ibm internet security systems · ibm internet security systems protection platform among the most...
TRANSCRIPT
© Copyright IBM Corporation 2007
THE VEHICLE THE SKILL THE SOLUTION
IBM Internet Security Systems
IBM ISS Overview
Customer Presentation | Feb 20082
IBM Internet Security Systems
© Copyright IBM Corporation 2007
Agenda
� The Evolving Threat
� IBM Security Framework & IBM ISS Protection Platform
� IBM X-Force Security Research & Development
� IBM ISS Proventia Security Products & Solutions
� IBM Data Security Solutions
� Break
� IBM ISS Professional Security Services
� IBM ISS Managed Security Services
Customer Presentation | Feb 20083
IBM Internet Security Systems
© Copyright IBM Corporation 2007
The Security “Perfect” Storm
� The evolving threat
- From notoriety to profit motive� The productivity machine
- Business enhancements = risk� Security costs growing 3x faster than IT budgets
- Point product approaches no longer scale� Accelerated growth of IP-aware networks
- Accelerates IT risk� Rapid growth in data
- Data is the new currency� Compliance mandates
- Driving costs and spending
Customer Presentation | Feb 20084
IBM Internet Security Systems
© Copyright IBM Corporation 2007
The State of Evolving Threats
� Expanding e-crime
- Big business driven by profit
- Innovation to capture new
markets (victims)
- Victim segmentation and focus
- Stealth is the new “black”
- Rate of attacks is accelerating
- Form of attack is more
malicious
- Attacks are “designer”
in Nature
Customer Presentation | Feb 20085
IBM Internet Security Systems
© Copyright IBM Corporation 2007
IT Innovation: Requiring new ways to
secure the new ways we collaborate
The Global Economy: Driving new security support requirements
Compliance Spending: Investing in more point products to solve more point problems
New Methods and Motives:Adding to the complexity and sheer number of risks
Flexibility in Business Methods:
To improve operations and serve customers
The real security problem
Complexity remains the biggest security challenge!*Integration is key to managing the cost and complexity of the evolving landscape
*InformationWeek 2008 Security Survey
Customer Presentation | Feb 20086
IBM Internet Security Systems
© Copyright IBM Corporation 2007
Not all risks are created equally
Frequency ofOccurrences
Per Year
1,000
100
10
1
1/10
1/100
1/1,000
1/10,000
1/100,000
$1 $10 $100 $1,000 $10k $100k $1M $10M $100M
fre
quen
tin
fre
que
nt
Consequences (Single Occurrence Loss) in Dollars per Occurrencelow high
Virus
Worms Disk Failure
System Availability Failures
Pandemic
Natural Disaster
Application Outage
Data Corruption
Network Problem
Building Fire
Terrorism/Civil UnrestFailure to meet
Compliance MandatesWorkplace inaccessibility
Failure to meet Industry standards
Regional Power Failures
Lack of governance
Customer Presentation | Feb 20087
IBM Internet Security Systems
© Copyright IBM Corporation 2007
Neither are all Security Solutions…
�Find a balance between effective security and cost
- The axiom… never spend $100 dollars on a fence to protect a $10 horse
�Studies show the Pareto Principle (the 80-20 rule) applies to IT security*
- 87% of breaches were considered avoidable through reasonable controls*
�Small set of critical security controls provide a disproportionately high amount of coverage
- Critical controls address risk at every layer of the enterprise
- Organizations that use critical security controls have significantly higher performance*
*Sources: W.H. Baker, C.D. Hylender, J.A. Valentine, 2008 Data Breach
Investigations Report, Verizon Business, June 2008
ITPI: IT Process Institute, EMA December 2008
Cost
Effectiveness
Agility
Time
ComplexityPre
ss
ure
Customer Presentation | Feb 20088
IBM Internet Security Systems
© Copyright IBM Corporation 2007
To address these concerns, CIOs are developing contingency plans for their IT organizations
CIO strategies for managing in an uncertain environment include:
� Cutting operating expense
� Postponing long-term projects in favor of near-term return on investment (ROI)
� Deferring or reducing capital expenditures
� Revisiting existing service contracts
� Seeking productivity increases in their existing infrastructure
� Postponing hiring of additional IT staff
� Postponing the launch of new initiatives
…CIOs are being challenged to realize near term cost reductions while continuing to drive structural change
Customer Presentation | Feb 20089
IBM Internet Security Systems
© Copyright IBM Corporation 2007
Security Optimization can help gain operational efficiencies and IT capacity --to save money and increase investments in new solutions
IT S
pendin
g
Operations Support
Operations Maintenance
New Solutions
Application EnhancementsStrategic Change
Capacity
Cost ofOperations
Operations Maintenance
Operations Support
New Solutions
Application Enhancements
Liberated funding
for direct saving or
transformational
investment
100%
IT Spending – Liberating Funds
“Security
Optimization Services”
Customer Presentation | Feb 200810
IBM Internet Security Systems
© Copyright IBM Corporation 2007
Optimization of Security and Resiliency
� Redefine and Simplify Risk and Risk Management
- Re-evaluating business priorities to balance risk in light of evolving challenges and business Requirements
� Establish a Total Security Framework and Solutions Portfolio
- Take Inventory of current security and continuity practices
