Close the gap between user action - Locate, examine, report on and
and automated policy-enforced suggests fixes for security holes and
action misconfigurations
- Removable media port control with - Policy-based, compliance-focused
Fine-grain control of external I/O solution to monitor user activity
ports across heterogeneous systems
http://www-935.ibm.com/services/us/index.wss/offerfamily/gts/a1027705

Enterprise Content Protection (ECP)

Prevent leakage of sensitive data outside and inside.
Protect valuable information and comply with regulations.
Framework allowing tailored solution for protection at the

network and endpoint levels.
In combination, or as separate components (Network / Endpoint)
Proven, best technical capability from IBM Business Partners

integrating with IBM Professional Security Services and Managed
Security Services to protect data, brands, intellectual property
and resources.
Scalable to support the enterprise of any size and distribution

Definition: “Podslurping”
Podslurping: the act of using a portable data storage
device such as an iPod digital audio player to illicitly
download large quantities of confidential data by
directly plugging it into a computer where the data is
held, and which may be on the inside of a firewall. As
these storage devices become smaller and their
storage capacity becomes greater, they are becoming
an increasing security risk to companies and
government agencies.

Enterprise Content Protection (ECP)

Automated discovery of sensitive content, classifying / tagging of files
Policy-based enforcement of data protection policy (prevent, allow, encrypt, etc.)
Close the gap between user action and automated policy-enforced action
Endpoint – Network – Server / Data Center
Key Business Partners:

- Fidelis Security Systems
- Verdasys

Data-Centric
Data-Centric Security
Security Process
Process
Where and What is What is the User Where Is the Apply Risk Appropriate
Sensitive Data Doing With It? Data Going? Policy & Actions
Discovery Unstructured Data

Desktops Read Devices Alert
Laptops
Servers Write Detection
Classification Move Warn

Tagging Print Awareness
Applications Prompt
Content Burn
Similarity Justify
Copy/Paste
Keyword Encrypt
Pattern Upload
Dictionary Networks Protection
Structured Data Block
Context
View Prevention
Server
Application Delete Mask
File Type Email Need to Know
Modify
User
Continuous Audit Logging

Complementary technologies, comprehensive protection
FW
Complementary technologies
- IBM ISS Proventia™ prevents intrusions, attacks and
compromises
- Fidelis XPS™ prevents leakage of sensitive content
Comprehensive protection
- Inbound and outbound security for enterprise networks
- Asymmetrical depth of defense
37
38
SiteProtector
Unified Enterprise Security
Console for all products
Enterprise Protection Products
Data
Vulnerability Network Protection Server Protection Behavior Protection Security
Assessment Services
High performance network

Enterprise Scanner security with real-time attack, Data Security -- Provides IBM Proventia Network
helps to ensure the malicious code and hybrid historical data that enables Anomaly Detection
availability of your threat blocking. companies to find the origin System (ADS) is designed
revenue producing Allows secure open of a change, breach or string to deliver a clear view of
services and protects transactions in a SOA of behavior your network's behavior
your corporate data environment which is an Insider Threats -- Tracks while automatically
by identifying where effective way to preserve the who, what, when, where detecting active security
risk exists, network availability, reduce the of user/administrator threats, risky user
prioritizing and burden on your IT resources behavior behavior, performance
assigning protection and prevent security breaches. issues and noncompliant
Compliance -- Provides the
activities, and then activities, such as policy
Protects Email systems and reporting necessary to prove
reporting on results the security of sensitive violations and unapproved
the data that can leak from network changes.
these systems information
39
BREAK


ISS Professional Security Services
Professional Security Services

- Assessment Services
• Application Security Assessment
• Information Security Assessment
• Penetration Testing
• PCI Assessments
• SCADA Assessment
- Design Services
- Education Services
- Emergency Response Services
Benefits
- Identification of security weaknesses
• Unsecured networks and applications
• Weak security policies
- Implementation of a best practices approach to security
- Aid compliance with regulations
• SoX, HIPAA, GLB, PCI

IBM ISS Professional Security Services

ADDME - A Proven Methodology
Phase 5. Phase 1.
Education Assessment
IBM ISS Product Training Application Security Assessment
Security Awareness Training Information Security Assessment
Penetration Testing
PCI Assessment
SCADA Assessment
Policy and ISO 17799 Gap Analysis
Phase 4.
Management Phase 2.
and Support Design
Emergency Response Service Implementation Planning
Forensic Analysis Service Network Security Architecture Design
Staff Augmentation and Support Policy Design and Development
Standards and Procedures Development
Phase 3.
Deployment
Deployment Services
Migration Services

