IBM Internet Security Systems Technical overview

IBM Internet Security Systems IBM ISS Overview

THE VEHICLE

THE SKILL

THE SOLUTION

© Copyright IBM Corporation 2007

IBM Internet Security Systems

Agenda The Evolving Threat IBM Security Framework & IBM ISS Protection Platform IBM X-Force Security Research & Development IBM ISS Proventia Security Products & Solutions IBM Data Security Solutions Break IBM ISS Professional Security Services IBM ISS Managed Security Services

2

Customer Presentation |

Feb 2008



The Security “Perfect” Storm The evolving threat - From notoriety to profit motive The productivity machine - Business enhancements = risk Security costs growing 3x faster than IT budgets - Point product approaches no longer scale Accelerated growth of IP-aware networks - Accelerates IT risk Rapid growth in data - Data is the new currency Compliance mandates - Driving costs and spending 3


Feb 2008



The State of Evolving Threats Expanding e-crime - Big business driven by profit - Innovation to capture new markets (victims) - Victim segmentation and focus - Stealth is the new “black” - Rate of attacks is accelerating - Form of attack is more malicious - Attacks are “designer” in Nature

4


Feb 2008



The real security problem New Methods and Motives: Adding to the complexity and sheer number of risks

IT Innovation: Requiring new ways to secure the new ways we collaborate

Compliance Spending: Investing in more point products to solve more point problems

Flexibility in Business Methods: To improve operations and serve customers

The Global Economy: Driving new security support requirements

Complexity remains the biggest security challenge!* Integration is key to managing the cost and complexity of the evolving landscape *InformationWeek 2008 Security Survey

5


Feb 2008



Not all risks are created equally

frequent

Frequency of Occurrences Per Year

Virus Worms

Data Corruption Disk Failure

1,000

System Availability Failures

100

Application Outage

Network Problem 10

Failure to meet Industry standards Terrorism/Civil Unrest

Failure to meet Compliance Mandates Workplace inaccessibility

infrequent

1 1/10

Building Fire

1/1,000

1/100,000

6

Natural Disaster

Regional Power Failures

1/100

1/10,000

Lack of governance

$1

$10 low


Pandemic

$100 $1,000 $10k $100k $1M $10M Consequences (Single Occurrence Loss) in Dollars per Occurrence high

Feb 2008

$100M



Neither are all Security Solutions…

- The axiom… never spend $100 dollars on a fence to protect a $10 horse

Studies show the Pareto Principle (the 80-20 rule) applies to IT security* - 87% of breaches were considered avoidable through reasonable controls*

Small set of critical security controls provide a disproportionately high amount of coverage - Critical controls address risk at every layer of the enterprise

Cost

Pressure

Find a balance between effective security and cost

Complexity

Effectiveness

Agility

Time

*Sources: W.H. Baker, C.D. Hylender, J.A. Valentine, 2008 Data Breach Investigations Report, Verizon Business, June 2008 ITPI: IT Process Institute, EMA December 2008

- Organizations that use critical security controls have significantly higher performance* 7


Feb 2008



To address these concerns, CIOs are developing contingency plans for their IT organizations CIO strategies for managing in an uncertain environment include: Cutting operating expense Postponing long-term projects in favor of near-term return on investment (ROI) Deferring or reducing capital expenditures Revisiting existing service contracts Seeking productivity increases in their existing infrastructure Postponing hiring of additional IT staff Postponing the launch of new initiatives …CIOs are being challenged to realize near term cost reductions while continuing to drive structural change 8


Feb 2008



Security Optimization can help gain operational efficiencies and IT capacity -to save money and increase investments in new solutions IT Spending – Liberating Funds 100%

IT Spending

New Solutions

Application Enhancements

Liberated funding for direct saving or transformational investment Strategic Change Capacity New Solutions Cost of Operations

Operations Support

Operations Maintenance

“Security Optimization Services”

Application Enhancements Operations Support Operations Maintenance

9


Feb 2008



Optimization of Security and Resiliency Redefine and Simplify Risk and Risk Management -

Re-evaluating business priorities to balance risk in light of evolving challenges and business Requirements

Establish a Total Security Framework and Solutions Portfolio -

Take Inventory of current security and continuity practices

-

Leverage innovation and integration and global expertise

Simplify the Security & Risk Lifecycle -

Aligning with business processes to ensure continuous improvement, Cost & Complexity removal

