© 2009 IBM Corporation
IBM | Internet Security Systems
NDA Required
IBM ISS - Portafolio Status & Roadmap
J. Francisco Herrera A.Ingeniero de [email protected]+52-55-52703937 Diciembre, 2009
IBM | Internet Security Systems
© 2009 IBM CorporationSecurity Convergence
X-ForceVulnerabilidades & Amenazas, 1H-2009PortafolioServicios
– Servicios Profesionales de Seguridad
– Servicios de Seguridad Administrados
Agenda
IBM | Internet Security Systems
© 2009 IBM CorporationSecurity Convergence
X-Force
Vulnerabilidades & Amenazas, 1H-2009 Portafolio Servicios
– Servicios Profesionales de Seguridad
– Servicios de Seguridad Administrados
Agenda
IBM | Internet Security Systems
© 2009 IBM CorporationSecurity Convergence
IBM: Amplio portafolio de Seguridad, Gestión de Riesgo y Cumplimiento
– El único Fabricante de Seguridad en el mercado con cobertura punto a punto en materia de seguridad
– 15,000 investigadores, desarrolladores y expertos en iniciativas de seguridad
– 3,000+ patentes de administración de riesgo y seguridad
– 200+ clientes como referencia en seguridad y 50+ casos de estudio publicados
– 40+ años de experiencia comprobada asegurando ambientes zSeries
– $1.5 Billiones de dólares gastados en seguridad en 2008
USUARIOS E IDENTIDADES
GOBIERNO DE SEGURIDAD, GESTIÓN DE RIESGO Y CUMPLIMIENTO
DATOS E INFORMACIÓN
APLICACIONES Y PROCESOS
REDES, SERVIDORES Y END POINT
INFRAESTRUCTURA FÍSICA
Servicios administrados
Servicios profesionales
Hardware y software
IBM | Internet Security Systems
© 2009 IBM CorporationSecurity Convergence
X-Force Database
La base de Datos mas amplia y completa del mundo
– Sobre 40,000 vulnerabilidades catalogadas
– Registros desde los años 90’s
Actualiazada diariamente por un grupo de investigadores dedicado
Xforce da seguimiento de vulnerabilidades sobre...
– 8000 Fabricantes
– 17,000 Productos
– 40,000 Versiones
IBM | Internet Security Systems
© 2009 IBM CorporationSecurity Convergence
Solutions
IBM X-Force® respalda la Seguridad ofrecida
Protection Technology Research
Threat Landscape Forecasting
Malware Analysis
Public Vulnerability Analysis
Original Vulnerability
Research
Research
X-Force Protection Engines
Extensions to existing engines New protection engine creation
X-Force XPU’s
Security Content Update Development
Security Content Update QA
X-Force Intelligence
X-Force Database Feed Monitoring and Collection Intelligence Sharing
Technology
El “X-Force Team” entrega complejidad operacional reducida – ayudar a construir tecnologías integradas modulares
IBM | Internet Security Systems
© 2009 IBM CorporationSecurity Convergence 7
Seguridad Efectiva | Protección de SistemaProtocol Analysis ModulePAM es el motor de busqueda detras de la protección preventiva utilizada por muchos de los dispositivos en la Familia de Productos Proventia.
Proventia Content Analyzer Injection Logic Engine
IBM | Internet Security Systems
© 2009 IBM CorporationSecurity Convergence
Virtual Patch
What It Does:Shields vulnerabilities from exploitation independent of a software patch, and enables a responsible patch management process that can be adhered to without fear of a breach
Why Important:At the end of 2008, 53% of all vulnerabilities disclosed during the year had no vendor-supplied patches available to remedy the vulnerability
Threat Detection & Prevention
What It Does:Detects and prevents entire classes of threats as opposed to a specific exploit or vulnerability.
Why Important:Eliminates need of constant signature updates. Protection includes the proprietary Shellcode Heuristics (SCH) technology, which has an unbeatable track record of protecting against zero day vulnerabilities.
