IBM Internet Security Systems · IBM Internet Security Systems Protection Platform Among the most...

© Copyright IBM Corporation 2007

THE VEHICLE THE SKILL THE SOLUTION

IBM Internet Security Systems

IBM ISS Overview

Customer Presentation | Feb 20082



Agenda

� The Evolving Threat

� IBM Security Framework & IBM ISS Protection Platform

� IBM X-Force Security Research & Development

� IBM ISS Proventia Security Products & Solutions

� IBM Data Security Solutions

� Break

� IBM ISS Professional Security Services

� IBM ISS Managed Security Services




The Security “Perfect” Storm

� The evolving threat

- From notoriety to profit motive� The productivity machine

- Business enhancements = risk� Security costs growing 3x faster than IT budgets

- Point product approaches no longer scale� Accelerated growth of IP-aware networks

- Accelerates IT risk� Rapid growth in data

- Data is the new currency� Compliance mandates

- Driving costs and spending




The State of Evolving Threats

� Expanding e-crime

- Big business driven by profit

- Innovation to capture new

markets (victims)

- Victim segmentation and focus

- Stealth is the new “black”

- Rate of attacks is accelerating

- Form of attack is more

malicious

- Attacks are “designer”

in Nature




IT Innovation: Requiring new ways to

secure the new ways we collaborate

The Global Economy: Driving new security support requirements

Compliance Spending: Investing in more point products to solve more point problems

New Methods and Motives:Adding to the complexity and sheer number of risks

Flexibility in Business Methods:

To improve operations and serve customers

The real security problem

Complexity remains the biggest security challenge!*Integration is key to managing the cost and complexity of the evolving landscape

*InformationWeek 2008 Security Survey




Not all risks are created equally

Frequency ofOccurrences

Per Year

1,000

100

10

1

1/10

1/100

1/1,000

1/10,000

1/100,000

$1 $10 $100 $1,000 $10k $100k $1M $10M $100M

fre

quen

tin

fre

que

nt

Consequences (Single Occurrence Loss) in Dollars per Occurrencelow high

Virus

Worms Disk Failure

System Availability Failures

Pandemic

Natural Disaster

Application Outage

Data Corruption

Network Problem

Building Fire

Terrorism/Civil UnrestFailure to meet

Compliance MandatesWorkplace inaccessibility

Failure to meet Industry standards

Regional Power Failures

Lack of governance




Neither are all Security Solutions…

�Find a balance between effective security and cost

- The axiom… never spend $100 dollars on a fence to protect a $10 horse

�Studies show the Pareto Principle (the 80-20 rule) applies to IT security*

- 87% of breaches were considered avoidable through reasonable controls*

�Small set of critical security controls provide a disproportionately high amount of coverage

- Critical controls address risk at every layer of the enterprise

- Organizations that use critical security controls have significantly higher performance*

*Sources: W.H. Baker, C.D. Hylender, J.A. Valentine, 2008 Data Breach

Investigations Report, Verizon Business, June 2008

ITPI: IT Process Institute, EMA December 2008

Cost

Effectiveness

Agility

Time

ComplexityPre

ss

ure




To address these concerns, CIOs are developing contingency plans for their IT organizations

CIO strategies for managing in an uncertain environment include:

� Cutting operating expense

� Postponing long-term projects in favor of near-term return on investment (ROI)

� Deferring or reducing capital expenditures

� Revisiting existing service contracts

� Seeking productivity increases in their existing infrastructure

� Postponing hiring of additional IT staff

� Postponing the launch of new initiatives

…CIOs are being challenged to realize near term cost reductions while continuing to drive structural change




Security Optimization can help gain operational efficiencies and IT capacity --to save money and increase investments in new solutions

IT S

pendin

g

Operations Support

Operations Maintenance

New Solutions

Application EnhancementsStrategic Change

Capacity

Cost ofOperations

Operations Maintenance

Operations Support

New Solutions

Application Enhancements

Liberated funding

for direct saving or

transformational

investment

100%

IT Spending – Liberating Funds

“Security

Optimization Services”




Optimization of Security and Resiliency

� Redefine and Simplify Risk and Risk Management

- Re-evaluating business priorities to balance risk in light of evolving challenges and business Requirements

