SlideShare a Scribd company logo

Latest NSS Labs Testing Results

Download as PPTX, PDF
IBM Security
IBM Security

Download the NSS Labs 2013 IPS Group Test: http://securityintelligence.com/nss-labs-results-and-the-question-of-security-effectiveness/ Understanding the criteria and test methodology of various third-party testing is a key component of making an informed decision on your next intrusion prevention platform. In this webcast, we will delve into the latest NSS Labs testing results, where IBM scored 95.7% in exploit block rate, and describe what it shows about the effectiveness of IBM Intrusion Prevention Solutions. We will also cover the role of third-party testing in general and how this testing applies to “real-world” threats and constantly changing attacks. Don’t miss the chance to get insight on the latest IBM test results and learn more about what third-party testing means for you. View the On-demand webinar: https://www2.gotomeeting.com/register/577560858

Technology
1 of 22
IBM Security Systems The Results are in: IBM’s Capabilities Shine in Latest NSS Labs Testing December 10th 2013 Jim Brennan Program Director of Strategy & Product Management Infrastructure Security 1 IBM Security Systems © 2013 IBM Corporation © 2013 IBM Corporation
IBM Security Systems A brief primer to get started … Vulnerability Exploit vs ??? • • • 2 A potential weakness in a system Not a danger on its own May be multiple ways of breaking in IBM Security Systems • • A tool used to gain entry Many different exploits can target a single weakness © 2013 IBM Corporation
IBM Security Systems Two different protection approaches, yielding very different results ??? Focus on the Vulnerability Prevent everything from breaking the window Pre-emptive protection 3 IBM Security Systems Focus on the Exploits Prevent a crowbar from breaking the window Prevent a rock from breaking the window Prevent a cannonball from breaking the window New exploit, new signature © 2013 IBM Corporation
IBM Security Systems Mutated threats evade exploit-focused defense mechanisms Vulnerability Exploit BLUE CROWBAR email password Submit Form input direct to Database query without proper validation or sanitization 4 IBM Security Systems Mutated Exploit RED CROWBAR ' OR username IS NOT NULL OR username = ' JyBPUiB1c2Vybm FtZSBJUyBOT1Q gTlVMTCBPUiB1 c2VybmFtZSA9IC c= Common SQL Injection In plaint text to dump usernames from table The same SQL Injection encoded with Base64 can evade pattern matching © 2013 IBM Corporation
IBM Security Systems IBM’s multiple intrusion prevention technologies work in tandem Spectrum of Vulnerability and Exploit Coverage IBM stays ahead of the threat with these protection engines Vulnerability Decodes Focused algorithms for mutating threats Application Layer Heuristics Proprietary algorithms to block malicious use Web Injection Logic Patented protection against web attacks - e.g. SQL Injection and Command Injection Shellcode Heuristics Behavioral approach to blocking exploit payloads Some IPS solutions stop at pattern matching Exploit Signatures Attack specific pattern matching 5 IBM Security Systems Content Analysis File and document inspection Protocol Anomaly Detection Protection against misuse, unknown vulnerabilities, and tunneling across over 230+ protocols © 2013 IBM Corporation
The signatures and examples shown in this slide are for representation of the heuristic coverage available and do not demonstrate the entire listing of attacks from the time the signature was created. IBM Security Systems The Result = Preemptive protection for today’s threats Pre-2009 2009 2010 2011 2012 2013 Oracle Java Exploit CVE-2012-4681 Java Byte Code Exploitation Red = Attacks Blue = Preemptive Heuristic Detection Java Plug-in for IE Remote Code Java_Sandbox_Code_Execution (IPS) Oracle Java Exploit CVE-2013-2465 and 2463 HTML_Browser_Plugin_Overflow Java_Malicious_Applet MS IE Remote Exploit CVE-2012-4781 Client-based Threats JavaScript_NOOP_Sled MS IE Remote Exploit CVE-2013-3893 JavaScript_Msvcrt_ROP_Detected Script_Suspicious_Score Adobe Flash Code Exec CVE-2011-0611 Gong Da Exploit CVE-2013-0633 CompoundFile_Embedded_SWF Web Application Attacks Cross_Site_Scripting SQL_Injection 6 IBM Security Systems EasyMedia Script XSS PHP-Fusion SQLi MS SharePoint CVE-2012-1859 MS SQL Server CVE-2012-2552 Oracle DB SQLi Lizamoon Lilupophilupop © 2013 IBM Corporation
IBM Security Systems 2012 Tolly Group Report demonstrated IBM’s adaptive protection http://ibm.co/Tolly     7 Delivers superior protection from evolving threats with high levels of performance Stops 99% of tested, publicly available attacks Is nearly twice as effective as Snort at stopping "mutated" attacks Protects streams of 100% HTTP traffic at speeds of 20 Gbps and mixed traffic loads of 35 Gbps+ IBM Security Systems Source: Tolly Test Report October 2012 © 2013 IBM Corporation