Join with a Transformative Security Partner

10

-

Call in the experts

-

Leverage global knowledge and learning


Feb 2008



11


Feb 2008



IBM Solutions for Security and Resiliency deliver sustainable and optimized business operations Designed to:

Enable innovation through secured, end-to-end infrastructure and platforms

Reduce number and complexity of required security controls

Reduce redundant security expenses

Improve organizational and operational agility and resiliency

Leverage industry expertise to help unify policy management

Deliver needed visibility, control and automation

IBM Systems Group

12 12


Feb 2008



IBM Security Framework Control

13


Feb 2008

Description

Identity & Access Management

Process for assuring access to enterprise resources has been given to the right people, at the right time

Encryption and Key Management

Capability enabling use of pre-existing investments by providing central management of encryption keys

Database Protection

Capability that allows for granular protection of data in test and production databases

Release Management

Process for assuring efficiency and integrity of the software development lifecycle

Change & Configuration Management

Process for assuring routine, emergency and outof-band changes are made efficiently, and in such a manner as to prevent operational outages.

Threat & Vulnerability Management

Process and capabilities designed to protect the enterprise infrastructure from new and emerging threats

Problem & Incident Management

Automated workflow and Service Desk designed to assure incidents are escalated and addressed in a timely manner

Security Information & Event Management

Automated log management, monitor and report security and compliance posture

Compliance Reporting and Management

Automated processes for compliance certification, reporting and remediation (E.g. PCI)



IBM Internet Security Systems Protection Platform Among the most advanced and complete security architectures ever developed— delivering preemptive security Integrated security intelligence Comprehensive suite of professional security services Single, integrated view into the network Platform and service extensibility Correlation and integration of multiple data sources Underlying “best-in-breed” appliances 24/7 outsourced security management Improved system uptime and performance without a large investment in technology or resources Guaranteed protection services

14


Feb 2008

Protection Platform © Copyright IBM Corporation 2007


IBM Security - Backed by the IBM X-Force® Research Team Research

Technology

Original Vulnerability Research Public Vulnerability Analysis

Solutions

X-Force Protection Engines Extensions to existing engines New protection engine creation

X-Force XPU’s Security Content Update Development Security Content Update QA

Malware Analysis Threat Landscape Forecasting

X-Force Intelligence

Protection Technology Research

X-Force Database Feed Monitoring and Collection Intelligence Sharing

The X-Force team delivers reduced operational complexity – helping to build integrated technologies that feature “baked-in” simplification

15


Feb 2008



“Ahead Of The Threat” X-Force found Mozilla Unicode URL Stack Overflow. IBM Customers protected. May 13, 2008

September 23, 2008 Adobe Reader and Adobe Acrobat Remote Code Execution Vulnerability Discovered

X-Force updated protection engines and vulnerability database

Mozilla Unicode URL Stack Overflow public disclosure

IBM Customers protected. February 13, 2008

February 7, 2008

August 2008 Widespread Exploitation in the wild MySQL targeted by automated SQL injected attacks Vulnerability Discovered IBM Customers protected. November 13, 2007

April 22, 2008 Automated SQL Injection Attacks

16


Feb 2008



Ahead Of The Threat Vulnerability

Discovered by:

Multiple (3) Microsoft Windows TCP/IP Remote Code Execution and DoS Vulnerabilities

X-Force

Adobe Flash Player Invalid Pointer Vulnerability

X-Force

Multiple Vendors Vulnerable to DNS Cache Poisoning

Dan Kaminski

Microsoft Windows Server Service RPC Code Execution

CVSS Base Score 10 / 7.4

In the wild

Vendor Disclosure

ISS Protection Shipped

Jan 8, 2008 MS08-001 – Critical CVE-2007-0066 and CVE2007-0069

Jan 8, 2007 SSM_List_BO

9.3 / 6.9

April 8, 2008 APSB08-11 CVE-2007-0071

Nov 13, 2007 Multimedia_File_Overflow

6.4 / 5.3

July, 2008 (Several) 2006 CVE-2008-1447

May 29, 2003 HTTP_GET_SQL_UnionSelect Nov 13, 2007 – July 17 2008 DNS_Cache_Poison Aug 12, 2008 DNS_Cache_Poison_Subdomain_ Attack

10/8.7

Oct 23, 2008* MS08-067 – Critical CVE-2008-4250

Days Ahead of Threat

Block by default?