� Establish a Total Security Framework and Solutions Portfolio

- Take Inventory of current security and continuity practices

- Leverage innovation and integration and global expertise

� Simplify the Security & Risk Lifecycle

- Aligning with business processes to ensure continuous improvement, Cost & Complexity removal

� Join with a Transformative Security Partner

- Call in the experts

- Leverage global knowledge and learning







IBM Solutions for Security and Resiliency deliver sustainable and optimized business operations

Designed to:

� Enable innovation through secured, end-to-end infrastructure and platforms

� Reduce number and complexity of required security controls

� Reduce redundant security expenses

� Improve organizational and operational agility and resiliency

� Leverage industry expertise to help unify policy management

� Deliver needed visibility, control and automation

IBM Systems Group




IBM Security Framework

Automated log management, monitor and report security and compliance posture

Security Information & Event Management

DescriptionControl

Process for assuring efficiency and integrity of the software development lifecycle

Release Management

Capability that allows for granular protection of data in test and production databases

Database Protection

Capability enabling use of pre-existing investments by providing central management of encryption keys

Encryption and Key Management

Process for assuring access to enterprise resources has been given to the right people, at the right time

Identity & Access Management

Automated processes for compliance certification, reporting and remediation (E.g. PCI)

Compliance Reporting and Management

Automated workflow and Service Desk designed to assure incidents are escalated and addressed in a timely manner

Problem & Incident Management

Process and capabilities designed to protect the enterprise infrastructure from new and emerging threats

Threat & Vulnerability Management

Process for assuring routine, emergency and out-of-band changes are made efficiently, and in such a manner as to prevent operational outages.

Change & Configuration Management




IBM Internet Security Systems Protection Platform

Among the most

advanced and complete

security architectures

ever developed—

delivering preemptive

security

Protection Platform

� Integrated security intelligence

� Comprehensive suite of professional security services

� Single, integrated view into the network

� Platform and service extensibility

� Correlation and integration of multiple data sources

� Underlying “best-in-breed” appliances

� 24/7 outsourced security management

� Improved system uptime and performance without a large investment in technology or resources

� Guaranteed protection services




Solutions

IBM Security - Backed by the IBM X-Force® Research Team

Protection Technology Research

Threat Landscape Forecasting

Malware Analysis

Public Vulnerability Analysis

Original Vulnerability Research

Research Technology

The X-Force team delivers reduced operational complexity –helping to build integrated technologies that feature “baked-in” simplification

X-Force Protection Engines

� Extensions to existing engines

� New protection engine creation

X-Force XPU’s

� Security Content Update Development

� Security Content Update QA

X-Force Intelligence

� X-Force Database

� Feed Monitoring and Collection

� Intelligence Sharing




September 23, 2008

Mozilla Unicode URL Stack Overflow public disclosure

X-Force found Mozilla Unicode

URL Stack Overflow.

IBM Customers protected.

May 13, 2008

August 2008

Widespread Exploitation in the wild

Adobe Reader and Adobe

Acrobat Remote Code

Execution Vulnerability Discovered

February 7, 2008

X-Force updated protection engines and vulnerability database


February 13, 2008

April 22, 2008

Automated SQL Injection Attacks

MySQL targeted by automated SQL injected

attacks Vulnerability Discovered


November 13, 2007

“Ahead Of The Threat”




Yes, via rewrite

150 daysNov 13, 2007 Multimedia_File_Overflow

April 8, 2008 APSB08-11CVE-2007-0071

9.3 / 6.9X-ForceAdobe Flash Player Invalid Pointer Vulnerability

22 months

~ 5 yrs

240 days –present

1 year

Days Ahead of Threat

10/8.7

6.4 / 5.3

10 / 7.4

CVSS Base Score

Yes, drop packet

Yes, drop packet

Jan 8, 2007 SSM_List_BO

Aug 16, 2007 ICMP_Router_Advertisement_DOS

Jan 8, 2008 MS08-001 – CriticalCVE-2007-0066 and CVE-2007-0069

X-ForceMultiple (3) Microsoft Windows TCP/IP Remote Code Execution and DoS Vulnerabilities

Block connection

Aug 8, 2006MSRPC_Srvcs_Bo

Oct 27, 2008MSRPC_Srvsvc_Bo

Oct 23, 2008*MS08-067 – CriticalCVE-2008-4250

In the wildMicrosoft Windows Server Service RPC Code Execution

Yes, Block connection

Yes, Drop Packet

Yes, drop packet

May 29, 2003HTTP_GET_SQL_UnionSelectNov 13, 2007 – July 17 2008DNS_Cache_PoisonAug 12, 2008DNS_Cache_Poison_Subdomain_Attack

July, 2008 (Several)2006 CVE-2008-1447

Dan KaminskiMultiple Vendors Vulnerable to DNS Cache Poisoning

Block by default?

