why ips slide share
TRANSCRIPT
![Page 1: Why ips slide share](https://reader034.vdocuments.mx/reader034/viewer/2022052116/5a6e45387f8b9a7a058b5625/html5/thumbnails/1.jpg)
![Page 2: Why ips slide share](https://reader034.vdocuments.mx/reader034/viewer/2022052116/5a6e45387f8b9a7a058b5625/html5/thumbnails/2.jpg)
| Why IPS
Intro
Does business need IPS
McAfee Overview of the Network Security Platform
Customer Experience
![Page 3: Why ips slide share](https://reader034.vdocuments.mx/reader034/viewer/2022052116/5a6e45387f8b9a7a058b5625/html5/thumbnails/3.jpg)
| Why IPS
•Began working with IDS in 1999
•Implemented IDS/IPS:
–Legal industry
–Telecommunications
–Manufacturing
•Managed two global deployments of inline IPS
•CISSP, CISM and GCIH
![Page 4: Why ips slide share](https://reader034.vdocuments.mx/reader034/viewer/2022052116/5a6e45387f8b9a7a058b5625/html5/thumbnails/4.jpg)
| Why IPS
• DG Technology Consulting was founded with a vision to provide a unique service to our clients
• DG Technology provides a broad range of Security solutions including:–Vulnerability Assessments
–Security Health Checks
–Mainframe Security Services
–Mainframe Event Acquisition System (MEAS)
![Page 5: Why ips slide share](https://reader034.vdocuments.mx/reader034/viewer/2022052116/5a6e45387f8b9a7a058b5625/html5/thumbnails/5.jpg)
| Why IPS
Not IDS
![Page 6: Why ips slide share](https://reader034.vdocuments.mx/reader034/viewer/2022052116/5a6e45387f8b9a7a058b5625/html5/thumbnails/6.jpg)
| Why IPS
![Page 7: Why ips slide share](https://reader034.vdocuments.mx/reader034/viewer/2022052116/5a6e45387f8b9a7a058b5625/html5/thumbnails/7.jpg)
| Why IPS
![Page 8: Why ips slide share](https://reader034.vdocuments.mx/reader034/viewer/2022052116/5a6e45387f8b9a7a058b5625/html5/thumbnails/8.jpg)
| Why IPS
• All the major operating systems, application and network equipment vendors continue to find flaws in their products that leave these products vulnerable to attack.
• Many businesses only patch major applications once a year, since they can not afford the downtime.
• Businesses are increasingly going mobile. This results in more employees working on “untrusted” networks.
• Attackers are relentless in going after the data they want.
![Page 9: Why ips slide share](https://reader034.vdocuments.mx/reader034/viewer/2022052116/5a6e45387f8b9a7a058b5625/html5/thumbnails/9.jpg)
| Why IPS
![Page 10: Why ips slide share](https://reader034.vdocuments.mx/reader034/viewer/2022052116/5a6e45387f8b9a7a058b5625/html5/thumbnails/10.jpg)
| Why IPS
![Page 11: Why ips slide share](https://reader034.vdocuments.mx/reader034/viewer/2022052116/5a6e45387f8b9a7a058b5625/html5/thumbnails/11.jpg)
| Why IPS
4 IPS vendors > 90% of the IPS market.
![Page 12: Why ips slide share](https://reader034.vdocuments.mx/reader034/viewer/2022052116/5a6e45387f8b9a7a058b5625/html5/thumbnails/12.jpg)
| Why IPS
• Traditional IPS systems use a library of “signatures” to identify software which is a threat.
• The design of these signatures is critically important since they need to:
– Correctly identify all of the threat software;
– Do so at the breakneck speed of today’s networks; and
– Create no false positives (i.e., identifying a threat where there is none).
• The best IPSs actually run with the fewest, most effectively written signatures.
![Page 13: Why ips slide share](https://reader034.vdocuments.mx/reader034/viewer/2022052116/5a6e45387f8b9a7a058b5625/html5/thumbnails/13.jpg)
| Why IPS
• Integrates vulnerability data — Integration of your organizations vulnerability data allows for more accurate and quicker response to attacks. Analyst are able to quickly identify if an asset is vulnerable to the attack and/or initiate a vulnerability scan from the IPS console.
• Reputation Data — By identifying the reputation of the source or destination of traffic flowing through the device. Threats can be blocked without the need for signatures. This also allows for a more accurate and quicker response to threats.
• Geo-Location — Another way to increase operational efficiency is through Geo-Location. This allows the analyst to quickly see the County location of a source and destination. Alerts where the business does not have operations should be prioritized. Traffic can be blocked based on the geo-location.
![Page 14: Why ips slide share](https://reader034.vdocuments.mx/reader034/viewer/2022052116/5a6e45387f8b9a7a058b5625/html5/thumbnails/14.jpg)
| Why IPS
• Application Awareness — By being able to identify the application in use analysts can quickly identify if it is a critical application or a false positive.
• SSL Decryption— Many attackers are hiding there attacks by using your SSL tunnel against you. Without this capability you traditional IDS is “blind” to these attacks.
• Virtualization— Virtual and virtualized IPS. Virtual IPS allows the IPS to run multiple policies on a single interface. This reduces false positives while providing detailed protection to the environment. Virtualized IPS allows for the monitoring of virtual environments such as VmWare.
![Page 15: Why ips slide share](https://reader034.vdocuments.mx/reader034/viewer/2022052116/5a6e45387f8b9a7a058b5625/html5/thumbnails/15.jpg)
| Why IPS
• Purpose built hardware— Look for products with few moving parts. Ask about RMA rates and look for a less than .5% RMA rate
• Modular Components — Components such as the power supplies, GBIC, SFP should be hot swappable and should be able to be replaced individually.
• High Availability — Hardware based fail-open kits, internal mechanisms to detect failure, HA configuration.
• High Performance — Look at NSS Labs rating, real-world testing scenarios.
![Page 16: Why ips slide share](https://reader034.vdocuments.mx/reader034/viewer/2022052116/5a6e45387f8b9a7a058b5625/html5/thumbnails/16.jpg)
March 17, 201316 March 17, 201316
Acquisition Cost – what’s the real cost of acquisition, software, hardware, related infrastructure, internal IT staff, and third-party resources.
Performance & Reliability – up to the rated speed of the appliance across a test range of TCP and HTTP response sizes and connections per second, in a real world traffic mix.
Stability & Reliability – ability to sustain legitimate traffic (i.e., not crash) while under hostile attack.
Management & Usability – strength of the management UI in focusing on network performance, system health, and major events – with the ability to drill down and create
reports.
Gartner business metrics – overall vendor viability, sales execution, market responsiveness and track record, marketing execution, customer experience, and operations.
Security Effectiveness – in accurately detecting/blocking the range of common exploits, across the relevant range of operating systems and applications, with low
false positives.
![Page 17: Why ips slide share](https://reader034.vdocuments.mx/reader034/viewer/2022052116/5a6e45387f8b9a7a058b5625/html5/thumbnails/17.jpg)
|