1 year

Yes, drop packet

Aug 16, 2007 ICMP_Router_Advertisement_DOS

Aug 8, 2006 MSRPC_Srvcs_Bo

Yes, drop packet

150 days

Yes, via rewrite

~ 5 yrs

Yes, Block connection

240 days – present

Yes, Drop Packet Yes, drop packet

22 months

Block connection

Oct 27, 2008 MSRPC_Srvsvc_Bo

17


Feb 2008



Ahead of the Threat: Conficker Nov 21, 2008 Conficker.A discovered

Dec 29, 2008 Conficker.B discovered

DEC-08

JAN-09

Feb 20, 2009 Conficker.B++/C discovered

FEB-09

Mar 4, 2009 Conficker.C/D discovered

MAR-09

APR-09

X-Force is the first to reverse- engineer the worm’s Peer-to-Peer communication protocol.

18


Feb 2008



Proventia® Network IPS IBM ISS Virtual Patch What it does… - Provides a buffer of time where newly discovered vulnerabilities are addressed before scheduled patches can be applied.

How it works… - X-Force™ research focuses on high-risk security vulnerabilities. - Virtual PatchTM technology focuses on the underlying vulnerability instead of the exploit.

How this helps… - Prevent zero-day attacks & conveniently manage new patches.

Why IBM ISS… - X-Force leads the industry in primary vulnerability research.

19


Feb 2008



20


Feb 2008



The Power To Deliver The Most Advanced Internet Security Solutions Security Products Central Management Platform Network Intrusion Protection System Virtual IPS & Web Application Security Host-based Intrusion Protection System Enterprise Vulnerability Management Multi-Function Security (UTM) Enterprise Data Leakage Protection Endpoint Data Leakage Protection Network Data Leakage Protection

Gartner has positioned ISS in the leader quadrant of the Magic Quadrant for Managed Security Service Providers & Intrusion Prevention products

21


NSS IPS + Enterprise 2006 Award **The GX5108 was the first in the industry to receive the IPS + Enterprise certification**

Feb 2008

Certified by J.D. Power and Associates for Technology Service and Support Excellence - First in Security Industry To Be Certified - First Technology Company To Be Certified Globally

ISS Named Best Security Company USA by SC Magazine. February 2006



Uncompromising Protection for Every Layer of Your Network

22


Feb 2008



“This one’s a bit of an Eye Chart!”

23


Feb 2008




IBM Proventia® Network Intrusion Prevention Business Challenges

24


Feb 2008

The Proventia Solution




IBM Proventia® Network Intrusion Prevention The most complete portfolio available

25


Feb 2008




IBM Proventia® Network Intrusion Prevention

26


Feb 2008

Model

Ports

US List

GX4002 GX4004

2 4

$10,995 $15,995

GX5008 GX5108 GX5208

8 8 8

$37,995 $57,995 $85,995

GX6116

16

$188,995




IBM Proventia® Server Business Challenges

The Proventia Solution • Reduces security costs, protects server environments and reduces downtime

• Managing disperse security agents • Demonstrating risk and compliance • Protecting critical data, intellectual property and access to vulnerable servers • Maintaining server uptime along while providing strong host intrusion prevention technologies • Tracking file access and changes among business critical servers

• Enforces corporate security policy for servers • Provides out-of-the-box protection with advanced intrusion prevention and blocking • Utilizes multiple layers of defense to provide preemptive protection • Support operating system migration paths • Protects at-risk systems before vendor-supplied patches are available

Industry’s broadest operating system support:

27


Feb 2008




IBM Proventia® Network Enterprise Scanner Business Challenges

The Proventia Solution

• Managing enterprise security risk

• Increase network uptime and bandwidth

• Demonstrating risk reduction and compliance

• Perform fast, accurate vulnerability scans

• Optimizing protection against existing vulnerabilities

• Free up resources by automating the scan process

• Automating the vulnerability scanning process

• Leverage your existing IT infrastructure

• Managing the vulnerability remediation workflow

• Monitor vulnerability status and maintain compliance

• Improving efficiency and decreasing operating costs

• Combine with Proventia® Platform for “Scan and Block” capabilities

#1 Network VA Vendor (2005)

28


Feb 2008




IBM Proventia® Network Multi-Function Security Business Challenges • Protect your business from internet threats without jeopardizing bandwidth or availability • Secure your end users from spam, incompliant activity and other productivity drainers • Conserve your resources by eliminating the need for special security expertise