ISS Protection ShippedVendor DisclosureDiscovered

by:Vulnerability

Ahead Of The Threat




Ahead of the Threat: Conficker

DEC-08 JAN-09 FEB-09 MAR-09 APR-09

Nov 21, 2008Conficker.A discovered

Dec 29, 2008Conficker.B discovered

Feb 20, 2009Conficker.B++/C discovered

Mar 4, 2009Conficker.C/D discovered

X-Force is the first to reverse- engineer the worm’s Peer-to-Peer communication protocol.




Proventia® Network IPSIBM ISS Virtual Patch

� What it does…

- Provides a buffer of time where newly discovered vulnerabilities are addressed before scheduled patches can be applied.

� How it works…

- X-Force™ research focuses on high-risk security vulnerabilities.

- Virtual PatchTM technology focuses on the underlying vulnerability instead of the exploit.

� How this helps…

- Prevent zero-day attacks & conveniently manage new patches.

� Why IBM ISS…

- X-Force leads the industry in primary vulnerability research.







�Central Management Platform

�Network Intrusion Protection System

� Virtual IPS & Web Application Security

�Host-based Intrusion Protection System

�Enterprise Vulnerability Management

�Multi-Function Security (UTM)

� Enterprise Data Leakage Protection

� Endpoint Data Leakage Protection

� Network Data Leakage Protection

Security Products

The Power To Deliver The Most Advanced Internet Security Solutions

Gartner has positioned ISS in the leader quadrant of the Magic Quadrant for Managed Security Service Providers& Intrusion Prevention products

ISS Named Best Security Company USA by SC Magazine.February 2006

NSS IPS + Enterprise 2006 Award **The GX5108 was the first in the industry to receive the IPS + Enterprise certification**

Certified by J.D. Power and Associates for Technology Service and Support Excellence

- First in Security Industry To Be Certified - First Technology Company To Be Certified Globally




Uncompromising Protection for Every Layer of Your Network




“This one’s a bit of an Eye Chart!”




Business Challenges The Proventia Solution


IBM Proventia® Network Intrusion Prevention






The most complete portfolio available






US ListPorts

GX4002GX4002

GX4004GX400422

44$10,995$10,995

$15,995$15,995

GX5008GX5008

GX5108GX5108

GX5208GX5208

88

88

88

$37,995$37,995

$57,995$57,995

$85,995$85,995

Model

GX6116GX6116 1616 $188,995$188,995




Business Challenges The Proventia Solution• Managing disperse security agents

• Demonstrating risk and compliance

• Protecting critical data, intellectual property and access to vulnerable servers

• Maintaining server uptime along while providing strong host intrusion prevention technologies

• Tracking file access and changes among business critical servers

• Reduces security costs, protects server environments and reduces downtime

• Enforces corporate security policy for servers

• Provides out-of-the-box protection with advanced intrusion prevention and blocking

• Utilizes multiple layers of defense to provide preemptive protection

• Support operating system migration paths

• Protects at-risk systems before vendor-supplied patches are available

Industry’s broadest operating system support:


IBM Proventia® Server




Business Challenges The Proventia Solution• Managing enterprise security risk

• Demonstrating risk reduction and compliance

• Optimizing protection against existing vulnerabilities

• Automating the vulnerability scanning process

• Managing the vulnerability remediation workflow

• Improving efficiency and decreasing operating costs

• Increase network uptime and bandwidth

• Perform fast, accurate vulnerability scans

• Free up resources by automating the scan process

• Leverage your existing IT infrastructure

• Monitor vulnerability status and maintain compliance

• Combine with Proventia® Platform for “Scan andBlock” capabilities

#1 Network VA Vendor (2005)


