Transcript Hexagon Title Slide

Bezpečnosť
IBM Internet Security Systems
Bezpečnostná platforma
a
Bezpečnostné služby
Ondrej KOVÁČ
Pre-Sales Engineer, CEMAAS
Máj 2008
MV SR, Hotel Šachtička | 13. mája 2008
© 2008 IBM Corporation
Agenda
 State of Security Today
 IBM Internet Security Systems Bezpečnostná Platforma
 IBM X-Force
– Proventia Security Solutions
– Managed Security Services & Professional Security Services
2
MV SR | Hotel Šachtička | 13. mája 2008
© 2008 IBM Corporation
IBM filozofia bezpečnosti
Bezpečné prostredie je pre oraganizácie nevyhnutným predpokladom, aby
mohli doručovať služby a produkty svojím zákazníkom. Bezpečnostný
manažment je integrálnou súčasťou stratégie organizácie.
CIA
3
MV SR | Hotel Šachtička | 13. mája 2008
© 2008 IBM Corporation
Máte odpoveď na nasledovné otázky?
Ako zabránite
neoprávnenému
prístupu?
Máte prehľad o
útokoch na
vaše sytémy a
infraštruktúru?
Môžete zaistiť
kontinuitu
služieb a
podpory?
Viete či
administrátor
nezneuživa
privilégiá?
Ako viete že
dáta na
vašich
systémoch sú
chránené?
Máte súlad s
klúčovými
normami a
legislatívnimi
smernicami pri
audite?
Máte konzistentnú
štruktúru reportov v
celej organizácii?
Možete korelovať
zdanlivo nesúvisiace
udalosti k pochopeniu
vektoru možnej
hrozby?
Ako chránite
aplikácie Web
services?
Ak sa nič nezmení, tak sa nič nezmení...
Platform
Infrastructure
Data Privacy
Compliance
and Audit
Extended Enterprise
*It is the customer's responsibility to identify, interpret and comply with any laws or regulatory requirements that affect its business.
IBM does not represent that its products or services will ensure that the customer is in compliance with the law.
4
MV SR | Hotel Šachtička | 13. mája 2008
© 2008 IBM Corporation
Čo je v hre?










5
Finančné straty
Znehodnotenie osobných záznamov
Reputácia / Dôvera
Legislatívne dôsledky
Narušenie kontinuity
Náklady na nápravu
Strategické plánovanie
Operačné náklady
Ľudské zdroje
Utilizácia technológií
MV SR | Hotel Šachtička | 13. mája 2008
© 2008 IBM Corporation
Bezpečnostné výzvy
Vysoké náklady

Potrebné pokrytie 24x7x365
(na jedno miesto je potrebných 6 – 9 zdrojov)

Potrebné sofistikované analytické nástroje k presnej identifikácii
hrozieb

Potrebné vybavenie a záložné systémy na manažment
Potrebné špecializované Zručnosti a Tréning

Požaduje detekčné, analytické, investigatívne a rozlišovacie zručností

Potrebné zručnosti na núdzovú odpoveď (emergency response)

Nevyhnútný sústavný nábor, training a “refresh”
Bezpečnostný výskum
 Požaduje prístup k najnovším hrozbám, vírusom, červom,
behaviorálnej analýze
 Potrebné porozumenie najnovších metód útokov a hrozieb
6
MV SR | Hotel Šachtička | 13. mája 2008
© 2008 IBM Corporation
Silo Problém – Point riešenia
neposkytujú efektívnu ochranu proti
dnešným komplexným hrozbám
Spam
AntiVirus
Malware
SpyWare
Etc
Problémy:
• Komplexnosť, Škálovateľnosť, Reportovanie
• Neadresuje komplexnosť bezpečnostných problémov
7
MV SR | Hotel Šachtička | 13. mája 2008
© 2008 IBM Corporation
Ako IBM vníma tieto výzvy