The Proventia Solution • Complete protection against all types of Internet threats, with firewall, intrusion prevention, and Virus Prevention System • Spam effectiveness ~95%, define Web browsing policies, filter database of +63 Million URLs in 62 categories • “Set and forget” security, automatically updated to protect against the next threat and tailored to needs of your small business or remote offices

29


Feb 2008




IBM Proventia® SiteProtector Business Challenges • Enterprise-wide view of asset, threat & vulnerability data • Comprehensive visibility into network communications • Securing Enterprise asset • Keeping the network available, bandwidth utilization • Maintaining too many security management systems • Acceptable use of network resources

The Proventia Solution • •

• • • •

30


Feb 2008

Documents the security process Provides centralized management of high performance network security in addition to host and gateway devices Ease of use through console consolidation Offers visibility through the detection system Enables keeping ahead of rising standard of due care Keeps workflow support for policy mgmt, incident response and vulnerability remediation




31


Feb 2008



IBM Data Security Services Endpoint Encryption - powered by PGP Corporation - Full Disk (protect data when device lost or stolen) - File / folder / vdisk / removable media, shared media

Endpoint Data Loss Prevention (eDLP) - powered by Verdasys Inc. - Automated discovery of sensitive content, classifying / tagging of files, - Policy-based enforcement of data protection policy (notify, block, encrypt, remove, relocate) - Close the gap between user action and automated policy-enforced action - Removable media port control with Fine-grain control of external I/O ports

Network Data Loss Prevention (nDLP) - powered by Fidelis Security Systems - Policy-based enforcement of data protection policy (notify, block, encrypt, remove, relocate)

Activity Compliance Monitoring & Reporting - powered by Application Security Inc. and Tivoli Compliance Insight Manager (TCIM) - Help assess the security strength of network-based database applications by identifying vulnerabilities - Locate, examine, report on and suggests fixes for security holes and misconfigurations - Policy-based, compliance-focused solution to monitor user activity across heterogeneous systems

http://www-935.ibm.com/services/us/index.wss/offerfamily/gts/a1027705 32


Feb 2008



Enterprise Content Protection (ECP) Prevent leakage of sensitive data outside and inside. Protect valuable information and comply with regulations. Framework allowing tailored solution for protection at the network and endpoint levels. In combination, or as separate components (Network / Endpoint) Proven, best technical capability from IBM Business Partners integrating with IBM Professional Security Services and Managed Security Services to protect data, brands, intellectual property and resources. Scalable to support the enterprise of any size and distribution

33


Feb 2008



Definition: “Podslurping”

Podslurping: the act of using a portable data storage device such as an iPod digital audio player to illicitly download large quantities of confidential data by directly plugging it into a computer where the data is held, and which may be on the inside of a firewall. As these storage devices become smaller and their storage capacity becomes greater, they are becoming an increasing security risk to companies and government agencies.

34


Feb 2008



Enterprise Content Protection (ECP) Automated discovery of sensitive content, classifying / tagging of files Policy-based enforcement of data protection policy (prevent, allow, encrypt, etc.) Close the gap between user action and automated policy-enforced action Endpoint – Network – Server / Data Center

Key Business Partners: - Fidelis Security Systems - Verdasys

35


Feb 2008



Data-Centric Data-Centric Security Security Process Process Where and What is Sensitive Data

What is the User Doing With It?

Where Is the Data Going?

Apply Risk Appropriate Policy & Actions

Unstructured Data

Discovery Desktops Laptops Servers

Read

Devices

Write

Detection

Warn

Move

Classification Tagging

Print

Content

Burn

Similarity Keyword Pattern Dictionary

Awareness

Applications

Structured Data

Context

Encrypt Networks

Delete Modify

Protection

Block

View

Server Application File Type User

Prompt Justify

Copy/Paste Upload

Alert

Prevention

Mask Email

Need to Know

Continuous Audit Logging

36


Feb 2008



Complementary technologies, comprehensive protection

FW

Complementary technologies - IBM ISS Proventia™ prevents intrusions, attacks and compromises - Fidelis XPS™ prevents leakage of sensitive content

Comprehensive protection

- Inbound and outbound security for enterprise networks - Asymmetrical depth of defense 37