IBM Security Systems Simple mutations rendered signature matching engines useless A simple change to a variable name allows the attack to succeed, while rendering the protection of a signature matching engines useless A simple change to the HTML code in a compromised web page makes the attack invisible to signature protection Simply adding a comment to a web page results in an attack successfully bypassing signature IPS 8 IBM Security Systems Original Variable Names Mutated Variable Names Shellcode somecode Block brick heapLib badLib Original Class Reference Mutated Class Reference <html><head></head> <body><applet archive="jmBXTMuv.jar" code="msf.x.Exploit.class" width="1" height="1"><param name="data" value=""/><param name="jar"> <html><head></head> <body><applet archive="eXRZLr.jar" code="msf.x.badguy.class" width="1" height="1"><param name="data" value=""/><param name="jar"> Original Code Mutated Code var t = unescape; var t = unescape <!— Comment -->; © 2013 IBM Corporation
IBM Security Systems NSS Labs  Independent information security research and testing organization  Pioneered third party intrusion detection and prevention system testing with the publication of the first such test criteria in 1999  Evaluates firewall, unified threat management, anti-malware, encryption, web application firewall, and other technologies on a regular basis 9 IBM Security Systems © 2013 IBM Corporation
IBM Security Systems NSS Labs 2013 Group IPS Test: Shows IBM’s solutions are especially effective against mutating threats 95.7% Exploit Block Rate 97.7% Block Rate for Server Attacks 94.1% Block Rate for Client Attacks PASS All tests related to “Stability & Reliability” PASS “ [IBM’s score] speaks to the ability of the IBM IPS to perform against the types of constantly evolving threats that are often seen in today’s networks.” –Vikram Phatak Chairman and CEO, NSS Labs All tests related to “Evasions” 10 IBM Security Systems © 2013 IBM Corporation
IBM Security Systems Coverage by Attack Vector Attacker Initiated: Executed remotely against a vulnerable application or operating system Target Initiated: Initiated by user behavior (clicking on a link, opening an attachment, etc) 11 IBM Security Systems © 2013 IBM Corporation
IBM Security Systems Coverage by Target Vendor “This graph highlights the coverage offered by the IBM GX7800 for some of the top vendor targets (out of more than 70) represented in this round of testing” 12 IBM Security Systems © 2013 IBM Corporation
IBM Security Systems Evasion Results in Detail “The device proved effective against all evasion techniques tested. The IBM GX7800 successfully blocked all evasions, resulting in an overall PASS.” 13 IBM Security Systems © 2013 IBM Corporation
IBM Security Systems Stability & Reliability in Detail “The IBM GX7800 is required to remain operational and stable throughout the tests, and to block 100% of previously blocked traffic, raising an alert for each.” 14 IBM Security Systems © 2013 IBM Corporation
IBM Security Systems Performance Throughput Details 15 IBM Security Systems © 2013 IBM Corporation
IBM Security Systems IBM Security Network Protection XGS The Next Generation of IBM intrusion prevention solutions ADVANCED THREAT PROTECTION SEAMLESS DEPLOYMENT & INTEGRATION Proven adaptive protection from sophisticated and constantly evolving threats, powered by X-Force® 16 COMPREHENSIVE VISIBILITY & CONTROL Helps discover and block existing infections and rogue applications while enforcing access policies Adaptive deployment and superior integration with the full line of IBM security solutions IBM Security Systems © 2013 IBM Corporation
IBM Security Systems IBM’s Vision for Integrated Advanced Threat Protection Cross-domain awareness of threat activity Integrated platform for distribution of threat intelligence In the Wild     Malware analysis Vulnerability analysis URL classification Reputation On the Network     Intrusion prevention URL filtering Application control Malware detection On the Endpoint  Malware prevention  Configuration management Cross-domain awareness of targeted assets 17 IBM Security Systems © 2013 IBM Corporation
IBM Security Systems Executing on the Vision Cross-domain awareness of threat activity Integrated platform for distribution of threat intelligence In the Wild On the Network IBM Network Protection On the Endpoint Endpoint Manager Trusteer Apex Cross-domain awareness of targeted assets 18 IBM Security Systems © 2013 IBM Corporation
IBM Security Systems Summary  Vulnerability-focused intrusion prevention systems offer pre-emptive protection that cannot be easily evaded by mutating threats  IBM’s score of 95.7% exploit block rate in NSS Labs 2013 IPS Group Test speaks to its ability to perform against the types of constantly evolving threats often seen in today’s networks  IBM’s Network Protection platform builds upon IBM’s proven adaptive protection to include robust application visibility and control, and is part of a comprehensive platform that defends against threats 19 IBM Security Systems © 2013 IBM Corporation
IBM Security Systems Learn more about IBM’s IPS offerings: Download the 2013 NSS Labs IPS Group Test : http://ibm.co/IBM_NSS Read the Tolly Test report on IBM: http://ibm.co/Tolly Learn about Forrester’s Zero Trust Model : http://ibm.co/Forrester Visit our: Blog: www.securityintelligence.com Website: www.ibm.com/security 20 IBM Security Systems © 2013 IBM Corporation
IBM Security Systems Questions? 21 IBM Security Systems © 2013 IBM Corporation © 2013 IBM Corporation
IBM Security Systems ibm.com/security © Copyright IBM Corporation 2013. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are © 2013 IBM Corporation 22 trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, IBM Security Systems or service names may be trademarks or service marks of others.