 Inovatívny prístup na ochranu zákazníka “Ahead of the Threat”
 Preventívna ochrana = Nižšie operačné náklady
 Podniková Bezpečnostná Platforma zahŕňa Software, Zariadenia,
Profesionálne Security Services and Managed Security Services =
Znižovanie opračných nákladov a Možnosť voľby
 Tento inovatívny prístup je škálovatelný, chráni proti súčasným a
novovzniknutým hrozbám, rozširuje a adaptuje ochranu na nové
prevádzkové aktivity = Client Business Control
 IBM ISS Podniková Bezpečnostná Platforma = Najpokročilejšie,
integrované a úplné multi-vrstvové dostupné bezpečnostné riešenie
8
MV SR | Hotel Šachtička | 13. mája 2008
© 2008 IBM Corporation
Professional
Security services
Managed Security
Services
Hardware a
Software
9
MV SR | Hotel Šachtička | 13. mája 2008
IBM Data Security Solutions
IBM Identity and Access
Management Solutions
IBM Physical Security Solutions
IBM riešenia
pre minimalizovanie hrozieb
IBM Security Governance
Solutions
IBM Protection Platform
© 2008 IBM Corporation
Benefity IBM Ochrannej Platformy
 Jednotný, integrovaný prehľad bezpečnosti pre súlad s normami,
reportovanie, atď.
 Rozšíriteľnosť a škálovateľnosť Platformi a služieb
 Korelácia a integrácia viacerých zdrojov dát
 Zvýraznenie – “najlepšie v odvetví” zariadenia
 Možnosť integrácie inovatívnych technológií
 24x7x365 prenajímanie (outsource) security management
 Zlepšený “uptime” systémov a výkonu bez výraznej investície do tecnológií
alebo zdrojov
 Managed security services zabezpečené SLA so službami výkonnostným
základom a garantovanou ponukou
10
MV SR | Hotel Šachtička | 13. mája 2008
© 2008 IBM Corporation
Definovanie Prventívnej – v čom je to
iné?
Ochrana proti exploits je reaktívna:
 Pre mnohých príliš neskoro
 Predchádzajúce updaty neúčinné voči variantom
 Typické pre antivirus a väčšinu IDS/IPS vendorov
Ochrana proti vulnerabilitám a
Behaviorálna je proaktívna:
 Zastaví hrozbu v “zárodku”
 Požaduje pokročilý R&D
11
MV SR | Hotel Šachtička | 13. mája 2008
© 2008 IBM Corporation
Virtual Patch™
Poskytnuté prostredníctvom Pre-Emption
Zastaví útoky skôr ako majú
dopad na vašu orgnizáciu
ISS produkty poskytujú
ochranu “štít” alebo Virtual
Patch pre slabiny
 “Virtual patch” bráni šíreniu
útokov, ktoré adresujú slabiny
 Eliminuje núdzový patching
 Zamedzuje rizikám z patching
 Umožní aplikáciu potrebných
patches počas normálneho
operačného okna
12
MV SR | Hotel Šachtička | 13. mája 2008
© 2008 IBM Corporation
Virtual Patch™ in action
April 13
August 9
August 11
August 13
ISS releases “virtual patch” for
discovered MS PnP vulnerability
Microsoft publicly
announces
vulnerability and
offers MS patch
First exploits
become public
Zotob Bot (based on PnP
vulnerability) runs rampant and
causes damage worldwide. ISS
virtual patch continues to protect
customers against Zotob and
dozens of variants.
MS Plug and Play / Zotob Timeline
Note short window of time between Microsoft’s announcement of the vulnerability and public exploits and rampant
worms appear. Virtual patch protects customers until they can download and install security updates from software
vendors.