IBM Proventia® Network Enterprise Scanner




Business Challenges The Proventia Solution


IBM Proventia® Network Multi-Function Security

• Protect your business from internet threats without jeopardizing bandwidth or availability

• Secure your end users from spam, incompliant activity and other productivity drainers

• Conserve your resources by eliminating the need for special security expertise

• Complete protection against all types of Internet threats, with firewall, intrusion prevention, and Virus Prevention System

• Spam effectiveness ~95%, define Web browsing policies, filter database of +63 Million URLs in 62 categories

• “Set and forget” security, automatically updated to protect against the next threat and tailored to needs of your small business or remote offices




Business Challenges The Proventia Solution• Enterprise-wide view of asset, threat & vulnerability

data• Comprehensive visibility into network

communications• Securing Enterprise asset• Keeping the network available, bandwidth utilization• Maintaining too many security management systems• Acceptable use of network resources

• Documents the security process• Provides centralized management of high

performance network security in addition to host and gateway devices

• Ease of use through console consolidation• Offers visibility through the detection system• Enables keeping ahead of rising standard of due

care• Keeps workflow support for policy mgmt, incident

response and vulnerability remediation


IBM Proventia® SiteProtector








IBM Data Security Services

� Endpoint Encryption- powered by PGP Corporation

- Full Disk (protect data when device lost or stolen)

- File / folder / vdisk / removable media, shared media

� Endpoint Data Loss Prevention (eDLP)- powered by Verdasys Inc.

- Automated discovery of sensitive content, classifying / tagging of files,

- Policy-based enforcement of data protection policy (notify, block, encrypt, remove, relocate)

- Close the gap between user action and automated policy-enforced action

- Removable media port control with Fine-grain control of external I/O ports

� Network Data Loss Prevention(nDLP)

- powered by Fidelis Security Systems

- Policy-based enforcement of data protection policy (notify, block, encrypt, remove, relocate)

� Activity Compliance Monitoring & Reporting

- powered by Application Security Inc. and Tivoli Compliance Insight Manager (TCIM)

- Help assess the security strength of network-based database applications by identifying vulnerabilities

- Locate, examine, report on and suggests fixes for security holes and misconfigurations

- Policy-based, compliance-focused solution to monitor user activity across heterogeneous systems

http://www-935.ibm.com/services/us/index.wss/offerfamily/gts/a1027705




Enterprise Content Protection (ECP)

� Prevent leakage of sensitive data outside and inside.

� Protect valuable information and comply with regulations.

� Framework allowing tailored solution for protection at the network and endpoint levels.

� In combination, or as separate components (Network / Endpoint)

� Proven, best technical capability from IBM Business Partners integrating with IBM Professional Security Services and Managed Security Services to protect data, brands, intellectual propertyand resources.

� Scalable to support the enterprise of any size and distribution




Definition: “Podslurping”

�Podslurping: the act of using a portable data storage device such as an iPod digital audio player to illicitly download large quantities of confidential data by directly plugging it into a computer where the data is held, and which may be on the inside of a firewall. As these storage devices become smaller and their storage capacity becomes greater, they are becoming an increasing security risk to companies and government agencies.




Enterprise Content Protection (ECP)

� Automated discovery of sensitive content, classifying / tagging of files

� Policy-based enforcement of data protection policy (prevent, allow, encrypt, etc.)

� Close the gap between user action and automated policy-enforced action

� Endpoint – Network – Server / Data Center

� Key Business Partners:

- Fidelis Security Systems

- Verdasys




What is the UserDoing With It?

Where and What is Sensitive Data

Apply Risk AppropriatePolicy & Actions

DiscoveryDesktops

Laptops

Servers

ClassificationTagging

ContentSimilarity

Keyword

Pattern

Dictionary

Context

Server

Application

File Type

User

Unstructured Data

Read

Write

Move

Print

Burn

Copy/Paste

Upload

Structured Data

View

Delete

Modify

Devices

Applications

Networks

Where Is theData Going?