- Leverage innovation and integration and global expertise
� Simplify the Security & Risk Lifecycle
- Aligning with business processes to ensure continuous improvement, Cost & Complexity removal
� Join with a Transformative Security Partner
- Call in the experts
- Leverage global knowledge and learning
Customer Presentation | Feb 200812
IBM Internet Security Systems
© Copyright IBM Corporation 200712
IBM Solutions for Security and Resiliency deliver sustainable and optimized business operations
Designed to:
� Enable innovation through secured, end-to-end infrastructure and platforms
� Reduce number and complexity of required security controls
� Reduce redundant security expenses
� Improve organizational and operational agility and resiliency
� Leverage industry expertise to help unify policy management
� Deliver needed visibility, control and automation
IBM Systems Group
Customer Presentation | Feb 200813
IBM Internet Security Systems
© Copyright IBM Corporation 2007
IBM Security Framework
Automated log management, monitor and report security and compliance posture
Security Information & Event Management
DescriptionControl
Process for assuring efficiency and integrity of the software development lifecycle
Release Management
Capability that allows for granular protection of data in test and production databases
Database Protection
Capability enabling use of pre-existing investments by providing central management of encryption keys
Encryption and Key Management
Process for assuring access to enterprise resources has been given to the right people, at the right time
Identity & Access Management
Automated processes for compliance certification, reporting and remediation (E.g. PCI)
Compliance Reporting and Management
Automated workflow and Service Desk designed to assure incidents are escalated and addressed in a timely manner
Problem & Incident Management
Process and capabilities designed to protect the enterprise infrastructure from new and emerging threats
Threat & Vulnerability Management
Process for assuring routine, emergency and out-of-band changes are made efficiently, and in such a manner as to prevent operational outages.
Change & Configuration Management
Customer Presentation | Feb 200814
IBM Internet Security Systems
© Copyright IBM Corporation 2007
IBM Internet Security Systems Protection Platform
Among the most
advanced and complete
security architectures
ever developed—
delivering preemptive
security
Protection Platform
� Integrated security intelligence
� Comprehensive suite of professional security services
� Single, integrated view into the network
� Platform and service extensibility
� Correlation and integration of multiple data sources
� Underlying “best-in-breed” appliances
� 24/7 outsourced security management
� Improved system uptime and performance without a large investment in technology or resources
� Guaranteed protection services
Customer Presentation | Feb 200815
IBM Internet Security Systems
© Copyright IBM Corporation 2007
Solutions
IBM Security - Backed by the IBM X-Force® Research Team
Protection Technology Research
Threat Landscape Forecasting
Malware Analysis
Public Vulnerability Analysis
Original Vulnerability Research
Research Technology
The X-Force team delivers reduced operational complexity –helping to build integrated technologies that feature “baked-in” simplification
X-Force Protection Engines
� Extensions to existing engines
� New protection engine creation
X-Force XPU’s
� Security Content Update Development
� Security Content Update QA
X-Force Intelligence
� X-Force Database
� Feed Monitoring and Collection
� Intelligence Sharing
Customer Presentation | Feb 200816
IBM Internet Security Systems
© Copyright IBM Corporation 2007
September 23, 2008
Mozilla Unicode URL Stack Overflow public disclosure
X-Force found Mozilla Unicode
URL Stack Overflow.
IBM Customers protected.
May 13, 2008
August 2008
Widespread Exploitation in the wild
Adobe Reader and Adobe
Acrobat Remote Code
Execution Vulnerability Discovered
February 7, 2008
X-Force updated protection engines and vulnerability database
IBM Customers protected.
February 13, 2008
April 22, 2008
Automated SQL Injection Attacks
MySQL targeted by automated SQL injected
attacks Vulnerability Discovered
IBM Customers protected.
November 13, 2007
“Ahead Of The Threat”
Customer Presentation | Feb 200817
IBM Internet Security Systems
© Copyright IBM Corporation 2007
Yes, via rewrite
150 daysNov 13, 2007 Multimedia_File_Overflow
April 8, 2008 APSB08-11CVE-2007-0071
9.3 / 6.9X-ForceAdobe Flash Player Invalid Pointer Vulnerability
22 months
~ 5 yrs
240 days –present
1 year
Days Ahead of Threat
10/8.7
6.4 / 5.3
10 / 7.4
CVSS Base Score
Yes, drop packet
Yes, drop packet
Jan 8, 2007 SSM_List_BO
Aug 16, 2007 ICMP_Router_Advertisement_DOS
Jan 8, 2008 MS08-001 – CriticalCVE-2007-0066 and CVE-2007-0069
X-ForceMultiple (3) Microsoft Windows TCP/IP Remote Code Execution and DoS Vulnerabilities
Block connection
Aug 8, 2006MSRPC_Srvcs_Bo
Oct 27, 2008MSRPC_Srvsvc_Bo
Oct 23, 2008*MS08-067 – CriticalCVE-2008-4250
In the wildMicrosoft Windows Server Service RPC Code Execution
Yes, Block connection
Yes, Drop Packet
Yes, drop packet
May 29, 2003HTTP_GET_SQL_UnionSelectNov 13, 2007 – July 17 2008DNS_Cache_PoisonAug 12, 2008DNS_Cache_Poison_Subdomain_Attack
July, 2008 (Several)2006 CVE-2008-1447
Dan KaminskiMultiple Vendors Vulnerable to DNS Cache Poisoning
Block by default?