Content Analysis
What It Does:Monitors and identifies unencrypted personally identifiable information (PII) and other confidential information for data awareness. Also provides capability to explore data flow through the network to help determine if any potential risks exist.
Why Important:Flexible and scalable customized data search criteria; serves as a complement to data security strategy
Web Application Security
What It Does:Protects web applications against sophisticated application-level attacks such as SQL Injection, XSS (Cross-site scripting), PHP file-includes, CSRF (Cross-site request forgery).
Why Important:Expands security capabilities to meet both compliance requirements and threat evolution.
Network Policy Enforcement
What It Does:Manages security policy and risks within defined segments of the network, such as ActiveX fingerprinting, Peer To Peer, Instant Messaging, and tunneling.
Why Important:Enforces network application and service access based on corporate policy and governance.
NUEVO - Proventia Web Application SecurityPlataforma de Protección Modular
PAM es el motor de busqueda detrás de la protección preventiva incorporada por muchas de las soluciones de la familia de productos Proventia de IBM. PAM, conformado por 5 tecnologías de detección.
IBM | Internet Security Systems
© 2009 IBM CorporationSecurity Convergence
X-Force
Vulnerabilidades & Amenazas, 1H-2009
Portafolio Servicios
– Servicios Profesionales de Seguridad
– Servicios de Seguridad Administrados
Agenda
IBM | Internet Security Systems
© 2009 IBM CorporationSecurity Convergence
Divulgación de Vulnerabilidades, métricas CVSS
Source: IBM, X-Force Team
http://www-935.ibm.com/services/us/iss/xforce/trendreports/
Vulnerabilidades “Severidad Alta”, 6% menos respecto a 2008
Vulnerabilidades “Severidad Media”, 8% mas respecto a 2008
IBM | Internet Security Systems
© 2009 IBM CorporationSecurity Convergence
Divulgacion de Vulnerabilidades
Source: IBM, X-Force Team
http://www-935.ibm.com/services/us/iss/xforce/trendreports/
IBM | Internet Security Systems
© 2009 IBM CorporationSecurity Convergence
Aplicaciones WEB
Source: IBM, X-Force Team
http://www-935.ibm.com/services/us/iss/xforce/trendreports/
IBM | Internet Security Systems
© 2009 IBM CorporationSecurity Convergence
Consecuencias de la explotación de Vulnerabilidades
Source: IBM, X-Force Team
http://www-935.ibm.com/services/us/iss/xforce/trendreports/
IBM | Internet Security Systems
© 2009 IBM CorporationSecurity Convergence
Vulnerabilidades en Aplicaciones WEB
Source: IBM, X-Force Team
http://www-935.ibm.com/services/us/iss/xforce/trendreports/
IBM | Internet Security Systems
© 2009 IBM CorporationSecurity Convergence
Cuadrante de Explotabilidad de Vulnerabilidades & Vulnerabilidades de “Browser”
Quien no tiene Adobe?Quien no confia “ciegamente” en Microsoft?