Application Security Assessment (ASA)

Application security an often-overlooked part of a security plan
- Applications house companies’ critical data – customer information, HR data
and intellectual property
- Security holes in custom applications create opportunities for attackers
ASA looks for the vulnerabilities in Web and custom applications

- Comprehensive vulnerability assessment of the application and network
infrastructure directly supporting the application
- Remote attack simulation in which security experts attempt to penetrate an
application, using techniques similar to those used by malicious attackers
- Targeted code review to provide solid recommendations for improving
application security
- Assessments performed by security consultants with application development
backgrounds
Detailed report of findings

- Specific recommendations for remediating any vulnerability found

Information Security Assessment (ISA)

Comprehensive evaluation of an organization’s security posture
- Based on ISO 17799 security standard and industry best practices
- Provides complete internal and external assessment of information security state
Provides a clear understanding of current information security risks

- Identifies the potential impact of vulnerabilities
- Raises internal awareness of information security risks
- Enables more informed decision-making and identifies the gaps in organizational
security controls, policies and processes
- Provides a specific, actionable plan to improve overall security posture based on
business needs
- Helps to meet regulatory compliance requirements
Includes a thorough assessment of:

- Information security policies
- Procedures, controls and mechanisms
- Physical security
- Networks, servers, desktops and databases
Detailed deliverables
- Prioritized, actionable remediation steps presented in a workshop format

PCI Compliance Services

IBM ISS is a Qualified Security Assessor (QSA), having met the
requirements as a QSAC to perform PCI assessments
IBM ISS is a Approved Scanning Vendor (ASV), having met the
requirements to perform PCI DSS-approved quarterly network scans
ISS PCI services include:

- PCI Assessments
• Pre-assessment
• Annual on-site audit and Report on Compliance (ROC)
• Quarterly network scans
- Remediation
• Assistance remediating any issues found during preassessment
- Payment Application Assessments
• Assessing the security of payment applications
• IBM ISS is an Approved Qualified Payment Application Security Company (QPASC)
- Visa Cardholder Information Security Program (CISP) Incident Response
• IBM ISS is a Visa Qualified CISP Incident Response Assessor
• IBM ISS can respond to security incidents and provide forensic analysis when there is a loss of
cardholder data

Penetration Testing
Penetration testing uncovers network vulnerabilities and

assesses the business risk of those vulnerabilities
- Real-life network attack simulation in which security experts attempt to
penetrate a network mimicking the techniques used by malicious attackers
- Demonstrates how attackers can significantly impact a business
IBM ISS security expertise

- More than a simple vulnerability assessment
• Use of a combination of proprietary and industry-leading security assessment tools,
complete with an in-depth analysis of vulnerability data by a security expert
- Leverages security intelligence of ISS X-Force
Detailed deliverables
- Prioritized, actionable remediation steps

Emergency Response Services

Incident response, preparedness planning and forensic analysis experts
- Responds quickly to attacks in progress
- Works with customers to develop customized emergency response plans to minimize the
effect of future attacks
Customers benefit from:
- Immediate attack response 24/7/365 to stop attacks in progress and minimize their impact
- Forensic analysis to help find and prosecute perpetrators
- Incident response methodology that includes steps for analysis and intelligence gathering,
containment, eradication, recovery and prevention
- Customized incident response plans and procedures to guide you in case of an attack
Available as a subscription service or as an on demand service
- Subscription service includes incident response planning and phone support to help
customers prepare before a security incident occurs
Customers experiencing a security emergency can call the IBM ISS Emergency
Response Team 24/7/365:

Additional IBM ISS Professional Security Services

Governance, Risk & Compliance Services
- Strategic Threat & Risk Analysis (TRA)
- Security Policy Development
- Network Security Architecture Design
- Security Technology Implementation Planning
- Deployment Consulting
- Staff Augmentation Professional Services
Identity & Access Management (IAM) Professional Services

- Specifically with respect to Tivoli Identity Manager (TIM) and Tivoli Access
Manager (TAM) design, installation & configuration


