Slide 1

Protection Solutions Peter Hufel Channel Manager Phaeufel@iss.net Slide 2 Are you ready? Slide 3 Source: www.computereconomics.com In 24 hours NIMDA hit 2.2 Million servers. The clean-up cost of malicious code attacks in 2001 was $12 Billion. The security software industry is worth only $4.5 Billion. In 24 hours NIMDA hit 2.2 Million servers. The clean-up cost of malicious code attacks in 2001 was $12 Billion. The security software industry is worth only $4.5 Billion. Slide 4 Agenda Sicherheitsprobleme sind Realitt Protection Lsungen im berblick Intrusion Protection Site Protector Zentrales Security Management Fusion Korrelation von Security Meldungen Warum Internet Security Systems? Slide 5 And Vulnerabilities Are Increasing Source: Security Focus * 2001 through July is 499 150 100 50 0 System and Network Vulnerabilities by Year 1998199920002001 Total Vulnerabilities 177 Total Vulnerabilities 511 Total Vulnerabilities 794 Total Vulnerabilities >1000* Slide 6 Automated tools increase threats Source: Carnegie Mellon University Slide 7 Human Resources Systems Management R&D Internet Finance What is at stake? Corporate Remote Users VPN DSL or Cable Modem E-CommerceB2B Partner Cell Phone PDA Frauds committed internally and externally across Europe External fraud 41% Internal fraud 59% European Economic Crime Survey 2001 PriceWaterhouseCoopers Slide 8 Managing risk = Vulnerabilities x Threats x Asset value x Reaction Time = RISK Expected LOSS Technical RISK Slide 9 Todays Threats Slide 10 Internal Threats Slide 11 The costs are real Analysis by Incident Year 2001 2000 1999 Code Name Nimda Code Red(s) SirCam Love Bug Melissa Explorer Worldwide Economic Impact ($ U.S. Billions) 0.59 2.62 1.05 8.75 1.10 1.02 Cyber Quake Rating 0.67 2.99 1.20 10.00 1.26 1.17 Source: www.computereconomics.com Slide 12 Spieler oder Manager? Faites vos jeux! Slide 13 Protection Lsungen im berblick Slide 14 Desktop Server Netzwerk Schwachstellen/Policy Management Angriffs Abwehr Management Security Management RealSecure Protection Systems Risk Spectrum Viruses Worms Back Doors Malicious Code Unauthorized Access Misuse DDoS Web Defacement Exploits IT Infrastructure Slide 15 The RealSecure Solution Slide 16 Funktionalitt Sensoren Network Sensor (Funktion,Plattform) Server Sensor (Funktion, Plattform) Reaktionen X-Press Updates Remote Update RSKill fr Nokia SSL Support fr IIS und Apache Slide 17 Angriffe erkennen External Attack ATTACK DETECTED RECORD SESSION Alert SESSION TERMINATED FIREWALL/ ROUTER RECONFIGURED EXTERNAL ATTACK Slide 18 DMZ Win9xWinNT Linux Server WinNT Server Ethernet Switch MAINFRAME UNIX Server Mail Interior Firewall Exterior Firewall Win2000 WWW Ethernet Switch Rechenzentrum Gigabit N x 100 Mbps Intrusion Protection - Gesamtlsung SQL Server Database Zentrale Konsole Slide 19 Alles unter eine Konsole Site Protector Schwachstellenanalyse Internet Scanner System Scanner Database Scanner Desktop Scanner (F) Wireless Scanner Intrusion Detection Real Secure Server Sensor Network Sensor Sentry Gigabit Desktop Protector Guard * Site Protector 1.0 Logfileinformation Fremdhersteller Slide 20 Graphic: Conceptual Diagram Slide 21 Deployment Manager SiteProtector and sensor deployments Benefits: Easily Install Sites Easily Install Sensors Easily Maintain Sensor Packages Remotely install consoles Centrally distribute components Centrally administer change control Slide 22 Site Rules automated exception handling Eliminate ..False Alarms Environmental False Positives From your console From Everyones Console Forever ! Slide 23 Remote, Secure, Roles-based User Interface Slide 24 Fast Analysis Slide 25 Security Fusion Module 1.0 Modify (decrease) The priority of attacks Which you are not vulnerable to Increase the priority Of correlated Attacks Add or modify responses (add page) to Correlated attack! Dont wake me up If Im not vulnerable Add or modify responses for attacks against non- vulnerable