ISS Protection ShippedVendor DisclosureDiscovered
by:Vulnerability
Ahead Of The Threat
Customer Presentation | Feb 200818
IBM Internet Security Systems
© Copyright IBM Corporation 2007
Ahead of the Threat: Conficker
DEC-08 JAN-09 FEB-09 MAR-09 APR-09
Nov 21, 2008Conficker.A discovered
Dec 29, 2008Conficker.B discovered
Feb 20, 2009Conficker.B++/C discovered
Mar 4, 2009Conficker.C/D discovered
X-Force is the first to reverse- engineer the worm’s Peer-to-Peer communication protocol.
Customer Presentation | Feb 200819
IBM Internet Security Systems
© Copyright IBM Corporation 2007
Proventia® Network IPSIBM ISS Virtual Patch
� What it does…
- Provides a buffer of time where newly discovered vulnerabilities are addressed before scheduled patches can be applied.
� How it works…
- X-Force™ research focuses on high-risk security vulnerabilities.
- Virtual PatchTM technology focuses on the underlying vulnerability instead of the exploit.
� How this helps…
- Prevent zero-day attacks & conveniently manage new patches.
� Why IBM ISS…
- X-Force leads the industry in primary vulnerability research.
Customer Presentation | Feb 200821
IBM Internet Security Systems
© Copyright IBM Corporation 2007
�Central Management Platform
�Network Intrusion Protection System
� Virtual IPS & Web Application Security
�Host-based Intrusion Protection System
�Enterprise Vulnerability Management
�Multi-Function Security (UTM)
� Enterprise Data Leakage Protection
� Endpoint Data Leakage Protection
� Network Data Leakage Protection
Security Products
The Power To Deliver The Most Advanced Internet Security Solutions
Gartner has positioned ISS in the leader quadrant of the Magic Quadrant for Managed Security Service Providers& Intrusion Prevention products
ISS Named Best Security Company USA by SC Magazine.February 2006
NSS IPS + Enterprise 2006 Award **The GX5108 was the first in the industry to receive the IPS + Enterprise certification**
Certified by J.D. Power and Associates for Technology Service and Support Excellence
- First in Security Industry To Be Certified - First Technology Company To Be Certified Globally
Customer Presentation | Feb 200822
IBM Internet Security Systems
© Copyright IBM Corporation 2007
Uncompromising Protection for Every Layer of Your Network
Customer Presentation | Feb 200823
IBM Internet Security Systems
© Copyright IBM Corporation 2007
“This one’s a bit of an Eye Chart!”
Customer Presentation | Feb 200824
IBM Internet Security Systems
© Copyright IBM Corporation 2007
Business Challenges The Proventia Solution
Uncompromising Protection for Every Layer of Your Network
IBM Proventia® Network Intrusion Prevention
Customer Presentation | Feb 200825
IBM Internet Security Systems
© Copyright IBM Corporation 2007
Uncompromising Protection for Every Layer of Your Network
IBM Proventia® Network Intrusion Prevention
The most complete portfolio available
Customer Presentation | Feb 200826
IBM Internet Security Systems
© Copyright IBM Corporation 2007
Uncompromising Protection for Every Layer of Your Network
IBM Proventia® Network Intrusion Prevention
US ListPorts
GX4002GX4002
GX4004GX400422
44$10,995$10,995
$15,995$15,995
GX5008GX5008
GX5108GX5108
GX5208GX5208
88
88
88
$37,995$37,995
$57,995$57,995
$85,995$85,995
Model
GX6116GX6116 1616 $188,995$188,995
Customer Presentation | Feb 200827
IBM Internet Security Systems
© Copyright IBM Corporation 2007
Business Challenges The Proventia Solution• Managing disperse security agents
• Demonstrating risk and compliance
• Protecting critical data, intellectual property and access to vulnerable servers
• Maintaining server uptime along while providing strong host intrusion prevention technologies
• Tracking file access and changes among business critical servers
• Reduces security costs, protects server environments and reduces downtime
• Enforces corporate security policy for servers
• Provides out-of-the-box protection with advanced intrusion prevention and blocking
• Utilizes multiple layers of defense to provide preemptive protection
• Support operating system migration paths
• Protects at-risk systems before vendor-supplied patches are available
Industry’s broadest operating system support:
Uncompromising Protection for Every Layer of Your Network
IBM Proventia® Server
Customer Presentation | Feb 200828
IBM Internet Security Systems
© Copyright IBM Corporation 2007
Business Challenges The Proventia Solution• Managing enterprise security risk
• Demonstrating risk reduction and compliance
• Optimizing protection against existing vulnerabilities
• Automating the vulnerability scanning process
• Managing the vulnerability remediation workflow
• Improving efficiency and decreasing operating costs
• Increase network uptime and bandwidth
• Perform fast, accurate vulnerability scans
• Free up resources by automating the scan process
• Leverage your existing IT infrastructure
• Monitor vulnerability status and maintain compliance
• Combine with Proventia® Platform for “Scan andBlock” capabilities
#1 Network VA Vendor (2005)
Uncompromising Protection for Every Layer of Your Network
IBM Proventia® Network Enterprise Scanner
Customer Presentation | Feb 200829
IBM Internet Security Systems
© Copyright IBM Corporation 2007
Business Challenges The Proventia Solution