37


Feb 2008



38

38


Feb 2008



SiteProtector Unified Enterprise Security Console for all products

Enterprise Protection Products

Vulnerability Assessment

Enterprise Scanner helps to ensure the availability of your revenue producing services and protects your corporate data by identifying where risk exists, prioritizing and assigning protection activities, and then reporting on results

39

39

Network Protection Server Protection Behavior Protection

High performance network security with real-time attack, malicious code and hybrid threat blocking. Allows secure open transactions in a SOA environment which is an effective way to preserve network availability, reduce the burden on your IT resources and prevent security breaches. Protects Email systems and the data that can leak from these systems


Feb 2008

Data Security -- Provides historical data that enables companies to find the origin of a change, breach or string of behavior Insider Threats -- Tracks the who, what, when, where of user/administrator behavior Compliance -- Provides the reporting necessary to prove the security of sensitive information

Data Security Services

IBM Proventia Network Anomaly Detection System (ADS) is designed to deliver a clear view of your network's behavior while automatically detecting active security threats, risky user behavior, performance issues and noncompliant activities, such as policy violations and unapproved network changes.



BREAK

40


Feb 2008



41


Feb 2008



ISS Professional Security Services Professional Security Services -

Assessment Services • • • • •

Application Security Assessment Information Security Assessment Penetration Testing PCI Assessments SCADA Assessment

- Design Services

- Education Services - Emergency Response Services Benefits

- Identification of security weaknesses • Unsecured networks and applications • Weak security policies

- Implementation of a best practices approach to security - Aid compliance with regulations • SoX, HIPAA, GLB, PCI

42


Feb 2008



IBM ISS Professional Security Services ADDME - A Proven Methodology Phase 5. Education

Phase 1. Assessment

IBM ISS Product Training

Security Awareness Training

Information Security Assessment

Application Security Assessment

Penetration Testing PCI Assessment SCADA Assessment Policy and ISO 17799 Gap Analysis

Phase 4. Management and Support

Phase 2. Design

Emergency Response Service

Implementation Planning

Forensic Analysis Service

Network Security Architecture Design

Staff Augmentation and Support

Policy Design and Development Standards and Procedures Development

Phase 3. Deployment

Deployment Services

Migration Services

43


Feb 2008



Application Security Assessment (ASA) Application security an often-overlooked part of a security plan - Applications house companies’ critical data – customer information, HR data and intellectual property - Security holes in custom applications create opportunities for attackers

ASA looks for the vulnerabilities in Web and custom applications - Comprehensive vulnerability assessment of the application and network infrastructure directly supporting the application - Remote attack simulation in which security experts attempt to penetrate an application, using techniques similar to those used by malicious attackers - Targeted code review to provide solid recommendations for improving application security - Assessments performed by security consultants with application development backgrounds

Detailed report of findings - Specific recommendations for remediating any vulnerability found

44


Feb 2008



Information Security Assessment (ISA) Comprehensive evaluation of an organization’s security posture - Based on ISO 17799 security standard and industry best practices - Provides complete internal and external assessment of information security state

Provides a clear understanding of current information security risks - Identifies the potential impact of vulnerabilities - Raises internal awareness of information security risks - Enables more informed decision-making and identifies the gaps in organizational security controls, policies and processes - Provides a specific, actionable plan to improve overall security posture based on business needs - Helps to meet regulatory compliance requirements

Includes a thorough assessment of: - Information security policies - Procedures, controls and mechanisms - Physical security - Networks, servers, desktops and databases

Detailed deliverables - Prioritized, actionable remediation steps presented in a workshop format 45


Feb 2008



PCI Compliance Services IBM ISS is a Qualified Security Assessor (QSA), having met the requirements as a QSAC to perform PCI assessments IBM ISS is a Approved Scanning Vendor (ASV), having met the requirements to perform PCI DSS-approved quarterly network scans ISS PCI services include: - PCI Assessments • Pre-assessment • Annual on-site audit and Report on Compliance (ROC) • Quarterly network scans

- Remediation • Assistance remediating any issues found during preassessment

- Payment Application Assessments • Assessing the security of payment applications • IBM ISS is an Approved Qualified Payment Application Security Company (QPASC)

- Visa Cardholder Information Security Program (CISP) Incident Response • IBM ISS is a Visa Qualified CISP Incident Response Assessor • IBM ISS can respond to security incidents and provide forensic analysis when there is a loss of cardholder data