Source: IBM, X-Force Team
http://www-935.ibm.com/services/us/iss/xforce/trendreports/
IBM | Internet Security Systems
© 2009 IBM CorporationSecurity Convergence
Analisis de Contenido en Internet
Source: IBM, X-Force Team
http://www-935.ibm.com/services/us/iss/xforce/trendreports/
IBM | Internet Security Systems
© 2009 IBM CorporationSecurity Convergence
X-Force Vulnerabilidades & Amenazas, 1H-2009
Portafolio
Servicios– Servicios Profesionales de Seguridad
– Servicios de Seguridad Administrados
Agenda
IBM | Internet Security Systems
© 2009 IBM CorporationSecurity Convergence
Unified Enterprise SecurityConsole for all products
Vulnerability Scanning Appliance
● Vulnerability Discovery● Remediation Recommendation, prioritization
and assignment● Tracking to resolution● Compliance Reporting
Multifunction Appliance – MX UTM“All-in-One” Protection Appliance
•IDS/IPS•FW / VPN•AntiVirus (signature & behavioral)•AntiSpam•Web Filter•Spyware
Protection ApplianceProtection Appliances Real Secure Server Sensor
NEW Data Security Services and Data Loss Prevention (DLP)
IBM-ISS, Ofrecimiento de Productos
Data Leakage – A holistic approach to ensure that data does not find it’s way outside of controlled environments
Proventia Network IPS – GX Models•Preemptive Security for Networks•Identifies & analyzes >140 protocols•Bi-directional deep packet decode using Protocol Analysis Module•Sized by segments and network throughput to protect (10Mb to 5 Gb in line)•Virtual Patch Technology – ahead of the threat – protection against zero day attacks with X-Press Updates
Proventia endpoint secure control
Desktop Protection Agent
System / Data Protection & System Management Agent•Firewall•Intrusion Protection•Antivirus (signature & behavioral)•Device control•DLP•NAC•Whole disk encryption•Patch management•Power management•Compliance/SCAP/FDCC•Software deployment/removal
Protection Agent
Real Secure Server Sensor•Solaris, AIX, HP-UX & Windows•Firewall•Intrusion Protection•Protects SSL applications
“Multi-layered” Protection•Windows & Linux•Firewall•Intrusion Protection•Provides monitoring of Windows Registry, users, files and directory
IBM | Internet Security Systems
© 2009 IBM CorporationSecurity Convergence
Seguridad Efectiva, Validado por…
http://nsslabs.com/ibm
1er IPS en recibir NSS Gold Award
en 5 años
IBM | Internet Security Systems
© 2009 IBM CorporationSecurity Convergence 20
Proventia NIPS XBeam
10 Gbps
GX3002
10 Mbps
GX4004
GX4002200 Mbps
200 Mbps
GX5008
400 Mbps
GX51081.2 Gbps
GX5208
2 Gbps
GX6116 8 Gbps
Telco
EnterpriseSMBROHO/SOHO
Remote Segments Perimeter CoreGX3002
Network
GX4002 GX4004 GX5008 GX5108 GX5208 GX6116
10 Mbps
10 Mbps
1
200 Mbps
200 Mbps
1
200 Mbps
200 Mbps
2
400 Mbps
400 Mbps
4
1.2 Gbps
1.2 Gbps
4
2 Gbps
2 Gbps
4
15 Gbps
8 Gbps
8
Model
Throughput
Inspected Throughput
Protected Segments
IBM | Internet Security Systems
© 2009 IBM CorporationSecurity Convergence
IBM Proventia® Network IPS y el IBM Proventia Network Security Controller
IBM Proventia NetworkSecurity Controller Interfaces 10 Gbps para
balancear segmentos de red10 Gbps a través de varios Proventia IPS
Funcionalidad integrada de bypass para eliminar la necesidad de HW adicional en la red
Administración y configuración Plug and play
IBM Proventia NetworkIntrusion Prevention Respaldo del X-Force sobre
contenido de seguridad lo que incrementa el nivel de protección
Desempeño Carrier Class y confiabilidad
Complementamos con Servicios Administrados y Profesionales de Seguridad para darle valor al cliente
Protección para Redes 10 Gigabit● Aplica la protección de los IPS Proventia a redes
de alto desempeño● Extiende la vida de IPS existentes● Aplica la misma administración y políticas que usa
actualmente
● No se requieren nuevas consolas de administración, ni creación de nuevas políticas de seguridad
● Reduce el costo de las actualizaciónes de Red
● Seguridad escalable a medida que se incrementa la utilización de la red
IBM | Internet Security Systems
© 2009 IBM CorporationSecurity Convergence
FW, IDS/IPS, AV, Email & Web Content, VPN: IPSEC & SSL QoS WAN LBFO Graphical Interface Real time Network Statistics & Reporting Routing Interface Protocol (RIP) Support Changing Modes: Routing to Transparent Offline Settings Editor
Proventia MX
MX0804
MX1004
MX3006
MX4006
MX5008
MX5110
IBM | Internet Security Systems
© 2009 IBM CorporationSecurity Convergence
IBM Proventia® Server Intrusion Prevention System (IPS) & IBM RealSecure® Server Sensor
Multi-layered protection: Firewall, Intrusion Prevention & Detection, Buffer Overflow Protection, Appli cation Black & White Listing and SSLInspection
NSS Labs Certifications for HIPS and PCI Compliance
Thorough compliance management with File Integrity & Registry Integrity Monitoring, OS Auditing and Third Party Log Monitoring
Support for multiple versions of Windows, Linux, AIX, Solaris, HP-UX and VMware Guest OS
Provides both 32- and 64-bit support
Reduce el TCO, teniendo Seguridad y cumplimiento con regulaciones en 1 solo agente
Protege contra amenzas Internas y Externas con protección multicapa respaldado por X-Force
El mas amplio soporte a Sistemas Operativos en el Mercado
Combina protección multicapa en 1 solo agente de software que previene ataques conocidos y desconocidos con soporte para diversos Sistemas Operativos.
