Documente Academic
Documente Profesional
Documente Cultură
Agenda
The Evolving Threat
Break
Flexibility in
The Global Economy: Business Methods:
Driving new security To improve operations
support requirements and serve customers
Frequency of
Occurrences
Per Year Virus
Data Corruption
1,000
Application Outage
100 System Availability Failures
Lack of governance
Network Problem
10 Failure to meet
Failure to meet Industry standards
1 Terrorism/Civil Unrest
Compliance Mandates
1/10 Workplace inaccessibility Natural Disaster
infrequent
Pressure
- The axiom… never spend $100 dollars on a
Complexity
fence to protect a $10 horse
Studies show the Pareto Principle Effectiveness
amount of coverage
- Critical controls address risk at every layer of
the enterprise *Sources: W.H. Baker, C.D. Hylender, J.A. Valentine, 2008 Data Breach
Investigations Report, Verizon Business, June 2008
ITPI: IT Process Institute, EMA December 2008
100%
Strategic Change
IT Spending
New Solutions
Cost of
Operations
Operations Support
“Security Application Enhancements
Optimization
Services” Operations Support
Operations Maintenance
Operations Maintenance
Designed to:
12
12 Customer Presentation | Feb 2008 © Copyright IBM Corporation 2007
IBM Internet Security Systems
Control Description
Compliance Reporting
Automated processes for compliance certification,
and Management reporting and remediation (E.g. PCI)
X-Force Database
Protection Technology
Feed Monitoring and Collection
Research
Intelligence Sharing
August 2008
Widespread Exploitation in the
wild
MySQL targeted by automated SQL injected
attacks Vulnerability Discovered
IBM Customers protected.
November 13, 2007
Multiple (3) X-Force 10 / 7.4 Jan 8, 2008 Jan 8, 2007 1 year Yes, drop
Microsoft Windows MS08-001 – Critical SSM_List_BO packet
TCP/IP Remote CVE-2007-0066 and CVE-
Code Execution and 2007-0069 Aug 16, 2007 Yes, drop
DoS Vulnerabilities ICMP_Router_Advertisement_DOS packet
Adobe Flash Player X-Force 9.3 / 6.9 April 8, 2008 Nov 13, 2007 150 days Yes, via
Invalid Pointer APSB08-11 Multimedia_File_Overflow rewrite
Vulnerability CVE-2007-0071
Multiple Vendors Dan Kaminski 6.4 / 5.3 July, 2008 (Several) May 29, 2003 ~ 5 yrs Yes, Block
Vulnerable to DNS 2006 CVE-2008-1447 HTTP_GET_SQL_UnionSelect connection
Cache Poisoning Nov 13, 2007 – July 17 2008 240 days –
DNS_Cache_Poison present Yes, Drop
Aug 12, 2008 Packet
DNS_Cache_Poison_Subdomain_
Attack Yes, drop
packet
Microsoft Windows In the wild 10/8.7 Oct 23, 2008* Aug 8, 2006 22 months Block
Server Service RPC MS08-067 – Critical MSRPC_Srvcs_Bo connection
Code Execution CVE-2008-4250
Oct 27, 2008
MSRPC_Srvsvc_Bo
Nov 21, 2008 Dec 29, 2008 Feb 20, 2009 Mar 4, 2009
Conficker.A discovered Conficker.B discovered Conficker.B++/C discovered Conficker.C/D discovered
What it does…
- Provides a buffer of time where newly discovered vulnerabilities are
addressed before scheduled patches can be applied.
How it works…
- X-Force™ research focuses on high-risk security
vulnerabilities.
- Virtual PatchTM technology focuses on the
underlying vulnerability instead of the exploit.
Security Products
http://www-935.ibm.com/services/us/index.wss/offerfamily/gts/a1027705
Definition: “Podslurping”
Podslurping: the act of using a portable data storage
device such as an iPod digital audio player to illicitly
download large quantities of confidential data by
directly plugging it into a computer where the data is
held, and which may be on the inside of a firewall. As
these storage devices become smaller and their
storage capacity becomes greater, they are becoming
an increasing security risk to companies and
government agencies.