46


Feb 2008



Penetration Testing

Penetration testing uncovers network vulnerabilities and assesses the business risk of those vulnerabilities - Real-life network attack simulation in which security experts attempt to penetrate a network mimicking the techniques used by malicious attackers - Demonstrates how attackers can significantly impact a business

IBM ISS security expertise - More than a simple vulnerability assessment • Use of a combination of proprietary and industry-leading security assessment tools, complete with an in-depth analysis of vulnerability data by a security expert

- Leverages security intelligence of ISS X-Force

Detailed deliverables - Prioritized, actionable remediation steps

47


Feb 2008



Emergency Response Services Incident response, preparedness planning and forensic analysis experts - Responds quickly to attacks in progress - Works with customers to develop customized emergency response plans to minimize the effect of future attacks

Customers benefit from: - Immediate attack response 24/7/365 to stop attacks in progress and minimize their impact - Forensic analysis to help find and prosecute perpetrators - Incident response methodology that includes steps for analysis and intelligence gathering, containment, eradication, recovery and prevention - Customized incident response plans and procedures to guide you in case of an attack

Available as a subscription service or as an on demand service - Subscription service includes incident response planning and phone support to help customers prepare before a security incident occurs

Customers experiencing a security emergency can call the IBM ISS Emergency Response Team 24/7/365:

48


Feb 2008



Additional IBM ISS Professional Security Services Governance, Risk & Compliance Services -

Strategic Threat & Risk Analysis (TRA) Security Policy Development Network Security Architecture Design Security Technology Implementation Planning Deployment Consulting Staff Augmentation Professional Services

Identity & Access Management (IAM) Professional Services - Specifically with respect to Tivoli Identity Manager (TIM) and Tivoli Access Manager (TAM) design, installation & configuration

49


Feb 2008



50


Feb 2008



The Power To Deliver The Most Advanced Internet Security Solutions Managed Security Services Managed Protection Services Managed and Monitored Firewall Services Managed IDS/IPS Services Vulnerability Management Service Security Event and Log Management Services Managed E-mail and Web Security Services

51


Feb 2008



IBM Global Security Operations and R&D

IBM has the unmatched global expertise to deliver complete solutions – and manage the cost and complexity of security 52


Feb 2008



Breadth of Services

53


Feb 2008



Breadth of Services Managed Security Services Key Benefits Protect company assets, brand reputation and business continuity with 24x7 reliable monitoring and management Reduces in-house security costs by up to 55 percent Achieves security compliance with industry and governmental regulations Maximizes existing security investments Improves productivity by freeing IT resources to focus on strategic initiatives Reassures clients, partners and shareholders that critical data is protected by trusted resources Reduces operational complexity

54


Feb 2008



Managed Protection Services (MPS) Guaranteed Protection Services Based on IBM ISS Security Technologies Proventia G (IDPS) Proventia M (UTM) Proventia Server Proventia Desktop

Best-in-Class Service Level Agreements Performance based SLAs

Multiple Service Level Options Standard, Select, Premium Choose services per device for custom solutions

Industry Leading Customer Portal Embedded X-Force Intelligence

55 55


Feb 2008



Managed Protection Service Features Industry Leading Performance-based SLAs Completely Web-Driven Interface – Virtual-SOC Portal enhances customer control and SOC communications 24/7 Expert Monitoring and Management Security Incident Escalation Standard & Customizable Reporting Systrust & SAS-70 Certified SOC Integrated Vulnerability Management Subscription to XFTAS – Security Intelligence 56 56


Feb 2008



MPS Offerings and Service Levels

Benefit from guaranteed service level agreements and a $50,000 money-back warranty ensuring 100% accountable, reliable protection* *Money-back payment (for Managed Protection Services - Premium Level only): If IBM Internet Security Systems fails to meet the Security Incidents Prevention Guarantee the customer's account shall be paid US$50,000 for each instance this guarantee has not been met. Please see IBM Internet Security Systems Service Level Agreements for more details.