Microsoft® Windows®Linux®VMware Guest Operating System (OS)
IBM AIX®SolarisHP-UXMicrosoft® Windows®
IBM | Internet Security Systems
© 2009 IBM CorporationSecurity Convergence
Proventia VX Network IPS GV1000 Proventia Virtual Network IPS
– VMware image
– Supports VMware ESX
– Full-featured Proventia IPS Firmware
– Provides flexible deployment options such as running on ruggedized hardware
– Supports datacenter virtualization
– 700 MB / Single Inline / Two Monitoring
GV200 Proventia Virtual Network IPS – VMware image
– Supports VMware ESX, ESXi and Server
– Full-featured Proventia IPS Firmware
– Provides flexible deployment options such as running on ruggedized hardware
– Supports datacenter virtualization
– 200 MB / Single Inline / Two Monitoring
2 versionesGV200 en Q3
IBM | Internet Security Systems
© 2009 IBM CorporationSecurity Convergence
Realtime protection – Revisa y previene fuga de información en tiempo real sobre interfaces Giga en los 65,535 puertos
Comprehensive methodologies – Detecta información precisa con 10 tecnicas diferentes de analisis de contenido para asegurar los datos
Simplified administration – Multiples opciones de politicas predefinidas para controldirecto de contenido (ej. PCI) y administración de comunicación (ej. Mensajeria instantanea)
Lowered complexity – Monitorea y reporta sobre intrusiones y eventos de DLP desde una sola consola de adminsitración
Basado en dispositivos Fidelis XPS de Fidelis Security Systems
Network Data Loss Prevention (DLP)Soluciones de Seguridad de Datos en Red
Fidelis – Areas clave de Protección de Datos
Fidelis XPS
IBM | Internet Security Systems
© 2009 IBM CorporationSecurity Convergence
Automated discovery – Clasifica datos sensibles y contenido utilizando tecnicas de deteccion automatizadas entre mas de 300 tipos de archivo y mas de 60 idiomas
Enforced security policies – Provee administración de datos basado en contexto para monitorear, controlar y, si es necesario, bloquear
Enhanced visibility – Identifica y registra transacciones de datos y uso entre grupos de personas y a nivel indiviudal
Secured interactions – Protége interacciones entre propietarios de datos y usuarios – expandible a terceros (proveedores, sucursales, etc)
Basado en software Digital Guardian de Verdasys, Inc.