AlertDetection

WarnAwareness

PromptJustify

Encrypt

Protection

BlockPrevention

MaskNeed to Know

Continuous Audit Logging

Email

Data-Centric Security ProcessData-Centric Security Process




Complementary technologies, comprehensive protection

�Complementary technologies

- IBM ISS Proventia™ prevents intrusions, attacks and compromises

- Fidelis XPS™ prevents leakage of sensitive content�Comprehensive protection

- Inbound and outbound security for enterprise networks

- Asymmetrical depth of defense

FW

37







Enterprise Protection Products

Vulnerability Assessment

Network Protection Server Protection

Enterprise Scanner helps to ensure the availability of your revenue producing services and protects your corporate data by identifying where risk exists, prioritizing and assigning protection activities, and then reporting on results

Data Security -- Provides historical data that enables companies to find the origin of a change, breach or string of behavior

Insider Threats -- Tracks the who, what, when, where of user/administrator behavior

Compliance -- Provides the reporting necessary to prove the security of sensitive information

High performance network security with real-time attack, malicious code and hybrid threat blocking.

Allows secure open transactions in a SOA environment which is an effective way to preserve network availability, reduce the burden on your IT resources and prevent security breaches.

Protects Email systems and the data that can leak from these systems

SiteProtectorUnified Enterprise Security

Console for all products

Behavior Protection

IBM Proventia Network Anomaly Detection System (ADS) is designed to deliver a clear view of your network's behavior while automatically detecting active security threats, risky user behavior, performance issues and noncompliant activities, such as policy violations and unapproved network changes.

Data Security Services

39




BREAK







ISS Professional Security Services

Professional Security Services

- Assessment Services• Application Security Assessment

• Information Security Assessment

• Penetration Testing

• PCI Assessments

• SCADA Assessment

- Design Services

- Education Services

- Emergency Response Services

Benefits

- Identification of security weaknesses• Unsecured networks and applications

• Weak security policies

- Implementation of a best practices approach to security

- Aid compliance with regulations• SoX, HIPAA, GLB, PCI




IBM ISS Professional Security Services ADDME - A Proven Methodology

Phase 5.Education

Phase 4.Management and Support

Phase 2.Design

Phase 1.Assessment

Phase 3.Deployment

� Application Security Assessment

� Information Security Assessment

� Penetration Testing

� PCI Assessment

� SCADA Assessment

� Policy and ISO 17799 Gap Analysis

� Implementation Planning

� Network Security Architecture Design

� Policy Design and Development

� Standards and Procedures Development

� Deployment Services

� Migration Services

� Emergency Response Service

� Forensic Analysis Service

� Staff Augmentation and Support

� IBM ISS Product Training

� Security Awareness Training




Application Security Assessment (ASA)

� Application security an often-overlooked part of a security plan- Applications house companies’ critical data – customer information, HR data and intellectual property

- Security holes in custom applications create opportunities for attackers

� ASA looks for the vulnerabilities in Web and custom applications- Comprehensive vulnerability assessment of the application and network infrastructure directly supporting the application

- Remote attack simulation in which security experts attempt to penetrate an application, using techniques similar to those used by malicious attackers

- Targeted code review to provide solid recommendations for improving application security

- Assessments performed by security consultants with application development backgrounds

� Detailed report of findings- Specific recommendations for remediating any vulnerability found




Information Security Assessment (ISA)

� Comprehensive evaluation of an organization’s security posture- Based on ISO 17799 security standard and industry best practices

- Provides complete internal and external assessment of information security state

� Provides a clear understanding of current information security risks- Identifies the potential impact of vulnerabilities

- Raises internal awareness of information security risks

- Enables more informed decision-making and identifies the gaps in organizational security controls, policies and processes

- Provides a specific, actionable plan to improve overall security posture based on business needs

- Helps to meet regulatory compliance requirements

� Includes a thorough assessment of:- Information security policies

- Procedures, controls and mechanisms

- Physical security

- Networks, servers, desktops and databases

� Detailed deliverables- Prioritized, actionable remediation steps presented in a workshop format




PCI Compliance Services

� IBM ISS is a Qualified Security Assessor (QSA), having met the requirements as a QSAC to perform PCI assessments

� IBM ISS is a Approved Scanning Vendor (ASV), having met the requirements to perform PCI DSS-approved quarterly network scans

� ISS PCI services include:- PCI Assessments

• Pre-assessment

• Annual on-site audit and Report on Compliance (ROC)

• Quarterly network scans

- Remediation• Assistance remediating any issues found during preassessment

- Payment Application Assessments• Assessing the security of payment applications

• IBM ISS is an Approved Qualified Payment Application Security Company (QPASC)