57 57


Feb 2008



Managed Security Services (MSS) - Summary Industry Proven Managed Security Services – Managed Network Intrusion Detection / Prevention – Managed Network Firewall

Multi-Vendor Security Technology Support – Firewalls: IBM ISS, Cisco, Check Point, Juniper – IPS: IBM ISS, McAfee, Sourcefire

Best-in-Class Service Level Agreements Multiple Service Level Options – Standard, Select – Standard, Select, Premium

Industry Leading Customer Portal Embedded X-Force Intelligence

58 58


Feb 2008



Managed IPS & Firewall Service Features

Best-of-Breed Security Platform Support

Industry Leading Performance-based SLAs

Systrust & SAS-70 Certified SOC

Integrated Vulnerability Management

Access to XFTAS – Security Intelligence

ISS (IDS/IPS), Cisco (IDS/IPS), Sourcefire, McAfee (IPS) Check Point, Cisco, Juniper, ISS

Completely Web-Driven Interface – Virtual-SOC Portal enhances customer control and SOC communications

24/7 Expert Monitoring and Management

Security Incident Escalation (IPS Service)

Standard & Customizable Reporting

59 59


Feb 2008



Managed IDPS Service Features Summary – Network Features

Standard Level

Select Level

Critical attacks, denial of service, and worms

All Attack activity, suspicious activity, and network misuse

Policy management:

Performed by IBM

Performed by IBM, unlimited policy change requests per month

Device management:

Performed by IBM

IDS/IPS:

In which document can the latest platform support and sizing information be found?

Security event monitoring:

Performed by IBM

Automated analysis; email escalation

Automated plus realtime 24/7 human analysis; e-mail or telephone escalation

1 IP Quarterly

2 IPs Quarterly

1 year

Up to 7 Years

Health and Availability Monitoring:

Yes

Yes

Security Content Upgrades:

Yes

Yes

Customer Portal Access:

Yes

Yes

Detailed Reporting:

Yes

Yes

Optional

Yes

Vulnerability Management: Log Storage / Availability:

Out of Band Required:

Optional Add-on Capabilities High Availability:

60 60


Feb 2008

When supported by the platform




Managed Firewall Service (MFW) Features Summary – Network Features

Standard Level

Select Level

Premium Level

Up to 100MB*

100MB through 1 GB and up*

100MB through 1 GB and up*

2

4

Unlimited

No

No

1

No

No

Yes

Site to Site VPN Support:

Up to 2 Tunnels

Unlimited

Unlimited

Client / SSL VPN Support:

No

Yes

Yes

Vulnerability Assessment:

1 IP Quarterly

2 IPs Quarterly

3 IPs Quarterly

Log Storage / Availability

1 year

Up to 7 Years

Up to 7 years

Device Management:

Yes

Yes

Yes

Health and Availability Monitoring:

Yes

Yes

Yes

Application / OS Upgrades:

Yes

Yes

Yes

Customer Portal Access:

Yes

Yes

Yes

Detailed Reporting:

Yes

Yes

Yes

Optional

Yes

Yes

Supported Bandwidth: Policy or Configuration In which document Changes Per Month: can the latest Policy platform support Emergency and Changes per Month: sizing information be found? Maintenance Window for Policy / Configuration Changes:

Out of Band Required:

Optional Add-on Capabilities High Availability: 61 61


Feb 2008



When supported by the platform © Copyright IBM Corporation 2007


Managed Unified Threat Management (UTM) Service Unified Threat Management (UTM) Customizable support for best-of-breed multi-function devices

Multi-Vendor Security Technology Support IBM ISS, Cisco, Juniper, Check Point

Best-in-Class Service Level Agreements Multiple Service Level Options Standard, Select, Premium

Industry Leading Customer Portal Embedded X-Force Intelligence 62 62


Feb 2008



Managed Unified Threat Management (UTM) Service Features

Best-of-Breed Security Platform Support IBM ISS, Cisco, Juniper, Check Point Completely Web-Driven Interface – Virtual-SOC Portal enhances customer control and SOC communications 24/7 Expert Monitoring and Management Security Incident Escalation Two Packages Protection

63 63

Content Multiple Service Levels Standard, Select, & Premium Standard & Customizable Reporting Industry Leading Performance-based SLAs Systrust & SAS-70 Certified SOC Integrated Vulnerability Management Embedded XFTAS – Security Intelligence


Feb 2008



64


Feb 2008



Security Enablement Services Key Benefits

Centralized command center to monitor and control Virtual-SOC services Run queries and generate reports on multi-vendor security devices, security events, service level agreement (SLA) activity and more Automated analysis of security events and logs alerts for remediation Unlimited archive system stores one year of online event/log storage and seven years of offline archiving Authorized access to portal for increased internal protection Integrated with X-Force security intelligence feeds and daily threat assessments

65


Feb 2008



Vulnerability Management Service Internal & External Vulnerability Assessments Vulnerability Remediation Workflow Embedded Step-by-step Remediation Actions Complete Ticketing System Virtual Patch ties to MPS/MSS

Granular Access Control & Permissions Fully functioned Reporting Industry Leading Customer Portal Embedded X-Force Intelligence

66 66


Feb 2008



Vulnerability Management Service - SLAs Vulnerability Scan Execution Scan will execute +/-1 hour of scheduled time.

