1 / 20

IBM Security SiteProtector Overview

Tanmay Shah - ISS L2 Support tanmay.shah@us.ibm.com 25 th June 2011. IBM Security SiteProtector Overview. Agenda. Introduction to ISS ISS offerings Business Challenges How SiteProtector helps? More about SiteProtector. Introduction to ISS. 1994 – Internet Security System

Télécharger la présentation

IBM Security SiteProtector Overview

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.


Presentation Transcript

  1. Tanmay Shah - ISS L2 Support tanmay.shah@us.ibm.com 25th June 2011 IBM Security SiteProtector Overview

  2. Agenda • Introduction to ISS • ISS offerings • Business Challenges • How SiteProtector helps? • More about SiteProtector

  3. Introduction to ISS • 1994 – Internet Security System • 1998 – initial public offering of the company on NASDAQ • 2006 – it became IBM ISS • 2010 – GBS → Tivoli • Late 2010 – ISS Customer Support → IBM Software Support • Moving forward – Internet Security System → IBM Security Solutions

  4. ISS Offerings • Integrated Security Intelligence • Comprehensive suite of professional Security Services • Single, Integrated view into the network • Platform and service extensibility • Correlation and integration of multiple data sources • Underlying best-in-breed appliances • 24/7 outsourced security management • Guaranteed protection services

  5. Protection Platform - Integrated Products Proventia ADS Series – “Anomaly/Behavioral” Protection and Network Visability Appliances Proventia Network MFS MX5010, MX3006, MX1004 “All-in-One” Protection Appliance • IDS/IPS • FW / VPN • AntiVirus (signature & behavioral) • AntiSpam • Web Filter • Spyware Proventia Desktop “All-in-One” Protection Agent - Firewall - Virus Prevention System - Intrusion Protection - VPN Enforcer - Buffer Overflow Protection Proventia Server “Multi-layered” Protection Agent • Windows • Linux RealSecure Server Sensor • Windows • Solaris • AIX • HP-UX Proventia Network IPS Preemptive Security for Enterprise Networks GX4002, GX4004, GX5008, GX5108 G400, G2000,GX6116,GX7800

  6. Protection Platform - Integrated Products

  7. Protection Platform – Xforce Research Implementing Research IBM X-Force is the most recognized security research group in the world. X-Force maintains the industry's largest and most authoritative vulnerability database. Protocol Analysis Module (PAM) is the engine behind the preemptive protection afforded by many of the IBM ISS security solutions. PAM is comprised of 5 key technologies. Virtual Patch What It Does: Shields vulnerabilities from exploitation independent of a software patch, and enables a responsible patch management process that can be adhered to without fear of a breach Why Important: At the end of 2008, 53% of all vulnerabilities disclosed during the year had no vendor-supplied patches available to remedy the vulnerability. Threat Detection & Prevention What It Does: Detects and prevents entire classes of threats as opposed to a specific exploit or vulnerability. Why Important: Eliminates need of constant signature updates. Protection includes the proprietary Shellcode Heuristics (SCH) technology, which has an unbeatable track record of protecting against zero day vulnerabilities. Content Analysis What It Does: Monitors and identifies unencrypted personally identifiable information (PII) and other confidential information for data awareness. Also provides capability to explore data flow through the network to help determine if any potential risks exist. Why Important: Flexible and scalable customized data search criteria; serves as a complement to data security strategy Web Protection What It Does: Protects web applications against sophisticated application-level attacks such as SQL Injection, XSS (Cross-site scripting), PHP file-includes, CSRF (Cross-site request forgery). Why Important: Expands security capabilities to meet both compliance requirements and threat evolution. Network Policy Enforcement What It Does: Manages security policy and risks within defined segments of the network, such as ActiveX fingerprinting, Peer To Peer, Instant Messaging, and tunneling. Why Important: Enforces network application and service access based on corporate policy and governance.

  8. Protection Platform – Xforce Research

  9. Business Challenges • Security generalists need specialized trainingSecuring an enterprise can involve complex deployments that require a variety of highly-specialized trained personnel to manage • Due diligence for secure transactional systems Demonstrating and documenting accountability, transparency, and measurability for compliance is a top priority • Economical management of diverse toolsManaging myriads of “silo” security management tools, associated servers and license keys, and the cost in doing so • Tracking expanding universeIdentifying, managing, and securing enterprise assets • SMEs spread thinLimited security resources (time and expertise) • Burgeoning dataInformation overload and consolidation • Competing prioritiesCommunicating the value of your security process

  10. How SiteProtector helps? • Offers a centralized interface to control and manage diverse network and host security devices • Incorporates advanced event analytics and flexible, customizable reporting • Integrates within existing systems and expands to support additional types and functions of security offerings • Delivers “room to grow” security, to combat the rising cost of security without hiring more personnel • Centrally manages an enterprise mesh of technical controls • Documents the security process for compliance and audit needs • Reduces the personnel and training requirements for the enterprise security team