The Power To Deliver The Most

Advanced Internet Security Solutions
Managed Security Services

Managed Protection Services
Managed and Monitored Firewall

Services
Managed IDS/IPS Services
Vulnerability Management Service
Security Event and Log Management

Services
Managed E-mail and Web Security

Services

IBM Global Security Operations and R&D
IBM has the unmatched global expertise to deliver complete solutions –

and manage the cost and complexity of security

Breadth of Services

Breadth of Services
Managed Security Services
Key Benefits
Protect company assets, brand reputation and
business continuity with 24x7 reliable monitoring
and management
Reduces in-house security costs by up to 55

percent
Achieves security compliance with industry and

governmental regulations
Maximizes existing security investments
Improves productivity by freeing IT resources to

focus on strategic initiatives
Reassures clients, partners and shareholders that

critical data is protected by trusted resources
Reduces operational complexity

Managed Protection Services (MPS)
Guaranteed Protection Services

Based on IBM ISS Security Technologies
Proventia G (IDPS)
Proventia M (UTM)
Proventia Server
Proventia Desktop
Best-in-Class Service Level Agreements
Performance based SLAs
Multiple Service Level Options
Standard, Select, Premium
Choose services per device for custom solutions
Industry Leading Customer Portal
Embedded X-Force Intelligence
55
Managed Protection Service

Features
Industry Leading Performance-based SLAs
Completely Web-Driven Interface – Virtual-SOC Portal enhances

customer control and SOC communications
24/7 Expert Monitoring and Management
Security Incident Escalation
Standard & Customizable Reporting
Systrust & SAS-70 Certified SOC
Integrated Vulnerability Management
Subscription to XFTAS – Security Intelligence
56
MPS Offerings and Service Levels
Benefit from guaranteed service level agreements and a $50,000 money-back warranty
ensuring 100% accountable, reliable protection*
*Money-back payment (for Managed Protection Services - Premium Level only): If IBM Internet Security Systems fails to
meet the Security Incidents Prevention Guarantee the customer's account shall be paid US$50,000 for each instance this
guarantee has not been met. Please see IBM Internet Security Systems Service Level Agreements for more details.
57
Managed Security Services (MSS) - Summary
Industry Proven Managed Security Services

– Managed Network Intrusion Detection / Prevention
– Managed Network Firewall
Multi-Vendor Security Technology Support

– Firewalls: IBM ISS, Cisco, Check Point, Juniper
– IPS: IBM ISS, McAfee, Sourcefire

– Standard, Select
– Standard, Select, Premium
58
Managed IPS & Firewall Service

Features
Best-of-Breed Security Platform Support Industry Leading Performance-based

ISS (IDS/IPS), Cisco (IDS/IPS), Sourcefire, SLAs
McAfee (IPS)
Check Point, Cisco, Juniper, ISS

Completely Web-Driven Interface – Virtual-SOC
Portal enhances customer control and SOC
Access to XFTAS – Security Intelligence
communications

(IPS Service)
59
Managed IDPS Service

Features Summary – Network
Features Standard Level Select Level
IDS/IPS: Critical attacks, denial All Attack activity,
of service, and worms suspicious activity, and
network misuse
In which document Policy management: Performed by IBM Performed by IBM,
can the latest unlimited policy
platform support and change requests per
sizing information be month
found?
Device management: Performed by IBM Performed by IBM
Security event monitoring: Automated analysis; Automated plus real-

email escalation time 24/7 human
analysis; e-mail or
telephone escalation
Vulnerability Management: 1 IP Quarterly 2 IPs Quarterly
Log Storage / Availability: 1 year Up to 7 Years
Health and Availability Yes Yes
Monitoring:
Security Content Upgrades: Yes Yes
Customer Portal Access: Yes Yes
Detailed Reporting: Yes Yes
Out of Band Required: Optional Yes
Optional Add-on Capabilities
High Availability: When supported by When supported by the
the platform platform
60
Managed Firewall Service (MFW)

