Blue Lane Technologies Best of Breed IPS April 29, 2008 Interop 2008.
-
Upload
tyrone-blankenship -
Category
Documents
-
view
215 -
download
1
Transcript of Blue Lane Technologies Best of Breed IPS April 29, 2008 Interop 2008.
Blue Lane TechnologiesBlue Lane TechnologiesBest of Breed IPSBest of Breed IPSBlue Lane TechnologiesBlue Lane TechnologiesBest of Breed IPSBest of Breed IPS
April 29, 2008
Interop 2008Interop 2008
Network IPS Architecture Needs to Evolve
Current IPS Architecture Deep packet inspection Exploit-centric Static signatures Block Custom HW Physical Monolith
Next Gen Architecture L7 Protocol decoding Vulnerability-centric Dynamic logic Protect Multi-core SW Virtual + physical Distributed
Key drivers:- Data center server & network consolidation- Virtualization- Signature explosion
Blue Lane’s Layer 7 Architecture
100% ProtectionResilient against sophisticatedattacks against all major server
OS, app, database vulnerabilities.Proactive policies for app control.
100%Accuracy
No signatures,tuning, false alarms
and/or securityvs. availability
tradeoffs.
100%VisibilityFlows visible by
server, VM, cluster,data center, OS,application, patch
status.
Low OverheadLow Latency, low CPU usage, small
footprint and minimal oversightrequired for both physicaland virtual data centers.
Comprehensive Protocol / Vulnerability Intelligence
• 130+ protocols and services decoded• Hundreds of vulnerabilities protected across dozens of applications/OSs
Accurate, Granular Enforcement
● Detection and Correction with no false positives● Appropriate Response based on protocol, vulnerability and policy● Controlled code execution (no session reset)
This attack is attempting to exploit MS06-019 by sending two CDO-MODPROPS sections in the Vcalendar message, with the second larger then the first. The Exchange / SMTP server allocates buffer space based on the first section, but processes the second if it is present resulting in a buffer overflow.
By understanding the protocols and vulnerabilities, Blue Lane stops the attack by removing the second CDO-MODPROPS section and adjusting the packet headers to reflect the new packet size.
Controlled Code Execution
Buffer Overflow Attack
Blue Lane
Superior Vulnerability Protection
• Comprehensive coverage of data center vulnerabilities• Comprehensive knowledge of leading protocols• No signatures, tuning, or guesswork
Total vuln’s:
8215Apache
260VMware
1373Linux
643Solaris
42039Oracle
198147Microsoft
Blue LaneLeading IPS
911209
OperationalFeasibility- Resources- Expertise- Server availability- Server touches- Application testing- Tuning complexity
- Handling offline VMs, snapshots, VM sprawl
Security Effectiveness- Accurate detection- Vulnerability correction- Resiliency against evasion- Mobile VMs, tainted VMs
VLAN
NIPSIDS
Firewall
NIPS
Blue Lane
Why current solutions fall short
PatchHIPS
The Data Center Security Payoff
• Defense in depth for servers, VMs, next gen data centers
Operational ease (tuning, etc)
Application control policy
Virtualization readiness
Resilience to IPS evasion
Non-disruptive protection
Accurate vulnerability detection
Server, database, app coverage
Blue LaneIPSSecurity Requirements
Anomaly detection
Port scans, DOS, A/V
FirewallIPS
9
The New Virtualized Data Center
Host System Host System Host System
HypervisorHypervisor Hypervisor
Virtual Network Virtual NetworkVirtual Network
Virtual Servers Virtual Servers
NGDC Defense-in-depth Strategy
Secure Physical Servers and Databases
Active
Update
ServerShield
Manager
ServerShield
Secure Virtual Hosts and VMs
VirtualFlow
Center
Servers
ServerShield
Virtual Servers
Database
ServerShield
Comprehensive Coverage for Servers/VMs
DBMS 7, 8, 9, 10g
5.0, 5.5, 2003,2007
IIS v1-v6
7, 8 9, 10 EL 2, 3, 4, 5
Technology Partners:
EMGC PARTNER
BIND
8, 9 10
Application Server
Operating Systems:Network & Core Services
Database Servers:
Email Servers:
Application Servers:
Other Applications:
WebSphere IHS
ProFTP
For more information:For more information:
Thank you.Thank you.
www.bluelane.comwww.bluelane.com