Close the gap between user action and automated policy-enforced action
Data-Centric
Data-Centric Security
Security Process
Process
Where and What is What is the User Where Is the Apply Risk Appropriate
Sensitive Data Doing With It? Data Going? Policy & Actions
FW
Complementary technologies
- IBM ISS Proventia™ prevents intrusions, attacks and
compromises
- Fidelis XPS™ prevents leakage of sensitive content
Comprehensive protection
- Inbound and outbound security for enterprise networks
- Asymmetrical depth of defense
37
37 Customer Presentation | Feb 2008 © Copyright IBM Corporation 2007
IBM Internet Security Systems
38
38 Customer Presentation | Feb 2008 © Copyright IBM Corporation 2007
IBM Internet Security Systems
SiteProtector
Unified Enterprise Security
Console for all products
Data
Vulnerability Network Protection Server Protection Behavior Protection Security
Assessment Services
39
39 Customer Presentation | Feb 2008 © Copyright IBM Corporation 2007
IBM Internet Security Systems
BREAK
Phase 4.
Management Phase 2.
and Support Design
Emergency Response Service Implementation Planning
Forensic Analysis Service Network Security Architecture Design
Staff Augmentation and Support Policy Design and Development
Standards and Procedures Development
Phase 3.
Deployment
Deployment Services
Migration Services
Detailed deliverables
- Prioritized, actionable remediation steps presented in a workshop format
Penetration Testing
Detailed deliverables
- Prioritized, actionable remediation steps
Breadth of Services
Breadth of Services
Managed Security Services
Key Benefits
Protect company assets, brand reputation and
business continuity with 24x7 reliable monitoring
and management
55
55 Customer Presentation | Feb 2008 © Copyright IBM Corporation 2007
IBM Internet Security Systems
56
56 Customer Presentation | Feb 2008 © Copyright IBM Corporation 2007
IBM Internet Security Systems
Benefit from guaranteed service level agreements and a $50,000 money-back warranty
ensuring 100% accountable, reliable protection*
*Money-back payment (for Managed Protection Services - Premium Level only): If IBM Internet Security Systems fails to
meet the Security Incidents Prevention Guarantee the customer's account shall be paid US$50,000 for each instance this
guarantee has not been met. Please see IBM Internet Security Systems Service Level Agreements for more details.
57
57 Customer Presentation | Feb 2008 © Copyright IBM Corporation 2007
IBM Internet Security Systems
58
58 Customer Presentation | Feb 2008 © Copyright IBM Corporation 2007
IBM Internet Security Systems
59
59 Customer Presentation | Feb 2008 © Copyright IBM Corporation 2007
IBM Internet Security Systems
60
60 Customer Presentation | Feb 2008 © Copyright IBM Corporation 2007
IBM Internet Security Systems
62
62 Customer Presentation | Feb 2008 © Copyright IBM Corporation 2007
IBM Internet Security Systems
63
63 Customer Presentation | Feb 2008 © Copyright IBM Corporation 2007
IBM Internet Security Systems
Key Benefits
Centralized command center to
monitor and control Virtual-SOC
services
Run queries and generate reports on
multi-vendor security devices, security
events, service level agreement (SLA)
activity and more
Automated analysis of security events
and logs alerts for remediation
Unlimited archive system stores one
year of online event/log storage and
seven years of offline archiving
Authorized access to portal for
increased internal protection
Integrated with X-Force security
intelligence feeds and daily threat
assessments
66
66 Customer Presentation | Feb 2008 © Copyright IBM Corporation 2007
IBM Internet Security Systems
Customer Portal
99.9% uptime
Internet Emergency
15 minute notification
67
67 Customer Presentation | Feb 2008 © Copyright IBM Corporation 2007
IBM Internet Security Systems
68
68 Customer Presentation | Feb 2008 © Copyright IBM Corporation 2007
IBM Internet Security Systems
69
69 Customer Presentation | Feb 2008 © Copyright IBM Corporation 2007
IBM Internet Security Systems
70
70 Customer Presentation | Feb 2008 © Copyright IBM Corporation 2007
IBM Internet Security Systems
Anti-Virus Anti-Spam
- Multiple Scanners - Multiple filters
- Inbound & Outbound Filtering - TCP/IP Traffic Shaping
- Proactive scanning for new threats - Highly Effective with minimal False
- Phishing detection Positives
- Protection for Zero-Hour - Transparent Knowledge Base
Outbreaks Updates
- 7-day offsite Virus Quarantine - Multiple-handling options, including
end user Quarantine; Confidence
- 100% protection against known
to “block and delete” on signature
and unknown Viruses
detection
- Configurable White and Black lists
IBM
Rick Young, Account Executive
IBM Internet Security Systems
rick@ca.ibm.com
Questions?