hosts! Slide 26 Security Fusion Module 1.0 Automatically correlates an attack with vulnerability information about the target to help IDS operators determine attack success or failure. Example: Fusion can automatically change 10,000 attack probes events into 7 attacked & vulnerable, and automatically clear the other 9,993! Slide 27 Desktop Server Network Security Landscape Risk Spectrum Viruses Worms Back Doors Malicious Code Unauthorized Access Misuse DDoS Web Defacement Exploits IT Infrastructure A/V VA/ Policy IDSFW/VPN Slide 28 Desktop Server Network Traditional Point Security Risk Spectrum Viruses Worms Back Doors Malicious Code Unauthorized Access Misuse DDoS Web Defacement Exploits IT Infrastructure A/V VAIDSFW/VPN A/V VAIDSFW/VPN RealSecure Server Sensor BlackICEWorkstation(IDS) RealSecure RealSecure Network Sensor + NetICE Gigabit BlackICE Workstation (FW) RealSecure Server Sensor RS/WGM ICEcap Decisions DesktopScanner System & DatabaseScanner InternetScanner Slide 29 Desktop Server Network One Protection System Risk Spectrum Viruses Worms Back Doors Malicious Code Unauthorized Access Misuse DDoS Web Defacement Exploits IT Infrastructure A/V VAIDSFW/VPN A/V VAIDSFW/VPN RealSecure Server Sensor BlackICEWorkstation(IDS) RealSecure RealSecure Network Sensor + NetICE Gigabit BlackICE Workstation (FW) RealSecure Server Sensor RS/WGM ICEcap Decision s DesktopScanner System & DatabaseScanner InternetScanner RealSecure Protection System (for Desktops, Servers, Networks) RealSecure SiteProtector Slide 30 RealSecure Protection System Slide 31 Protection Systems Increased connectivity means increased risk. Customers want to manage that risk cost effectively - without disrupting their business. Converging technologies, with consolidated and scalable management, reduces the TCO and simplifies security for our customers. RealSecure Site Protector Slide 32 SiteProtector 1.0 multi-site coordination Access multiple sites simultaneously through 2 instances of the console The same console can access unique sites Customers can deploy multiple sites to accommodate their specific geographic, business unit, or scalability needs Slide 33 SiteProtector 1.x scalability multi-site coordination Links multiple sites with a top-tier SiteProtector Analysis Dashboard - big picture security trends, metrics, graphs across Sites Transparent drill-down to local Site for detailed analysis Slide 34 SiteProtector 1.0 IS 6.2 RS 6.0 & later Fusion Q4,01 ICEcap Manager Integration for SiteProtector 1.x Enables Event linkage for Network ICE Gig/Guard/Sentry/Desktop Events With RealSecure SiteProtector 1.0 Q1,02 SiteProtector 1.x Dashboard Scalability RealSecure Network Sensor 7.0 Server Protection System New Policy Editor Q2,01 RealSecure 6.0 3 Tiered Architecture Improved Scalability Reduced Cost of Operations Q3,01Q4,02Q2,02Q3,02 RealSecure Server Sensor 6.01 ICEcap Manager 3.0 PIM RealSecure 6.5 FastAnalysis RealSecure SiteProtector Release Plan Slide 35 RealSecure Protection Systems SecureLogic Desktop, Server, Network RealSecure Site Protector Slide 36 Warum Internet Security Systems? Worldwide leader ! Slide 37 ISS : pioneer and leader Founded in 1994, headquartered in Atlanta, GA Pioneered Vulnerability Assessment, Intrusion Detection and Managed Security Services (MSS) Three operating theatres EMEA, AsiaPac, Americas, 14 offices in EMEA Established public company 1998 IPO, Nasdaq ISSX 2001 IPO, Jasdaq ISSKK 2000 revenues of $195,000,000 9,000 customers worldwide Slide 38 ISS - worldwide market share Slide 39 ISS Market Share Growth Slide 40 Gartners IDS Magic Quadrant Slide 41 In eigener Sache ISS Partner Programm 2002 Authorised Partner: 3 Tage Schulung Real Secure (Wert: 1.950) 2 Tage Schulung Internet Scanner (Wert: 1.300) Zugriff auf Knowledge Base Zugriff auf Marketing Infos Zugriff auf Newsgroups Nutzung ISS Logo Schulung Vertrieb Starter Kit (Wert: 14.000) Slide 42 Slide 43 Slide 44 THANK YOU!