Uncompromising Protection for Every Layer of Your Network
IBM Proventia® Network Multi-Function Security
• Protect your business from internet threats without jeopardizing bandwidth or availability
• Secure your end users from spam, incompliant activity and other productivity drainers
• Conserve your resources by eliminating the need for special security expertise
• Complete protection against all types of Internet threats, with firewall, intrusion prevention, and Virus Prevention System
• Spam effectiveness ~95%, define Web browsing policies, filter database of +63 Million URLs in 62 categories
• “Set and forget” security, automatically updated to protect against the next threat and tailored to needs of your small business or remote offices
Customer Presentation | Feb 200830
IBM Internet Security Systems
© Copyright IBM Corporation 2007
Business Challenges The Proventia Solution• Enterprise-wide view of asset, threat & vulnerability
data• Comprehensive visibility into network
communications• Securing Enterprise asset• Keeping the network available, bandwidth utilization• Maintaining too many security management systems• Acceptable use of network resources
• Documents the security process• Provides centralized management of high
performance network security in addition to host and gateway devices
• Ease of use through console consolidation• Offers visibility through the detection system• Enables keeping ahead of rising standard of due
care• Keeps workflow support for policy mgmt, incident
response and vulnerability remediation
Uncompromising Protection for Every Layer of Your Network
IBM Proventia® SiteProtector
Customer Presentation | Feb 200831
IBM Internet Security Systems
© Copyright IBM Corporation 2007
Uncompromising Protection for Every Layer of Your Network
Customer Presentation | Feb 200832
IBM Internet Security Systems
© Copyright IBM Corporation 2007
IBM Data Security Services
� Endpoint Encryption- powered by PGP Corporation
- Full Disk (protect data when device lost or stolen)
- File / folder / vdisk / removable media, shared media
� Endpoint Data Loss Prevention (eDLP)- powered by Verdasys Inc.
- Automated discovery of sensitive content, classifying / tagging of files,
- Policy-based enforcement of data protection policy (notify, block, encrypt, remove, relocate)
- Close the gap between user action and automated policy-enforced action
- Removable media port control with Fine-grain control of external I/O ports
� Network Data Loss Prevention(nDLP)
- powered by Fidelis Security Systems
- Policy-based enforcement of data protection policy (notify, block, encrypt, remove, relocate)
� Activity Compliance Monitoring & Reporting
- powered by Application Security Inc. and Tivoli Compliance Insight Manager (TCIM)
- Help assess the security strength of network-based database applications by identifying vulnerabilities
- Locate, examine, report on and suggests fixes for security holes and misconfigurations
- Policy-based, compliance-focused solution to monitor user activity across heterogeneous systems
http://www-935.ibm.com/services/us/index.wss/offerfamily/gts/a1027705
Customer Presentation | Feb 200833
IBM Internet Security Systems
© Copyright IBM Corporation 2007
Enterprise Content Protection (ECP)
� Prevent leakage of sensitive data outside and inside.
� Protect valuable information and comply with regulations.
� Framework allowing tailored solution for protection at the network and endpoint levels.
� In combination, or as separate components (Network / Endpoint)
� Proven, best technical capability from IBM Business Partners integrating with IBM Professional Security Services and Managed Security Services to protect data, brands, intellectual propertyand resources.
� Scalable to support the enterprise of any size and distribution
Customer Presentation | Feb 200834
IBM Internet Security Systems
© Copyright IBM Corporation 2007
Definition: “Podslurping”
�Podslurping: the act of using a portable data storage device such as an iPod digital audio player to illicitly download large quantities of confidential data by directly plugging it into a computer where the data is held, and which may be on the inside of a firewall. As these storage devices become smaller and their storage capacity becomes greater, they are becoming an increasing security risk to companies and government agencies.
Customer Presentation | Feb 200835
IBM Internet Security Systems
© Copyright IBM Corporation 2007
Enterprise Content Protection (ECP)
� Automated discovery of sensitive content, classifying / tagging of files
� Policy-based enforcement of data protection policy (prevent, allow, encrypt, etc.)
� Close the gap between user action and automated policy-enforced action
� Endpoint – Network – Server / Data Center
� Key Business Partners:
- Fidelis Security Systems
- Verdasys
Customer Presentation | Feb 200836
IBM Internet Security Systems
© Copyright IBM Corporation 2007
What is the UserDoing With It?
Where and What is Sensitive Data
Apply Risk AppropriatePolicy & Actions
DiscoveryDesktops
Laptops
Servers
ClassificationTagging
ContentSimilarity
Keyword
Pattern
Dictionary
Context
Server
Application
File Type
User
Unstructured Data
Read
Write
Move
Burn
Copy/Paste
Upload
Structured Data
View
Delete
Modify
Devices
Applications
Networks
Where Is theData Going?