Features Summary – Network
Features Standard Level Select Level Premium Level
Supported Up to 100MB* 100MB through 1 GB 100MB through 1 GB
Bandwidth: and up* and up*
Policy or 2 4 Unlimited
Configuration
In which documentChanges Per Month:
can the latest
platform support Emergency
and Policy No No 1
Changes
sizing information be per Month:
found? Maintenance Window for
Policy / Configuration No No Yes
Changes:
Site to Site VPN Support: Up to 2 Tunnels Unlimited Unlimited
Client / SSL VPN Support: No Yes Yes
Vulnerability Assessment: 1 IP Quarterly 2 IPs Quarterly 3 IPs Quarterly
Log Storage / Availability 1 year Up to 7 Years Up to 7 years
Device Management: Yes Yes Yes
Health and Availability Yes Yes Yes
Monitoring:
Application / OS Upgrades: Yes Yes Yes
Customer Portal Access: Yes Yes Yes
Detailed Reporting: Yes Yes Yes
Out of Band Required: Optional Yes Yes
Optional Add-on Capabilities

High Availability: When supported by the When supported by When supported by
platform the platform the platform
61
Managed Unified Threat Management (UTM) Service
Unified Threat Management (UTM)

Customizable support for best-of-breed multi-function devices
Multi-Vendor Security Technology Support

IBM ISS, Cisco, Juniper, Check Point

Standard, Select, Premium
62
Managed Unified Threat Management (UTM) Service

Features
Best-of-Breed Security Platform Support

IBM ISS, Cisco, Juniper, Check Point
Completely Web-Driven Interface – Virtual-SOC Portal enhances
customer control and SOC communications
Two Packages
Protection
Content
Multiple Service Levels
Standard, Select, & Premium
Embedded XFTAS – Security Intelligence
63

Security Enablement Services
Key Benefits
Centralized command center to
monitor and control Virtual-SOC
services
Run queries and generate reports on
multi-vendor security devices, security
events, service level agreement (SLA)
activity and more
Automated analysis of security events
and logs alerts for remediation
Unlimited archive system stores one
year of online event/log storage and
seven years of offline archiving
Authorized access to portal for
increased internal protection
Integrated with X-Force security
intelligence feeds and daily threat
assessments

Vulnerability Management Service
Internal & External Vulnerability

Assessments
Vulnerability Remediation Workflow
Embedded
Step-by-step Remediation Actions
Complete Ticketing System
Virtual Patch ties to MPS/MSS
Granular Access Control & Permissions
Fully functioned Reporting
66
Vulnerability Management Service - SLAs
Vulnerability Scan Execution

Scan will execute +/-1 hour of scheduled time.
Virtual Patch Application

Virtual patch will be applied within 2 hours of request.
Proactive System Monitoring (Internal)

15 minute notification of internal agent unreachable.
Security Content Update

Content updates completed within 72 hours of release.
Customer Portal
99.9% uptime
Internet Emergency
15 minute notification
67
Security Event & Log Management Service (SELM)
Log and Event Collection & Archival

Syslog, Universal Logging Agent (ULA)
On Site Aggregation, Compression, Encryption
Secured Communications
Forensically Sound Storage
Automated Alerting (Select Level Only)
Security Incident Tracking
Systrust and SAS-70 Certified SOC
68
X-Force Threat Analysis Service
X-Force Threat Analysis Service

News
Vulnerabilities
Exploits
Worms/Virus
Breaking Security Intelligence Alerts
Configurable Alerting/Advisories
Daily Emails
Direct Feed from X-Force Research
30,000+ Records
69
Managed E-mail & Web Security

Features: E-mail
100% Virus Protection

99.2% Spam Effectiveness with 1 in 1 Million False Positives
90%+ effective in identifying pornographic attachments
Enforces Acceptable Use Policy
Multiple Layers of Defense
Highly redundant infrastructure
Assists in stopping confidential information leaving your company
70

Service Details: E-mail
Anti-Virus Anti-Spam
- Multiple Scanners - Multiple filters
- Inbound & Outbound Filtering - TCP/IP Traffic Shaping
- Proactive scanning for new threats - Highly Effective with minimal False
- Phishing detection Positives
- Protection for Zero-Hour - Transparent Knowledge Base
Outbreaks Updates
- 7-day offsite Virus Quarantine - Multiple-handling options, including
end user Quarantine; Confidence
- 100% protection against known
to “block and delete” on signature
and unknown Viruses
detection
- Configurable White and Black lists


Service Details: E-mail
Image Control Content Control

- Proactive Monitoring - Protect Corporate and brand
- Detects 90%+ of e-mail borne reputation
inappropriate image attachments - Maintain Confidential and
- Fights Harassment in the Intellectual Property
workplace and protects Company - Advance Policy setting criteria
image including, Group, Users, Sizes,
- Configurable Sensitivity settings to Types, Times of Day
adjust based on your appetite for - Keyword & Contextual Analysis
risk - Investigate suspicious activity
- Supports Compliance with Internet - Preserve Confidentiality and
Acceptable Use Policy and Legal Security and reduce Legal Liability
Liability
- Defend against careless and
malicious actions