13
MV SR | Hotel Šachtička | 13. mája 2008
© 2008 IBM Corporation
Preemptive Bezpečnostné Produkty
 IBM Proventia® Management
Manage I Monitor I Measure
 Proventia Network
– Intrusion prevention NIDS/NIPS
– Vulnerability management
– Multi-function security UTM
– Behavioral analysis
– Mail security
 Proventia Server
– Server protection HIPS
 Proventia Desktop
– End-point protection
14
MV SR | Hotel Šachtička | 13. mája 2008
© 2008 IBM Corporation
End-To-End Security Products and Services
Data Center
Perimeter
LAN
Web, Mail, File,
Application Servers
Managed Security Services
Intrusion Prevention, Firewall,
Content/Data /Mail/Web Security
Desk
Professional Security
Services
Testing, Vulnerability
Assessments, Customized
Security Policy Development,
Network Security Architecture
Assessments, Emergency
Response Services, Application
Security Assessments
Desktop & Laptop
 Penetration
15
Integrated Products: Protection against
viruses/worms/bots/spam/phishing/DDoS
+ other emerging threats
Dedicated & Multifunction
Appliances for Perimeter
Dedicated Appliances for
Local Area Network
Host Security SW for
Servers & PC’s
Intrusion Prevention,
Firewall, Content/Data
/Mail/Web Security
Intrusion Prevention,
Behavioral analysis (ADS),
Vulnerability Management
FW, Intrusion Prevention,
Content / Appl’n protection,
Multiple Operating systems
MV SR | Hotel Šachtička | 13. mája 2008
© 2008 IBM Corporation
Uncompromising Protection for Every Layer of Your Network
IBM Proventia® Network Intrusion Prevention
Business Challenges
16
MV SR | Hotel Šachtička | 13. mája 2008
The Proventia Solution
© 2008 IBM Corporation
Uncompromising Protection for Every Layer of Your Network
IBM Proventia® Network Anomaly Detection System
17
MV SR | Hotel Šachtička | 13. mája 2008
© 2008 IBM Corporation
Uncompromising Protection for Every Layer of Your Network
IBM Proventia® Network Enterprise Scanner
Business Challenges
The Proventia Solution
• Managing enterprise security risk
• Increase network uptime and bandwidth
• Demonstrating risk reduction and compliance
• Perform fast, accurate vulnerability scans
• Optimizing protection against existing vulnerabilities
• Free up resources by automating the scan process
• Automating the vulnerability scanning process
• Leverage your existing IT infrastructure
• Managing the vulnerability remediation workflow
• Monitor vulnerability status and maintain compliance
• Improving efficiency and decreasing operating costs
• Combine with Proventia® Platform for “Scan and
Block” capabilities
#1 Network VA Vendor (2005)
18
MV SR | Hotel Šachtička | 13. mája 2008
© 2008 IBM Corporation
Uncompromising Protection for Every Layer of Your Network
IBM Proventia® Network Mail Security System
Business Challenges
The Proventia Solution
• Safeguard the confidentiality of your corporate
• Inbound and outbound content filtering with
information and email communication channel
customizable policies, i.e. Credit Card / Social Security
Number Detector
• Shield the inboxes of your end users from spam and
other productivity drainers
• Secure your email infrastructure from viruses and
other email-based attacks
• Spam detection rate ~98%, automatically updated to
control new spam techniques, including image-based
spam
• Zero-day Virus Prevention System + integrated intrusion
prevention technology
19
MV SR | Hotel Šachtička | 13. mája 2008
© 2008 IBM Corporation
Uncompromising Protection for Every Layer of Your Network
IBM Proventia® Network Multi-Function Security
Business Challenges
• Protect your business from internet threats without
jeopardizing bandwidth or availability
• Secure your end users from spam, incompliant activity
and other productivity drainers
• Conserve your resources by eliminating the need for
