Download the NSS Labs 2013 IPS Group Test: http://securityintelligence.com/nss-labs-results-and-the-question-of-security-effectiveness/
Understanding the criteria and test methodology of various third-party testing is a key component of making an informed decision on your next intrusion prevention platform. In this webcast, we will delve into the latest NSS Labs testing results, where IBM scored 95.7% in exploit block rate, and describe what it shows about the effectiveness of IBM Intrusion Prevention Solutions. We will also cover the role of third-party testing in general and how this testing applies to “real-world” threats and constantly changing attacks. Don’t miss the chance to get insight on the latest IBM test results and learn more about what third-party testing means for you.
View the On-demand webinar: https://www2.gotomeeting.com/register/577560858
Writing signatures to match specific exploit or attack traffic is the outermost layer. Many of our competitors rely on this approach as their predominant detection method, but we believe this is insufficient, which is why we've spent over a decade developing additional layers of complex inspection technologies beyond simple pattern matching to stop whole classes of threats.IBM goes deeper and...... build decodes on the vulnerabilities, not the exploits... apply heuristics to application behavior... analyze web traffic for injection attempts... block embedded shellcode... dive into content... and FINALLY, spend a lot of time understanding full network protocols, giving us a unique capability to identify complex techniques such as evasions and tunneling... but also zero-day behavior that might be something entirely new
HTML_Browser_Plugin_Overflow - This signature detects the network transfer of HTML directives containing a java plugin instantiation that could overflow a buffer and cause the browser to execute code specified by a remote attacker on a victim's computer. (CVE 2010-3522)Java_Malicious_Applet - This signature analyzes Java applet class files and computes a threat level heuristic representing likely potential for malicious activity. (CVE-2013-2465, CVE-2013-2463)Java_Sandbox_Code_Execution - This signature analyzes Java applet class files for classes and methods that may indicate an attempt to call the security manager with the intent of extending applet permissions.JavaScript_NOOP_Sled - This signature detects a simple NOOP sled in an 'unescape()' JavaScript function. This may indicate an attempt to overflow a buffer by padding the request with a large number of NO-OP instructions. A successful attempt could cause a denial of service or allow arbitrary code to be executed on the system. Script_Suspicious_Score - This event signifies an accumulation of suspicious characteristics in scripting languages. The script source code is scanned for various attributes, each of which might be used legitimately, but, in combination, appear suspicious and may be evidence of malicious or clandestine intent. Blocking by default since July 2012 (CVE-2013-3893)JavaScript_Msvcrt_ROP_Detected - This event detects JavaScript code that appears to be an attempt to exploit return-oriented programming techniques when using the Microsoft Visual Studio C run-time library. (CVE-2013-3893)CompoundFile_Embedded_SWF - This event looks for the transfer of a compound file (for instance, a Microsoft Office document) that appears to embed a SWF file that creates another SWF file. This represents a suspicious condition which may be used to obfuscate an attack. Cross-site scripting – Vulnerability, commonly found in web applications, that makes it possible for attackers to inject malicious code into victim’s web browser,.SQL Injection – vulnerability allowing for malicious SQL statements to run on a database, i.e. reading sensitive data, modify database data, execute admin operations on the database
"In order to determine which IPS products were protecting against known public exploits vs. the underlying vulnerability, the NSS Labs 2013 IPS Group Test put increased emphasis on using exploits that varied from their known public form,” said Vikram Phatak, Chairman and CEO of NSS Labs. “IBM performed extremely well in this testing, achieving an overall score of 95.7%. This speaks to the ability of the IBM IPS to perform against the types of constantly evolving threats that are often seen in today’s networks.”
The XGS 5100 is a follow-on release from our initial launch of this product last yearPositioning the solution around three main pillars - Threat protection - Network control - IntegrationWe’ll get into each of these pillars a bit more in a minute…