1 / 20

GX6116 Product Announcement and High Performance Network Protection Strategy

GX6116 Product Announcement and High Performance Network Protection Strategy. IBM Internet Security Systems. Greg Adams. Customer Driven Network Protection Roadmap. Provide Protection for areas of my network formerly unsecured due to performance / cost. Network IPS Appliances

oleg-grant
Download Presentation

GX6116 Product Announcement and High Performance Network Protection Strategy

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. GX6116 Product Announcement and High Performance Network Protection Strategy IBM Internet Security Systems Greg Adams

  2. Customer Driven Network Protection Roadmap Provide Protection for areas of my network formerly unsecured due to performance / cost • Network IPS Appliances • Line expansion • 10mbit to 10gbit Enhance my protection with innovation & integration in new areas • Anomaly Detection • Platform Integration • Insider Threat Protection • Proventia Mail • Integrated Security, • Focus on firewall features SSLVPN • Granular controls Protect me where other vendors have failed • Blade-based IPS • Network core & carrier focus • Crossbeam • IBM BladeCenter • Virtualization Give me protection for tomorrow’s networks IBM Internet Security Systems Proprietary and Confidential Information - 2007 2

  3. Proventia Network IPS Continuum:The Most Complete Portfolio Available How a customer benefits from an integrated portfolio: • Better Protection • Protect each segment of the network • Consistent Naming for Attacks • Simple Reporting – 1 System • Automated Updates – XPU’s • Lower Cost • Fewer Resources for a Single Management System to handle all devices • Automation (Updates, Trust X-Force) • Single Reporting System • Single process to manage security alerts • EZ Implementation • Same GUI throughout • Single System to Manage • Deployment Services • Managed Security Services • Certified Technical Support IBM Internet Security Systems Proprietary and Confidential Information - 2007 4

  4. Because All “High Speed” IPS’ Are Not EqualIntroducing Protection Capacity – the ability to stop threats at high speeds IBM Internet Security Systems Proprietary and Confidential Information - 2007 5

  5. At Every Layer of Your Network • 16 ports allows 8 segments to be secured, establishing compliance control points within a companies network • Protection at 6G allows protection on high speed networks and applications • Fiber Networks • VoIP • Video Conferencing • E-Commerce • Data-warehousing IBM Internet Security Systems Proprietary and Confidential Information - 2007 6

  6. The GX6116: Because Your Job Depends Upon the Reliability of the Network! • Maximum Network Reliability • Configurable maximum latency • Passive Bypass • Active Bypass (August availability) • High-Availability pairs • IDS and simulation mode • Prioritized network availability Design for The Security Team AND The Network Administrator IBM Internet Security Systems Proprietary and Confidential Information - 2007 7

  7. The GX6116: The Task at Hand – Create the Fastest IPS without Compromising Protection IBM Internet Security Systems Proprietary and Confidential Information - 2007 8

  8. The GX6116: How Did We Achieve Performance & Protection? IBM Internet Security Systems Proprietary and Confidential Information - 2007 9

  9. GX6116 - Multiple Analysis Engines • Combined & Parallel Processing • Dedicated - Network Processing Unit • Protocol AnalysisModule IBM Internet Security Systems Proprietary and Confidential Information - 2007 10

  10. GX6116 GA 6/8/2007 Firmware 2.0 High port density, 16 1 gig SFP ports High protection speed, 6 gigabits Low latency Small packet performance engineered Configurable maximum latency threshold What to Expect Next Q2 of 2007 Provide protection to areas of my network formerly unsecured due to speed / cost Enhance my protection with innovation & integration in new areas Protect me where other vendors have failed Give me protection for tomorrow’s networks IBM Internet Security Systems Proprietary and Confidential Information - 2007 11

  11. Enhanced Carrier / Telco Portfolio Carrier protocol support IPS service delivery in Carrier Ethernet environments R&D targeted at provider infrastructure threats Carrier based MSS services Re-branded MSS services for carriers Crossbeam IPS Protection domains and virtual network support Support for multi-core processors from Crossbeam Multi-gig performance using SWIPS on Crossbeam What to Expect Next Provide protection to areas of my network formerly unsecured due to speed / cost Enhance my protection with innovation & integration in new areas Protect me where other vendors have failed Give me protection for tomorrow’s networks IBM Internet Security Systems Proprietary and Confidential Information - 2007 13