Virtual Patch Application Virtual patch will be applied within 2 hours of request.

Proactive System Monitoring (Internal) 15 minute notification of internal agent unreachable.

Security Content Update Content updates completed within 72 hours of release.

Customer Portal 99.9% uptime

Internet Emergency 15 minute notification

67 67


Feb 2008



Security Event & Log Management Service (SELM) Log and Event Collection & Archival Syslog, Universal Logging Agent (ULA) On Site Aggregation, Compression, Encryption Secured Communications Forensically Sound Storage

Automated Alerting (Select Level Only) Security Incident Tracking Systrust and SAS-70 Certified SOC Industry Leading Customer Portal Embedded X-Force Intelligence

68 68


Feb 2008



X-Force Threat Analysis Service X-Force Threat Analysis Service News Vulnerabilities Exploits Worms/Virus

Breaking Security Intelligence Alerts Configurable Alerting/Advisories Daily Emails Direct Feed from X-Force Research 30,000+ Records

69 69


Feb 2008



Managed E-mail & Web Security Features: E-mail 100% Virus Protection 99.2% Spam Effectiveness with 1 in 1 Million False Positives 90%+ effective in identifying pornographic attachments Enforces Acceptable Use Policy Multiple Layers of Defense Highly redundant infrastructure Assists in stopping confidential information leaving your company Industry Leading Performance-based SLAs

70 70


Feb 2008



Managed E-mail & Web Security Service Details: E-mail

Anti-Virus

Anti-Spam

-

Multiple Scanners Inbound & Outbound Filtering Proactive scanning for new threats Phishing detection Protection for Zero-Hour Outbreaks - 7-day offsite Virus Quarantine - 100% protection against known and unknown Viruses

71


Feb 2008

- Multiple filters - TCP/IP Traffic Shaping - Highly Effective with minimal False Positives - Transparent Knowledge Base Updates - Multiple-handling options, including end user Quarantine; Confidence to “block and delete” on signature detection - Configurable White and Black lists



Managed E-mail & Web Security Service Details: E-mail

Image Control - Proactive Monitoring - Detects 90%+ of e-mail borne inappropriate image attachments - Fights Harassment in the workplace and protects Company image - Configurable Sensitivity settings to adjust based on your appetite for risk - Supports Compliance with Internet Acceptable Use Policy and Legal Liability

72


Feb 2008

Content Control - Protect Corporate and brand reputation - Maintain Confidential and Intellectual Property - Advance Policy setting criteria including, Group, Users, Sizes, Types, Times of Day - Keyword & Contextual Analysis - Investigate suspicious activity - Preserve Confidentiality and Security and reduce Legal Liability - Defend against careless and malicious actions © Copyright IBM Corporation 2007


Managed E-mail & Web Security Service Details: Web

Web Anti-Virus/AntiSpyware -

-

-

73

Web URL Filter

- Combined Real-Time filtering with Sophisticated URL Categorization Real-time Scanning and Analysis of database Web Traffic - Policy engine with intuitive rule-building Combined protection from Spyware, Viruses and all other types of Malware - MIME and file type lists at the Internet level - Customizable Block Messages and Skeptic Technology layered over Email Alerting multiple commercial scanning engines - Content Categories include Webmail, Converged Threat Analysis, taking blogs, chat and “uncategorized” recent threat information from Email - Enforces Web Acceptable Use Policy and IM and applying to Web - Optimizes bandwidth Customizable Block messages and email alerting


Feb 2008



74


Feb 2008



IBM

Rick Young, Account Executive IBM Internet Security Systems [email protected]

Questions?

75


Feb 2008


Thank You! Rick Young, Account Executive IBM Internet Security Systems

THE VEHICLE

THE SKILL

THE SOLUTION


IBM Internet Security Systems Technical overview

Recommend Documents