AlertDetection
WarnAwareness
PromptJustify
Encrypt
Protection
BlockPrevention
MaskNeed to Know
Continuous Audit Logging
Data-Centric Security ProcessData-Centric Security Process
Customer Presentation | Feb 200837
IBM Internet Security Systems
© Copyright IBM Corporation 2007
Complementary technologies, comprehensive protection
�Complementary technologies
- IBM ISS Proventia™ prevents intrusions, attacks and compromises
- Fidelis XPS™ prevents leakage of sensitive content�Comprehensive protection
- Inbound and outbound security for enterprise networks
- Asymmetrical depth of defense
FW
37
Customer Presentation | Feb 200839
IBM Internet Security Systems
© Copyright IBM Corporation 2007
Enterprise Protection Products
Vulnerability Assessment
Network Protection Server Protection
Enterprise Scanner helps to ensure the availability of your revenue producing services and protects your corporate data by identifying where risk exists, prioritizing and assigning protection activities, and then reporting on results
Data Security -- Provides historical data that enables companies to find the origin of a change, breach or string of behavior
Insider Threats -- Tracks the who, what, when, where of user/administrator behavior
Compliance -- Provides the reporting necessary to prove the security of sensitive information
High performance network security with real-time attack, malicious code and hybrid threat blocking.
Allows secure open transactions in a SOA environment which is an effective way to preserve network availability, reduce the burden on your IT resources and prevent security breaches.
Protects Email systems and the data that can leak from these systems
SiteProtectorUnified Enterprise Security
Console for all products
Behavior Protection
IBM Proventia Network Anomaly Detection System (ADS) is designed to deliver a clear view of your network's behavior while automatically detecting active security threats, risky user behavior, performance issues and noncompliant activities, such as policy violations and unapproved network changes.
Data Security Services
39
Customer Presentation | Feb 200840
IBM Internet Security Systems
© Copyright IBM Corporation 2007
BREAK
Customer Presentation | Feb 200842
IBM Internet Security Systems
© Copyright IBM Corporation 2007
ISS Professional Security Services
Professional Security Services
- Assessment Services• Application Security Assessment
• Information Security Assessment
• Penetration Testing
• PCI Assessments
• SCADA Assessment
- Design Services
- Education Services
- Emergency Response Services
Benefits
- Identification of security weaknesses• Unsecured networks and applications
• Weak security policies
- Implementation of a best practices approach to security
- Aid compliance with regulations• SoX, HIPAA, GLB, PCI
Customer Presentation | Feb 200843
IBM Internet Security Systems
© Copyright IBM Corporation 2007
IBM ISS Professional Security Services ADDME - A Proven Methodology
Phase 5.Education
Phase 4.Management and Support
Phase 2.Design
Phase 1.Assessment
Phase 3.Deployment
� Application Security Assessment
� Information Security Assessment
� Penetration Testing
� PCI Assessment
� SCADA Assessment
� Policy and ISO 17799 Gap Analysis
� Implementation Planning
� Network Security Architecture Design
� Policy Design and Development
� Standards and Procedures Development
� Deployment Services
� Migration Services
� Emergency Response Service
� Forensic Analysis Service
� Staff Augmentation and Support
� IBM ISS Product Training
� Security Awareness Training
Customer Presentation | Feb 200844
IBM Internet Security Systems
© Copyright IBM Corporation 2007
Application Security Assessment (ASA)
� Application security an often-overlooked part of a security plan- Applications house companies’ critical data – customer information, HR data and intellectual property
- Security holes in custom applications create opportunities for attackers
� ASA looks for the vulnerabilities in Web and custom applications- Comprehensive vulnerability assessment of the application and network infrastructure directly supporting the application
- Remote attack simulation in which security experts attempt to penetrate an application, using techniques similar to those used by malicious attackers
- Targeted code review to provide solid recommendations for improving application security
- Assessments performed by security consultants with application development backgrounds
� Detailed report of findings- Specific recommendations for remediating any vulnerability found
Customer Presentation | Feb 200845
IBM Internet Security Systems
© Copyright IBM Corporation 2007
Information Security Assessment (ISA)
� Comprehensive evaluation of an organization’s security posture- Based on ISO 17799 security standard and industry best practices
- Provides complete internal and external assessment of information security state
� Provides a clear understanding of current information security risks- Identifies the potential impact of vulnerabilities
- Raises internal awareness of information security risks
- Enables more informed decision-making and identifies the gaps in organizational security controls, policies and processes
- Provides a specific, actionable plan to improve overall security posture based on business needs
- Helps to meet regulatory compliance requirements
� Includes a thorough assessment of:- Information security policies
- Procedures, controls and mechanisms
- Physical security
- Networks, servers, desktops and databases
� Detailed deliverables- Prioritized, actionable remediation steps presented in a workshop format
Customer Presentation | Feb 200846
IBM Internet Security Systems
© Copyright IBM Corporation 2007
PCI Compliance Services
� IBM ISS is a Qualified Security Assessor (QSA), having met the requirements as a QSAC to perform PCI assessments
� IBM ISS is a Approved Scanning Vendor (ASV), having met the requirements to perform PCI DSS-approved quarterly network scans
� ISS PCI services include:- PCI Assessments
• Pre-assessment
• Annual on-site audit and Report on Compliance (ROC)