- Visa Cardholder Information Security Program (CISP) Incident Response• IBM ISS is a Visa Qualified CISP Incident Response Assessor

• IBM ISS can respond to security incidents and provide forensic analysis when there is a loss of cardholder data




Penetration Testing

� Penetration testing uncovers network vulnerabilities and assesses the business risk of those vulnerabilities- Real-life network attack simulation in which security experts attempt to penetrate a network mimicking the techniques used by malicious attackers

- Demonstrates how attackers can significantly impact a business

� IBM ISS security expertise- More than a simple vulnerability assessment

• Use of a combination of proprietary and industry-leading security assessment tools, complete with an in-depth analysis of vulnerability data by a security expert

- Leverages security intelligence of ISS X-Force

� Detailed deliverables- Prioritized, actionable remediation steps




Emergency Response Services

� Incident response, preparedness planning and forensic analysis experts

- Responds quickly to attacks in progress

- Works with customers to develop customized emergency response plans to minimize the effect of future attacks

� Customers benefit from:

- Immediate attack response 24/7/365 to stop attacks in progress and minimize their impact

- Forensic analysis to help find and prosecute perpetrators

- Incident response methodology that includes steps for analysis and intelligence gathering, containment, eradication, recovery and prevention

- Customized incident response plans and procedures to guide you in case of an attack

� Available as a subscription service or as an on demand service

- Subscription service includes incident response planning and phone support to help customers prepare before a security incident occurs

� Customers experiencing a security emergency can call the IBM ISS Emergency Response Team 24/7/365:




Additional IBM ISS Professional Security Services

� Governance, Risk & Compliance Services

- Strategic Threat & Risk Analysis (TRA)

- Security Policy Development

- Network Security Architecture Design

- Security Technology Implementation Planning

- Deployment Consulting

- Staff Augmentation Professional Services

� Identity & Access Management (IAM) Professional Services

- Specifically with respect to Tivoli Identity Manager (TIM) and Tivoli Access Manager (TAM) design, installation & configuration







The Power To Deliver The Most Advanced Internet Security Solutions

� Managed Protection Services

� Managed and Monitored Firewall Services

� Managed IDS/IPS Services

� Vulnerability Management Service

� Security Event and Log Management Services

� Managed E-mail and Web Security Services

Managed Security Services




IBM has the unmatched global expertise to deliver complete solutions –and manage the cost and complexity of security

IBM Global Security Operations and R&D




Breadth of Services




�Key Benefits� Protect company assets, brand reputation and business continuity with 24x7 reliable monitoring and management

� Reduces in-house security costs by up to 55 percent

� Achieves security compliance with industry and governmental regulations

� Maximizes existing security investments

� Improves productivity by freeing IT resources to focus on strategic initiatives

� Reassures clients, partners and shareholders that critical data is protected by trusted resources

� Reduces operational complexity

Breadth of ServicesManaged Security Services




Managed Protection Services (MPS)

� Guaranteed Protection Services� Based on IBM ISS Security Technologies

� Proventia G (IDPS)

� Proventia M (UTM)

� Proventia Server

� Proventia Desktop

� Best-in-Class Service Level Agreements

� Performance based SLAs

� Multiple Service Level Options

� Standard, Select, Premium

� Choose services per device for custom solutions

� Industry Leading Customer Portal� Embedded X-Force Intelligence

55




Managed Protection ServiceFeatures

� Industry Leading Performance-based SLAs

� Completely Web-Driven Interface – Virtual-SOC Portal enhances � customer control and SOC communications

� 24/7 Expert Monitoring and Management

� Security Incident Escalation

� Standard & Customizable Reporting

� Systrust & SAS-70 Certified SOC

� Integrated Vulnerability Management

� Subscription to XFTAS – Security Intelligence

56




MPS Offerings and Service Levels

57

� Benefit from guaranteed service level agreements and a $50,000 money-back warranty ensuring 100% accountable, reliable protection*

*Money-back payment (for Managed Protection Services - Premium Level only): If IBM Internet Security Systems fails to meet the Security Incidents Prevention Guarantee the customer's account shall be paid US$50,000 for each instance this guarantee has not been met. Please see IBM Internet Security Systems Service Level Agreements for more details.