special security expertise
The Proventia Solution
• Complete protection against all types of Internet threats,
with firewall, intrusion prevention, and Virus Prevention
System
• Spam effectiveness ~95%, define Web browsing
policies, filter database of +63 Million URLs in 62
categories
• “Set and forget” security, automatically updated to
protect against the next threat and tailored to needs of
your small business or remote offices
20
MV SR | Hotel Šachtička | 13. mája 2008
© 2008 IBM Corporation
Uncompromising Protection for Every Layer of Your Network
IBM Proventia® Desktop Endpoint Security
Business Challenges
• Mitigating business-threatening risks posed by
zero-day, targeted attacks
• Moving to a single security agent to eliminate extra
costs & management challenges of multiple vendors
• Protecting critical data and intellectual property
• Minimizing costs and lost productivity associated
with remediating infected endpoints
• Reducing help desk calls
21
MV SR | Hotel Šachtička | 13. mája 2008
The Proventia Solution
• Multi-layered preemptive protection in a single agent
• Mitigates against application- and network-vector
attacks
• Patented Virus Prevention System blocks malware
based on behavior, not signatures, at day zero, before
it infects the endpoint
• Includes signature antivirus/anti-spyware signatures,
in addition to preemptive technologies
© 2008 IBM Corporation
Uncompromising Protection for Every Layer of Your Network
IBM Proventia® Server
Business Challenges
The Proventia Solution
• Reduces security costs, protects server
environments and reduces downtime
• Managing disperse security agents
• Demonstrating risk and compliance
• Protecting critical data, intellectual property and
access to vulnerable servers
• Maintaining server uptime along while providing
strong host intrusion prevention technologies
• Tracking file access and changes among business
critical servers
• Enforces corporate security policy for servers
• Provides out-of-the-box protection with advanced
intrusion prevention and blocking
• Utilizes multiple layers of defense to provide
preemptive protection
• Support operating system migration paths
• Protects at-risk systems before vendor-supplied
patches are available
Industry’s broadest operating system support:
22
MV SR | Hotel Šachtička | 13. mája 2008
© 2008 IBM Corporation
Uncompromising Protection for Every Layer of Your Network
IBM Proventia® SiteProtector
Business Challenges
• Enterprise-wide view of asset, threat & vulnerability
data
• Comprehensive visibility into network
communications
• Securing Enterprise asset
• Keeping the network available, bandwidth utilization
• Maintaining too many security management systems
• Acceptable use of network resources
23
MV SR | Hotel Šachtička | 13. mája 2008
The Proventia Solution
•
•
•
•
•
•
Documents the security process
Provides centralized management of high
performance network security in addition to host
and gateway devices
Ease of use through console consolidation
Offers visibility through the detection system
Enables keeping ahead of rising standard of due
care
Keeps workflow support for policy mgmt, incident
response and vulnerability remediation
© 2008 IBM Corporation
Klúčové vlastnosti – Produktov
 Najlepší v odvetví – možnost ochrany podporuje „end-to-end“ pokrytie kritických
prevádzkových procesov: Networks, Servers, Koncové zariadenia a Aplikácie.
 Odhaľovanie slabín, manažement, a ochrana poskytuje rozsiahly risk manažement,
je riešením pre redukivanie rizík a podporu reportovania na súlad z normami
 Jednotná, integrovaná platforma poskytuje pohľad do všetkých vrstiev siete
 Korelácia a integrácia viacerých zdrojov dát zeefektívňuje komplexnosť prevádzky:
Intrusion Prevention IPS, Firewall, Anti-virus, Spam, Content and more.