• Quarterly network scans
- Remediation• Assistance remediating any issues found during preassessment
- Payment Application Assessments• Assessing the security of payment applications
• IBM ISS is an Approved Qualified Payment Application Security Company (QPASC)
- Visa Cardholder Information Security Program (CISP) Incident Response• IBM ISS is a Visa Qualified CISP Incident Response Assessor
• IBM ISS can respond to security incidents and provide forensic analysis when there is a loss of cardholder data
Customer Presentation | Feb 200847
IBM Internet Security Systems
© Copyright IBM Corporation 2007
Penetration Testing
� Penetration testing uncovers network vulnerabilities and assesses the business risk of those vulnerabilities- Real-life network attack simulation in which security experts attempt to penetrate a network mimicking the techniques used by malicious attackers
- Demonstrates how attackers can significantly impact a business
� IBM ISS security expertise- More than a simple vulnerability assessment
• Use of a combination of proprietary and industry-leading security assessment tools, complete with an in-depth analysis of vulnerability data by a security expert
- Leverages security intelligence of ISS X-Force
� Detailed deliverables- Prioritized, actionable remediation steps
Customer Presentation | Feb 200848
IBM Internet Security Systems
© Copyright IBM Corporation 2007
Emergency Response Services
� Incident response, preparedness planning and forensic analysis experts
- Responds quickly to attacks in progress
- Works with customers to develop customized emergency response plans to minimize the effect of future attacks
� Customers benefit from:
- Immediate attack response 24/7/365 to stop attacks in progress and minimize their impact
- Forensic analysis to help find and prosecute perpetrators
- Incident response methodology that includes steps for analysis and intelligence gathering, containment, eradication, recovery and prevention
- Customized incident response plans and procedures to guide you in case of an attack
� Available as a subscription service or as an on demand service
- Subscription service includes incident response planning and phone support to help customers prepare before a security incident occurs
� Customers experiencing a security emergency can call the IBM ISS Emergency Response Team 24/7/365:
Customer Presentation | Feb 200849
IBM Internet Security Systems
© Copyright IBM Corporation 2007
Additional IBM ISS Professional Security Services
� Governance, Risk & Compliance Services
- Strategic Threat & Risk Analysis (TRA)
- Security Policy Development
- Network Security Architecture Design
- Security Technology Implementation Planning
- Deployment Consulting
- Staff Augmentation Professional Services
� Identity & Access Management (IAM) Professional Services
- Specifically with respect to Tivoli Identity Manager (TIM) and Tivoli Access Manager (TAM) design, installation & configuration
Customer Presentation | Feb 200851
IBM Internet Security Systems
© Copyright IBM Corporation 2007
The Power To Deliver The Most Advanced Internet Security Solutions
� Managed Protection Services
� Managed and Monitored Firewall Services
� Managed IDS/IPS Services
� Vulnerability Management Service
� Security Event and Log Management Services
� Managed E-mail and Web Security Services
Managed Security Services
Customer Presentation | Feb 200852
IBM Internet Security Systems
© Copyright IBM Corporation 2007
IBM has the unmatched global expertise to deliver complete solutions –and manage the cost and complexity of security
IBM Global Security Operations and R&D
Customer Presentation | Feb 200853
IBM Internet Security Systems
© Copyright IBM Corporation 2007
Breadth of Services
Customer Presentation | Feb 200854
IBM Internet Security Systems
© Copyright IBM Corporation 2007
�Key Benefits� Protect company assets, brand reputation and business continuity with 24x7 reliable monitoring and management
� Reduces in-house security costs by up to 55 percent
� Achieves security compliance with industry and governmental regulations
� Maximizes existing security investments
� Improves productivity by freeing IT resources to focus on strategic initiatives
� Reassures clients, partners and shareholders that critical data is protected by trusted resources
� Reduces operational complexity
Breadth of ServicesManaged Security Services
Customer Presentation | Feb 200855
IBM Internet Security Systems
© Copyright IBM Corporation 2007
Managed Protection Services (MPS)
� Guaranteed Protection Services� Based on IBM ISS Security Technologies
� Proventia G (IDPS)
� Proventia M (UTM)
� Proventia Server
� Proventia Desktop
� Best-in-Class Service Level Agreements
� Performance based SLAs
� Multiple Service Level Options
� Standard, Select, Premium
� Choose services per device for custom solutions
� Industry Leading Customer Portal� Embedded X-Force Intelligence
55
Customer Presentation | Feb 200856
IBM Internet Security Systems
© Copyright IBM Corporation 2007
Managed Protection ServiceFeatures
� Industry Leading Performance-based SLAs
� Completely Web-Driven Interface – Virtual-SOC Portal enhances � customer control and SOC communications
� 24/7 Expert Monitoring and Management
� Security Incident Escalation
� Standard & Customizable Reporting
� Systrust & SAS-70 Certified SOC
� Integrated Vulnerability Management
� Subscription to XFTAS – Security Intelligence
56
Customer Presentation | Feb 200857
IBM Internet Security Systems
© Copyright IBM Corporation 2007
MPS Offerings and Service Levels
57
� Benefit from guaranteed service level agreements and a $50,000 money-back warranty ensuring 100% accountable, reliable protection*
*Money-back payment (for Managed Protection Services - Premium Level only): If IBM Internet Security Systems fails to meet the Security Incidents Prevention Guarantee the customer's account shall be paid US$50,000 for each instance this guarantee has not been met. Please see IBM Internet Security Systems Service Level Agreements for more details.