Endpoint Data Loss Prevention (DLP)Soluciones de Seguridad de Datos en el Endpoint
What is the User Doing With It
Where & What is Sensitive Data
Where is the Data Going
Apply Risk Appropriate Policy & Actions
Verdasys
IBM | Internet Security Systems
© 2009 IBM CorporationSecurity Convergence
Easy, automatic operation – Protége los datos sin afectar la experiencia del usuario
Enforced security policies – Refuerzo automatico de protecion a datos y correo con politicas administradas centralmente
Accelerated deployment – Simplifica despliegue inciial y provee una gran compatibilidad con sistemas existentes con un acercamiento basado en plataformas y operaciones basado en estandares
Endpoint EncryptionSoluciones de seguridad de Datos en el Endpoint
Reduced operational costs – Centralemnte administra politcas de cifrado entre aplicaciones claves y dispositivos
End-to-end solution – Cifra correo laptops, desktops, mensajeria instantanea, smart phones, almacenamiento en red, transferencia de archivos y respaldos
Software PGP Corporation encryption
PGP
IBM | Internet Security Systems
© 2009 IBM CorporationSecurity Convergence 2828
Solución de IBM- Enterprise Secure Control
Anti-malware technologies
IBM X-Force® protection
Patch management
Power management
AV and anti-spyware client management
Deployment/removal tools
ENDPOINT SECURITY
ENDPOINTDATA
SECURITY
SECURITY CONFIGURATIONMANAGEMENT
ENDPOINT SYSTEM
MAINTENANCE
Signature and behavioral anti-virus (AV)
Buffer overflow exploit prevention (BOEP)
Application Control
Security configuration management
Security policy management
Vulnerability assessment
Network access control
Data loss prevention
Encryption management
Proventia content analysis
Device control
Vulnerability-centric intrusion prevention system (IPS)
Endpoint firewall
IT SECURITY
IT OPERATIONS
IBM PROFESSIONAL SECURITY SERVICES
IBM | Internet Security Systems
© 2009 IBM CorporationSecurity Convergence
X-Force Vulnerabilidades & Amenazas, 1H-2009 Portafolio
Servicios– Servicios Profesionales de Seguridad
– Servicios de Seguridad Administrados
Agenda
IBM | Internet Security Systems
© 2009 IBM CorporationSecurity Convergence 30 12/22/09
PSS: Servicios de Seguridad exhaustivos de Alcance Organizacional
EvaluarEvaluar–Application Security Assessment Application Security Assessment – Information Security AssessmentInformation Security Assessment
–Policy and ISO 17799 Gap Analysis Policy and ISO 17799 Gap Analysis –Risk AssessmentsRisk Assessments–Security Certification Program Security Certification Program
–FISMA AssessmentFISMA Assessment–PCI AssessmentPCI Assessment
–Penetration TestPenetration Test
DiseñarDiseñar– Implementation PlanningImplementation Planning–Network Security Architecture Design Network Security Architecture Design –Policy Design and Development Policy Design and Development
–QuickStart Programs for Regulatory QuickStart Programs for Regulatory Compliance Compliance
–Security Strategy WorkshopSecurity Strategy Workshop
–Standards and Procedures Standards and Procedures DevelopmentDevelopment
InstalarInstalar–Deployment ServicesDeployment Services–Migration ServicesMigration Services
Gestion & SoporteGestion & Soporte–Emergency Response Services Emergency Response Services –Staff Augmentation & SupportStaff Augmentation & Support
–X-Force Threat Analysis ServiceX-Force Threat Analysis Service
EducarEducar–CertificationCertification–On-Site & Off-Site ClassesOn-Site & Off-Site Classes–Security Awareness ProgramSecurity Awareness Program
–Third Party ClassesThird Party Classes– Secure Programing WorkshopSecure Programing Workshop
IBM | Internet Security Systems
© 2009 IBM CorporationSecurity Convergence
Servicios Administrados de Seguridad
Fuentes: -Gartner -Frost & Sullivan
© 2009 IBM Corporation
IBM | Internet Security Systems
NDA Required
Gracias!Visite nuestra página IBM-Proventia Protection Platform, http://www.ibm.com/mx/services/sps/iss/index.phtml?section=column2&position=11&referral=4&client=6X-Force: http://xforce.iss.netPGP: http://www.pgp.com/ibm/Fidelis: http://www.fidelissecurity.com/Verdasys: http://www.verdasys.com/data_loss_prevention.php
NSS Labs: http://nsslabs.com/reports/all-product-reports
Top Related