  11. Business value of SiteProtector reduces capital cost, operations costs, and operational complexity Lower TCO sets up quicker ROI Console Consolidation Still decentralized command and control Increased productivity

  12. More about SiteProtector

  13. More about SiteProtector ASSET CLARIFICATION, INVENTORY AND OWNERSHIP “GREATEST RISKS” IDENTIFICATION Asset Assessment Detail Asset Assessment Summary Vulnerability Names By Assets Vulnerability Remedies by Asset Vulnerability Summary by Asset Vulnerability by Asset Vulnerability Trend Asset Assessment Summary Asset Assessment Detail Attack Status Summary Vulnerability Counts Top Vulnerabilities Attack Trend Top Attacks COMPANY, CONFIGURATION AND SECURITY POLICY IMPROVE OPERATIONAL SECURITY Attack Status Summary Desktop Protection Top Attacks Top Sources of Attack Top Targets of Attack In this initial stage, define your desired states for network and system configurations, resource protection and resource access VULNERABILITY REMEDIATION AND/OR INCIDENT RESPONSE “TRACK RECORD” Vulnerability Remedies by Asset Asset Assessment Summary Asset Assessment Detail Vulnerability Trend Vulnerability by Asset Vulnerability Names By Assets Vulnerability Summary by Asset Ticket Trending Ticket Time Tracking Ticket Activity Summary RE-ENFORCE COMPANY/ CONFIGURATION POLICIES WITH OWNERS SEGREGATION OF DUTIES Audit Detail Permission Detail SiteProtector Analysis Views

  14. SiteProtector’s Service Packs continue to expand value for security management Central Response, Auditing, Express Install SecureSync module UI, Ticketing, Permissions, Asset view, Reporting, new platforms Policy Management, SQL 2005, Email Reporting Policy management, UI enhancements Fidelis Integration AppScan Integration Appliance Expansion, BIRT Reporting, Analysis GX, VSP & AppScan policy integration, Extended platform support, UI enhancements Enhanced usability; reducing Total Cost of Ownership; better access to powerful functionality • SiteProtector Release 2.0 SP5 SP5.2 SP6 SP6.1 SP7 SP8.0 SP8.1 SP9.0 Jan 05 Jun 05 Mar 06 Dec 06 Jun 08 Jan 09 May 09 Jul 09 Jul 10 2011

  15. SiteProtector Service Pack 8.0 (July 2009) • Policy Management • Policy diff between policies • Policy reporting • Platform Support • Included: • MS Server 2008 & SQL 2008 • MS Server 2005 & SQL 2005 • 64Bit Hardware and Windows OS support • Hyper-V, VMware ESX 3.x and 4.x • No longer supported: • MS Windows 2000 Server • MS SQL Server 2000 • MSDE 2000 in express version • Performance enhancements

  16. Enhancements in SiteProtector Service Pack 8.1 (July 2010) • Seamless integration with latest agent releases • GX series Network IPS 4.1 firmware • Application policy enhancement – such as for Authentication Servers, DLP, SNMP • Broader IPv6 support in UI (analysis, configuration, policies) • Health Status for network appliance • Web Application wizard importing AppScan data • Data Leakage configuration (Content Analyzer) • Virtual Server Protection • Support and reporting features for VSP agent • Extended platform support • Windows 7 • Updated BIRT Reporting version • Installation of Agent Manager on native IPv6 Network • Improved graphical interface, reporting and analysis • Single-click intrusion blocking • Scheduled export of customized analysis views • Policy Tuning from Analysis – Block intruder • Analysis by new dimensions: • Trending – Day, Week, month in analysis • MS Bulletin, CVE, X-Force Categories, other standards coming

  17. SiteProtector Reporting in SP 8.x • Default report templates • Custom report templates • User’s personally designed reportsfolder containing their templates • Create reports / templates directlyfrom Analysis view • Modify existing templates & save as new • Policy-based reporting • Create report on a policy • Include which items are enabled and/or disabled • Report on changes made between selected versions of a policy • Trend reporting by Agent or group • User community report sharing

  18. Enhanced reporting interface allows quick delivery of the right information to the right people

  19. DRAFT SiteProtector next release planning overview • Service Pack 9.0 targeted for 2011 • Enhanced usability & improved analysis • Additional right-click actions & view navigations • Visibility of network health & vulnerability dashboard • Improved resiliency & performance • High availability & redundancy • Increased transaction processing for next.gen network protection • Extended portfolio integration & platform support • Expanded policy management, role management • Extended TSIEM integration, endpoint coverage • Re-platform HW to new chassis • Primary Objective • Focus on enhancing usability and reducing Total Cost of Ownership • Bring better access to the already-powerful-but-hidden functionality

More Related