Customer Presentation | Feb 200858
IBM Internet Security Systems
© Copyright IBM Corporation 2007
Managed Security Services (MSS) - Summary
� Industry Proven Managed Security Services
– Managed Network Intrusion Detection / Prevention
– Managed Network Firewall
� Multi-Vendor Security Technology Support
– Firewalls: IBM ISS, Cisco, Check Point, Juniper
– IPS: IBM ISS, McAfee, Sourcefire
� Best-in-Class Service Level Agreements
� Multiple Service Level Options
– Standard, Select
– Standard, Select, Premium
� Industry Leading Customer Portal
� Embedded X-Force Intelligence
58
Customer Presentation | Feb 200859
IBM Internet Security Systems
© Copyright IBM Corporation 2007
� Best-of-Breed Security Platform Support
� ISS (IDS/IPS), Cisco (IDS/IPS), Sourcefire,
McAfee (IPS)
� Check Point, Cisco, Juniper, ISS
� Completely Web-Driven Interface – Virtual-SOC
Portal enhances customer control and SOC
communications
� 24/7 Expert Monitoring and Management
� Security Incident Escalation
(IPS Service)
� Standard & Customizable Reporting
59
Managed IPS & Firewall ServiceFeatures
� Industry Leading Performance-based
SLAs
� Systrust & SAS-70 Certified SOC
� Integrated Vulnerability Management
� Access to XFTAS – Security Intelligence
Customer Presentation | Feb 200860
IBM Internet Security Systems
© Copyright IBM Corporation 200760
Managed IDPS ServiceFeatures Summary – Network
In which document can the latest platform support and sizing information be found?
YesOptionalOut of Band Required:
Optional Add-on Capabilities
When supported by the platform
When supported by the platform
High Availability:
YesYesSecurity Content Upgrades:
YesYesCustomer Portal Access:
YesYesDetailed Reporting:
Performed by IBMPerformed by IBMDevice management:
Automated plus real-time 24/7 human
analysis; e-mail or telephone escalation
Automated analysis; email escalation
Security event monitoring:
2 IPs Quarterly1 IP QuarterlyVulnerability Management:
Up to 7 Years1 yearLog Storage / Availability:
YesYesHealth and Availability Monitoring:
Performed by IBM, unlimited policy
change requests per month
Performed by IBMPolicy management:
All Attack activity, suspicious activity, and
network misuse
Critical attacks, denial of service, and worms
IDS/IPS:
Select LevelStandard LevelFeatures
Customer Presentation | Feb 200861
IBM Internet Security Systems
© Copyright IBM Corporation 200761
Managed Firewall Service (MFW)Features Summary – Network
In which document can the latest platform support and sizing information be found?
YesYesOptionalOut of Band Required:
Optional Add-on Capabilities
When supported by the platform
When supported by the platform
When supported by the platform
High Availability:
YesYesYesApplication / OS Upgrades:
YesYesYesCustomer Portal Access:
YesYesYesDetailed Reporting:
1NoNoEmergency PolicyChanges per Month:
YesNoNoMaintenance Window for Policy / Configuration Changes:
UnlimitedUnlimitedUp to 2 TunnelsSite to Site VPN Support:
YesYesNoClient / SSL VPN Support:
3 IPs Quarterly2 IPs Quarterly1 IP QuarterlyVulnerability Assessment:
Up to 7 yearsUp to 7 Years1 yearLog Storage / Availability
YesYesYesDevice Management:
YesYesYesHealth and Availability Monitoring:
Unlimited42Policy orConfigurationChanges Per Month:
100MB through 1 GBand up*
100MB through 1 GBand up*
Up to 100MB* SupportedBandwidth:
Premium LevelSelect LevelStandard LevelFeatures
Customer Presentation | Feb 200862
IBM Internet Security Systems
© Copyright IBM Corporation 2007
Managed Unified Threat Management (UTM) Service
� Unified Threat Management (UTM)
� Customizable support for best-of-breed multi-function devices
� Multi-Vendor Security Technology Support
� IBM ISS, Cisco, Juniper, Check Point
� Best-in-Class Service Level Agreements
� Multiple Service Level Options
� Standard, Select, Premium
� Industry Leading Customer Portal
� Embedded X-Force Intelligence
62
Customer Presentation | Feb 200863
IBM Internet Security Systems
© Copyright IBM Corporation 2007
� Best-of-Breed Security Platform Support
� IBM ISS, Cisco, Juniper, Check Point
� Completely Web-Driven Interface – Virtual-SOC Portal enhances
customer control and SOC communications
� 24/7 Expert Monitoring and Management
� Security Incident Escalation
� Two Packages
� Protection
� Content
� Multiple Service Levels
� Standard, Select, & Premium
� Standard & Customizable Reporting
� Industry Leading Performance-based SLAs
� Systrust & SAS-70 Certified SOC
Integrated Vulnerability Management
� Embedded XFTAS – Security Intelligence
63
Managed Unified Threat Management (UTM) ServiceFeatures
Customer Presentation | Feb 200865
IBM Internet Security Systems
© Copyright IBM Corporation 2007
� Key Benefits� Centralized command center to
monitor and control Virtual-SOC services
� Run queries and generate reports on multi-vendor security devices, security events, service level agreement (SLA) activity and more
� Automated analysis of security events and logs alerts for remediation
� Unlimited archive system stores one year of online event/log storage and seven years of offline archiving
� Authorized access to portal for increased internal protection
� Integrated with X-Force security intelligence feeds and daily threat assessments
Security Enablement Services
Customer Presentation | Feb 200866
IBM Internet Security Systems
© Copyright IBM Corporation 2007
Vulnerability Management Service
� Internal & External Vulnerability Assessments� Vulnerability Remediation Workflow Embedded
� Step-by-step Remediation Actions
� Complete Ticketing System
� Virtual Patch ties to MPS/MSS
� Granular Access Control & Permissions� Fully functioned Reporting� Industry Leading Customer Portal� Embedded X-Force Intelligence
66
Customer Presentation | Feb 200867
IBM Internet Security Systems
© Copyright IBM Corporation 2007
� Vulnerability Scan Execution
� Scan will execute +/-1 hour of scheduled time.