  12. Performance Isn’t Everything…We Keep a Keen Eye on the “Bad Guy” • The threat landscape continues to evolve • “Bad Guy” also means… “The Insider” • Portfolio Extends well beyond Network IPS to combat the changing landscape • Multifunction security (Proventia M) • Vulnerability Assessment • Anomaly Detection • Content Security • Mail Security • Server Protection Desktop Protection • Managed Security Services • Professional Security Services IBM Internet Security Systems Proprietary and Confidential Information - 2007 16

  13. http://www.iss.net/evolvingthreat/ The Changing Threat Landscape – Monitored by the X-Force IBM Internet Security Systems Proprietary and Confidential Information - 2007 17

  14. Defining the Insider Threat • Insider opening a critical application for external availability • Unauthorized user logging into critical apps • Hacker gaining authorized privileges to critical apps • Insider running a web server that distributes DVDs • Trusted systems misused because of faulty configurations • Server-initiated transactions IBM Internet Security Systems Proprietary and Confidential Information - 2007 18

  15. Problem • Insider Threat • Billions spent to secure systems against outsiders • Firewalls, VPNs, etc. • Insiders present unaddressed threat – that can be even more damaging • No way to measure intended use vs. actual use • Authorized users not monitored on the network • Insiders with unnecessary network privileges • Outsider who gains authorized privileges • Lack of visibility to IT users and their activities • Rogue applications & assets • Peer-to-peer file sharing, VOIP • Crumbling perimeter: Internal network access • Integration with business partners • Mobile workers • Authorized users with anomalous behavior • Off-hours or high volume access to sensitive data IBM Internet Security Systems Proprietary and Confidential Information - 2007 19

  16. Traditional Solutions Fall Short and Are Too Expensive to Maintain • Perimeter defenses focused on the outsider • Database logging & manual inspection • Historical review of user activities • Damage already done • Only shows database activity; no view into context of what happened to compromised information (where did it go?) • Build a security team dedicated to investigations & audit • IT auditors (as opposed to infosec specialists on the perimeter security team) • Focused on a checklist audit requirements vs. business enablement • Extra cost & little connection to your IT protection strategy • Systems operate independently of firewalls, IPS, VPNs, etc. IBM Internet Security Systems Proprietary and Confidential Information - 2007 20

  17. Solution: Combined IBM Proventia Network Anomaly Detection & Network IPS • Monitor and protect traffic across the enterprise network • Special focus on critical assets and services • Finance, HR, CRM, Intellectual Property, etc. • Identify insider misuse or abuse of resources • Out-of-the-box analysis and reporting • Custom user-built policies (based on critical assets) • Anomalies from the baseline norm • Visibility to know your network • Open-ended search engine for all network traffic • Real-time forensics • User activity logs to enable detailed investigations IBM Internet Security Systems Proprietary and Confidential Information - 2007 21

  18. Solution: IBM Proventia Network Anomaly Detection • Integrated Security & Protection strategy • Centralized management with Proventia SiteProtector Management • Don’t re-create the wheel with an internal security team • Leverage your existing protection by integrating internal security with firewall, IPS, etc. • Correlate internal events with alerts from perimeter protection • Automated Response • Quarantine threat by blocking connection at router or switch • Block vulnerabilities with firewall or intrusion prevention • Scan affected clients and servers for new vulnerabilities IBM Internet Security Systems Proprietary and Confidential Information - 2007 22

  19. Solution: IBM Proventia Platform • Layered security • Identify threatening behavior of authorized users • Recognize suspicious activities of compromised users • Outsiders who gain access to authorized privileges • Identify unusual behavior of authorized users and systems IBM Internet Security Systems Proprietary and Confidential Information - 2007 23

  20. Thank you! Greg Adams

More Related