Service Details: Web
Web Anti-Virus/Anti- Web URL Filter

Spyware - Combined Real-Time filtering with
- Real-time Scanning and Analysis of Sophisticated URL Categorization
Web Traffic database
- Combined protection from Spyware, - Policy engine with intuitive rule-building
Viruses and all other types of Malware - MIME and file type lists
at the Internet level
- Customizable Block Messages and
- Skeptic Technology layered over Email Alerting
multiple commercial scanning engines
- Content Categories include Webmail,
- Converged Threat Analysis, taking blogs, chat and “uncategorized”
recent threat information from Email
- Enforces Web Acceptable Use Policy
and IM and applying to Web
- Optimizes bandwidth
- Customizable Block messages and
email alerting


IBM
Rick Young, Account Executive
rick@ca.ibm.com
Questions?

Thank You!
Rick Young, Account Executive
THE VEHICLE THE SKILL THE SOLUTION
© Copyright IBM Corporation 2007

IBM Internet Security Systems Technical Overview

Încărcat de

Informații document

Descriere originală:

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

IBM Internet Security Systems Technical Overview

Încărcat de

Drepturi de autor:

Formate disponibile

IBM Internet Security Systems

IBM ISS Overview

THE VEHICLE THE SKILL THE SOLUTION

© Copyright IBM Corporation 2007

IBM Security Framework & IBM ISS Protection Platform

IBM X-Force Security Research & Development

IBM ISS Proventia Security Products & Solutions

IBM Data Security Solutions

IBM ISS Professional Security Services

IBM ISS Managed Security Services

2 Customer Presentation | Feb 2008 © Copyright IBM Corporation 2007

The Security “Perfect” Storm

The State of Evolving Threats

4 Customer Presentation | Feb 2008 © Copyright IBM Corporation 2007

The real security problem

Compliance Spending: IT Innovation:

Complexity remains the biggest security challenge!*

5 Customer Presentation | Feb 2008 © Copyright IBM Corporation 2007

Not all risks are created equally

Worms Disk Failure

1/100 Regional Power Failures

1/10,000 $1 $10 $100 $1,000 $10k $100k $1M $10M $100M

6 Customer Presentation | Feb 2008 © Copyright IBM Corporation 2007

Neither are all Security Solutions…

Find a balance between effective

(the 80-20 rule) applies to IT security*

- Organizations that use critical security

7 Customer Presentation | Feb 2008 © Copyright IBM Corporation 2007

To address these concerns, CIOs are developing contingency

8 Customer Presentation | Feb 2008 © Copyright IBM Corporation 2007

Security Optimization can help gain operational efficiencies and IT capacity --

New Solutions Liberated funding

Application Enhancements Capacity

9 Customer Presentation | Feb 2008 © Copyright IBM Corporation 2007

Optimization of Security and Resiliency

Redefine and Simplify Risk and Risk Management

Establish a Total Security Framework and Solutions Portfolio

Simplify the Security & Risk Lifecycle

10 Customer Presentation | Feb 2008 © Copyright IBM Corporation 2007

11 Customer Presentation | Feb 2008 © Copyright IBM Corporation 2007

IBM Solutions for Security and Resiliency deliver sustainable

Enable innovation through secured,

IBM Systems Group

IBM Security Framework

Process for assuring access to enterprise

Security Information & Automated log management, monitor and report

13 Customer Presentation | Feb 2008 © Copyright IBM Corporation 2007

IBM Internet Security Systems Protection Platform

Integrated security intelligence

14 Customer Presentation | Feb 2008 © Copyright IBM Corporation 2007

IBM Security - Backed by the IBM X-Force® Research Team

Research Technology Solutions

X-Force Protection Engines

Security Content Update

The X-Force team delivers reduced operational complexity –

15 Customer Presentation | Feb 2008 © Copyright IBM Corporation 2007

“Ahead Of The Threat”

September 23, 2008

April 22, 2008

Automated SQL Injection Attacks

16 Customer Presentation | Feb 2008 © Copyright IBM Corporation 2007

Ahead Of The Threat