� Virtual Patch Application
� Virtual patch will be applied within 2 hours of request.
� Proactive System Monitoring (Internal)
� 15 minute notification of internal agent unreachable.
� Security Content Update
� Content updates completed within 72 hours of release.
� Customer Portal
� 99.9% uptime
� Internet Emergency
� 15 minute notification
67
Vulnerability Management Service - SLAs
Customer Presentation | Feb 200868
IBM Internet Security Systems
© Copyright IBM Corporation 2007
Security Event & Log Management Service (SELM)
� Log and Event Collection & Archival
� Syslog, Universal Logging Agent (ULA)
� On Site Aggregation, Compression, Encryption
� Secured Communications
� Forensically Sound Storage
� Automated Alerting (Select Level Only)� Security Incident Tracking� Systrust and SAS-70 Certified SOC� Industry Leading Customer Portal� Embedded X-Force Intelligence
68
Customer Presentation | Feb 200869
IBM Internet Security Systems
© Copyright IBM Corporation 2007
X-Force Threat Analysis Service
� X-Force Threat Analysis Service
� News
� Vulnerabilities
� Exploits
� Worms/Virus
� Breaking Security Intelligence Alerts� Configurable Alerting/Advisories� Daily Emails� Direct Feed from X-Force Research
� 30,000+ Records
69
Customer Presentation | Feb 200870
IBM Internet Security Systems
© Copyright IBM Corporation 2007
Managed E-mail & Web SecurityFeatures: E-mail
70
� 100% Virus Protection
� 99.2% Spam Effectiveness with 1 in 1 Million False Positives
� 90%+ effective in identifying pornographic attachments
� Enforces Acceptable Use Policy
� Multiple Layers of Defense
� Highly redundant infrastructure
� Assists in stopping confidential information leaving your company
� Industry Leading Performance-based SLAs
Customer Presentation | Feb 200871
IBM Internet Security Systems
© Copyright IBM Corporation 2007
�Anti-Virus
- Multiple Scanners
- Inbound & Outbound Filtering
- Proactive scanning for new threats
- Phishing detection
- Protection for Zero-Hour Outbreaks
- 7-day offsite Virus Quarantine
- 100% protection against known and unknown Viruses
�Anti-Spam
- Multiple filters
- TCP/IP Traffic Shaping
- Highly Effective with minimal False Positives
- Transparent Knowledge Base Updates
- Multiple-handling options, including end user Quarantine; Confidence to “block and delete” on signature detection
- Configurable White and Black lists
Managed E-mail & Web SecurityService Details: E-mail
Customer Presentation | Feb 200872
IBM Internet Security Systems
© Copyright IBM Corporation 2007
�Image Control- Proactive Monitoring
- Detects 90%+ of e-mail borne inappropriate image attachments
- Fights Harassment in the workplace and protects Company image
- Configurable Sensitivity settings to adjust based on your appetite for risk
- Supports Compliance with Internet Acceptable Use Policy and Legal Liability
�Content Control- Protect Corporate and brand
reputation
- Maintain Confidential and Intellectual Property
- Advance Policy setting criteria including, Group, Users, Sizes, Types, Times of Day
- Keyword & Contextual Analysis
- Investigate suspicious activity
- Preserve Confidentiality and Security and reduce Legal Liability
- Defend against careless and malicious actions
Managed E-mail & Web SecurityService Details: E-mail
Customer Presentation | Feb 200873
IBM Internet Security Systems
© Copyright IBM Corporation 2007
�Web Anti-Virus/Anti-Spyware- Real-time Scanning and Analysis of
Web Traffic
- Combined protection from Spyware, Viruses and all other types of Malware at the Internet level
- Skeptic Technology layered over multiple commercial scanning engines
- Converged Threat Analysis, taking recent threat information from Email and IM and applying to Web
- Customizable Block messages and email alerting
�Web URL Filter- Combined Real-Time filtering with
Sophisticated URL Categorization database
- Policy engine with intuitive rule-building
- MIME and file type lists
- Customizable Block Messages and Email Alerting
- Content Categories include Webmail, blogs, chat and “uncategorized”
- Enforces Web Acceptable Use Policy
- Optimizes bandwidth
Managed E-mail & Web SecurityService Details: Web
Customer Presentation | Feb 200875
IBM Internet Security Systems
© Copyright IBM Corporation 2007
Questions?Questions?
IBMRick Young, Account Executive
IBM Internet Security [email protected]