Managed Security Services (MSS) - Summary

� Industry Proven Managed Security Services

– Managed Network Intrusion Detection / Prevention

– Managed Network Firewall

� Multi-Vendor Security Technology Support

– Firewalls: IBM ISS, Cisco, Check Point, Juniper

– IPS: IBM ISS, McAfee, Sourcefire



– Standard, Select

– Standard, Select, Premium

� Industry Leading Customer Portal

� Embedded X-Force Intelligence

58




� Best-of-Breed Security Platform Support

� ISS (IDS/IPS), Cisco (IDS/IPS), Sourcefire,

McAfee (IPS)

� Check Point, Cisco, Juniper, ISS

� Completely Web-Driven Interface – Virtual-SOC

Portal enhances customer control and SOC

communications



(IPS Service)


59

Managed IPS & Firewall ServiceFeatures

� Industry Leading Performance-based

SLAs


� Integrated Vulnerability Management

� Access to XFTAS – Security Intelligence




Managed IDPS ServiceFeatures Summary – Network

In which document can the latest platform support and sizing information be found?

YesOptionalOut of Band Required:

Optional Add-on Capabilities

When supported by the platform


High Availability:

YesYesSecurity Content Upgrades:

YesYesCustomer Portal Access:

YesYesDetailed Reporting:

Performed by IBMPerformed by IBMDevice management:

Automated plus real-time 24/7 human

analysis; e-mail or telephone escalation

Automated analysis; email escalation

Security event monitoring:

2 IPs Quarterly1 IP QuarterlyVulnerability Management:

Up to 7 Years1 yearLog Storage / Availability:

YesYesHealth and Availability Monitoring:

Performed by IBM, unlimited policy

change requests per month

Performed by IBMPolicy management:

All Attack activity, suspicious activity, and

network misuse

Critical attacks, denial of service, and worms

IDS/IPS:

Select LevelStandard LevelFeatures




Managed Firewall Service (MFW)Features Summary – Network

In which document can the latest platform support and sizing information be found?

YesYesOptionalOut of Band Required:

Optional Add-on Capabilities




High Availability:

YesYesYesApplication / OS Upgrades:

YesYesYesCustomer Portal Access:

YesYesYesDetailed Reporting:

1NoNoEmergency PolicyChanges per Month:

YesNoNoMaintenance Window for Policy / Configuration Changes:

UnlimitedUnlimitedUp to 2 TunnelsSite to Site VPN Support:

YesYesNoClient / SSL VPN Support:

3 IPs Quarterly2 IPs Quarterly1 IP QuarterlyVulnerability Assessment:

Up to 7 yearsUp to 7 Years1 yearLog Storage / Availability

YesYesYesDevice Management:

YesYesYesHealth and Availability Monitoring:

Unlimited42Policy orConfigurationChanges Per Month:

100MB through 1 GBand up*

100MB through 1 GBand up*

Up to 100MB* SupportedBandwidth:

Premium LevelSelect LevelStandard LevelFeatures




Managed Unified Threat Management (UTM) Service

� Unified Threat Management (UTM)

� Customizable support for best-of-breed multi-function devices

� Multi-Vendor Security Technology Support

� IBM ISS, Cisco, Juniper, Check Point



� Standard, Select, Premium

� Industry Leading Customer Portal

� Embedded X-Force Intelligence

62




� Best-of-Breed Security Platform Support

� IBM ISS, Cisco, Juniper, Check Point

� Completely Web-Driven Interface – Virtual-SOC Portal enhances

customer control and SOC communications



� Two Packages

� Protection

� Content

� Multiple Service Levels

� Standard, Select, & Premium




Integrated Vulnerability Management

� Embedded XFTAS – Security Intelligence

63

Managed Unified Threat Management (UTM) ServiceFeatures







� Key Benefits� Centralized command center to

monitor and control Virtual-SOC services

� Run queries and generate reports on multi-vendor security devices, security events, service level agreement (SLA) activity and more

� Automated analysis of security events and logs alerts for remediation

� Unlimited archive system stores one year of online event/log storage and seven years of offline archiving

� Authorized access to portal for increased internal protection

� Integrated with X-Force security intelligence feeds and daily threat assessments

Security Enablement Services




Vulnerability Management Service

� Internal & External Vulnerability Assessments� Vulnerability Remediation Workflow Embedded

� Step-by-step Remediation Actions

� Complete Ticketing System

� Virtual Patch ties to MPS/MSS

� Granular Access Control & Permissions� Fully functioned Reporting� Industry Leading Customer Portal� Embedded X-Force Intelligence

66




� Vulnerability Scan Execution

� Scan will execute +/-1 hour of scheduled time.