 Ochrana proti širokému spektru hrozieb:
Virus
Proventia Network
-Intrusion prevention
-Vulnerability management
-Multi-function security
-Behavioral analysis
-Mail security
Proventia Server
-Server protection
Proventia Desktop
-End-point protection
24
X
Worm/Bot
Trojan
X
X
X
X
X
X
X
X
Common Threats
Spyware
Spam
X
X
X
X
Phishing
X
X
X
X
X
X
DDoS
AUP
X
X
X
X
X
MV SR | Hotel Šachtička | 13. mája 2008
Note: AUP = Acceptable Use Policy Enforcement
X
X
X
© 2008 IBM Corporation
The Next Generation Of MSS
25
MV SR | Hotel Šachtička | 13. mája 2008
© 2008 IBM Corporation
IBM ISS Managed Security Services Portfolio
Managed
protection
services
Service backed by the
industry’s only
Protection Guarantie
Targeted platform
•Network
•Servers
•Desktop
Target Service Level
•Premium
•Select
•Standard
26
IDS & IPS
Firewall &
MFS
Targeted platform
•Network
•Servers
•Desktop
Target Service Level
Target Service Level
•Premium
•Select
•Standard
•Standard
Best of breed support
•IBM ISS
•CISCO
•McAfee
•Juniper
•Sourcefire
•Premium
•Select
Best of breed support
•IBM ISS
•CISCO
•Check Point
•Juniper
Integrated modules
•Anti-Virus
•Anti-Spam
•Intrusion Protection
•Content Control
MV SR | Hotel Šachtička | 13. mája 2008
Vulnerability
assesment &
Managment
Target Protection
•External scanning
•Internal Scanning
Tiered scan intervals
•Weekly
•Monthly
•Quarterly
•Annually
Granual asset control
Virtual Patch protection
Security
Event Log
Manažment
Tiered solution model
•Network
•Server
•Host
Flexible data retention
•Online storage
•Offline storage
E-Mail
security
E-mail protection via
in-the-cloud protection
Security inteligence for
your enterprise
Modular offerings
•Anti-Virus
•Anti-Spam
•Image control
•Content control
Customizable daily
threat assesment
Flexible device
coverage
•Syslog
•Text based logs
•Application logs
Vulnerability alerts
Threat advisory
Inteligent analysis
Compliance reporting
X-Force
TAS
Threat elimination
•Viruses
•Worms
•Executable codes
•Malware
•Content control
•Spam
Research tools
Emerging trends
Security news
Vulnerability process
tracking
© 2008 IBM Corporation
IBM Managed Security Services
Offerings
 Managed Protection Services - poskytuje najrozsiahlejšie služby na ochranu pre sieť,
servery, a desktopy, jediná money-back hotovostná platba v celom odvetvý.
 Managed and Monitored Firewall Services - ponúka 24/7/365 každodenný manažment
odborníkmi pre rôzne firewall platfomi
 Managed IDS/IPS Services - ponúka 24/7/365 monitoring, intrusion detection, and
prevention, taktiež “incident response” služby pre sieť a servery.
 Vulnerability Management Service – vykonáva sa v pravidelných intervaloch,
automatizovaný scans interných a externých zariadení na stovky známych bezpečnostných
hrozieb.
 Security Event and Log Management Services – ponúka všetky benefity SELM
produktov bez potreby zvyšenia vstupných nákladov ako i prevádzkových nákladov.
 Managed E-mail and Web Security Services – je navrhnutý pre rôznorodé riešnia na
zvýšenie bezpečnosti existujúceho stavu bezpečnosti, chráni pred virusmi, a spam, a
zároveň analyzuje email proti nechcenému obsahu.
27
MV SR | Hotel Šachtička | 13. mája 2008
© 2008 IBM Corporation
Dopĺňa existujúcu sieťovú bezpečnosť
Complements
Intrusion Prevention
Complements
Vulnerability Management
Network Usage & Performance
Passive Network Assessment
Network-wide Visibility
Service Usage Statistics
Behavioral Detection
Policy Violations
Integrates into your Platform Solution
28
MV SR | Hotel Šachtička | 13. mája 2008
© 2008 IBM Corporation
29
MV SR | Hotel Šachtička | 13. mája 2008
© 2008 IBM Corporation
30
MV SR | Hotel Šachtička | 13. mája 2008
© 2008 IBM Corporation
Ďakujem za pozornosť
Ondrej KOVÁČ
[email protected]
+421 918 541975
31
MV SR | Hotel Šachtička | 13. mája 2008
© 2008 IBM Corporation