� Virtual Patch Application

� Virtual patch will be applied within 2 hours of request.

� Proactive System Monitoring (Internal)

� 15 minute notification of internal agent unreachable.

� Security Content Update

� Content updates completed within 72 hours of release.

� Customer Portal

� 99.9% uptime

� Internet Emergency

� 15 minute notification

67

Vulnerability Management Service - SLAs




Security Event & Log Management Service (SELM)

� Log and Event Collection & Archival

� Syslog, Universal Logging Agent (ULA)

� On Site Aggregation, Compression, Encryption

� Secured Communications

� Forensically Sound Storage

� Automated Alerting (Select Level Only)� Security Incident Tracking� Systrust and SAS-70 Certified SOC� Industry Leading Customer Portal� Embedded X-Force Intelligence

68




X-Force Threat Analysis Service

� X-Force Threat Analysis Service

� News

� Vulnerabilities

� Exploits

� Worms/Virus

� Breaking Security Intelligence Alerts� Configurable Alerting/Advisories� Daily Emails� Direct Feed from X-Force Research

� 30,000+ Records

69




Managed E-mail & Web SecurityFeatures: E-mail

70

� 100% Virus Protection

� 99.2% Spam Effectiveness with 1 in 1 Million False Positives

� 90%+ effective in identifying pornographic attachments

� Enforces Acceptable Use Policy

� Multiple Layers of Defense

� Highly redundant infrastructure

� Assists in stopping confidential information leaving your company





�Anti-Virus

- Multiple Scanners

- Inbound & Outbound Filtering

- Proactive scanning for new threats

- Phishing detection

- Protection for Zero-Hour Outbreaks

- 7-day offsite Virus Quarantine

- 100% protection against known and unknown Viruses

�Anti-Spam

- Multiple filters

- TCP/IP Traffic Shaping

- Highly Effective with minimal False Positives

- Transparent Knowledge Base Updates

- Multiple-handling options, including end user Quarantine; Confidence to “block and delete” on signature detection

- Configurable White and Black lists

Managed E-mail & Web SecurityService Details: E-mail




�Image Control- Proactive Monitoring

- Detects 90%+ of e-mail borne inappropriate image attachments

- Fights Harassment in the workplace and protects Company image

- Configurable Sensitivity settings to adjust based on your appetite for risk

- Supports Compliance with Internet Acceptable Use Policy and Legal Liability

�Content Control- Protect Corporate and brand

reputation

- Maintain Confidential and Intellectual Property

- Advance Policy setting criteria including, Group, Users, Sizes, Types, Times of Day

- Keyword & Contextual Analysis

- Investigate suspicious activity

- Preserve Confidentiality and Security and reduce Legal Liability

- Defend against careless and malicious actions

Managed E-mail & Web SecurityService Details: E-mail




�Web Anti-Virus/Anti-Spyware- Real-time Scanning and Analysis of

Web Traffic

- Combined protection from Spyware, Viruses and all other types of Malware at the Internet level

- Skeptic Technology layered over multiple commercial scanning engines

- Converged Threat Analysis, taking recent threat information from Email and IM and applying to Web

- Customizable Block messages and email alerting

�Web URL Filter- Combined Real-Time filtering with

Sophisticated URL Categorization database

- Policy engine with intuitive rule-building

- MIME and file type lists

- Customizable Block Messages and Email Alerting

- Content Categories include Webmail, blogs, chat and “uncategorized”

- Enforces Web Acceptable Use Policy

- Optimizes bandwidth

Managed E-mail & Web SecurityService Details: Web







Questions?Questions?

IBMRick Young, Account Executive

IBM Internet Security [email protected]


THE VEHICLE THE SKILL THE SOLUTION

Thank You!

Rick Young, Account ExecutiveIBM Internet Security Systems

Date post:	30-Jul-2018
Category:	Documents
Upload:	truongdieu
View:	217 times
Download:	0 times