Recommended

The ROI on Intrusion Prevention: Protecting Both Your Network & Investment
The ROI on Intrusion Prevention: Protecting Both Your Network & InvestmentThe ROI on Intrusion Prevention: Protecting Both Your Network & Investment
The ROI on Intrusion Prevention: Protecting Both Your Network & InvestmentIBM Security
 
Automation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsAutomation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsIBM Security
 
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...IBM Security
 
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...IBM Security
 
Integrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIntegrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIBM Security
 
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...IBM Security
 
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...IBM Security
 
Accelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackAccelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackIBM Security
 

Recommended

The ROI on Intrusion Prevention: Protecting Both Your Network & Investment
The ROI on Intrusion Prevention: Protecting Both Your Network & InvestmentThe ROI on Intrusion Prevention: Protecting Both Your Network & Investment
The ROI on Intrusion Prevention: Protecting Both Your Network & InvestmentIBM Security
 
Automation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsAutomation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsIBM Security
 
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...IBM Security
 
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...IBM Security
 
Integrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIntegrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIBM Security
 
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...IBM Security
 
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...IBM Security
 
Accelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackAccelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackIBM Security
 
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationHow to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationIBM Security
 
Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?IBM Security
 
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceOrchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceIBM Security
 
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...IBM Security
 
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...IBM Security
 
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...IBM Security
 
WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowIBM Security
 
How to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsHow to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsIBM Security
 
IBM QRadar UBA
IBM QRadar UBA IBM QRadar UBA
IBM QRadar UBA IBM Security
 
Mobile Vision 2020
Mobile Vision 2020Mobile Vision 2020
Mobile Vision 2020IBM Security
 
Retail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityRetail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityIBM Security
 
Close the Loop on Incident Response
Close the Loop on Incident ResponseClose the Loop on Incident Response
Close the Loop on Incident ResponseIBM Security
 
Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats IBM Security
 
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...IBM Security
 
See How You Measure Up With MaaS360 Mobile Metrics
See How You Measure Up With MaaS360 Mobile MetricsSee How You Measure Up With MaaS360 Mobile Metrics
See How You Measure Up With MaaS360 Mobile MetricsIBM Security
 
Valuing Data in the Age of Ransomware
Valuing Data in the Age of Ransomware Valuing Data in the Age of Ransomware
Valuing Data in the Age of Ransomware IBM Security
 
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network InsightsNowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network InsightsIBM Security
 
Top 12 Cybersecurity Predictions for 2017
Top 12 Cybersecurity Predictions for 2017Top 12 Cybersecurity Predictions for 2017
Top 12 Cybersecurity Predictions for 2017IBM Security
 
Safeguard Healthcare Identities and Data with Identity Governance and Intelli...
Safeguard Healthcare Identities and Data with Identity Governance and Intelli...Safeguard Healthcare Identities and Data with Identity Governance and Intelli...
Safeguard Healthcare Identities and Data with Identity Governance and Intelli...IBM Security
 
Cybersecurity In The Cognitive Era: Priming Your Digital Immune System
Cybersecurity In The Cognitive Era: Priming Your Digital Immune SystemCybersecurity In The Cognitive Era: Priming Your Digital Immune System
Cybersecurity In The Cognitive Era: Priming Your Digital Immune SystemIBM Security
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 

More Related Content

More from IBM Security

How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationHow to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationIBM Security
 
Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?IBM Security
 
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceOrchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceIBM Security
 
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...IBM Security
 
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...IBM Security
 
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...IBM Security
 
WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowIBM Security
 
How to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsHow to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsIBM Security
 
Mobile Vision 2020
Mobile Vision 2020Mobile Vision 2020
Mobile Vision 2020IBM Security
 
Retail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityRetail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityIBM Security
 
Close the Loop on Incident Response
Close the Loop on Incident ResponseClose the Loop on Incident Response
Close the Loop on Incident ResponseIBM Security
 
Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats IBM Security
 
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...IBM Security
 
See How You Measure Up With MaaS360 Mobile Metrics
See How You Measure Up With MaaS360 Mobile MetricsSee How You Measure Up With MaaS360 Mobile Metrics
See How You Measure Up With MaaS360 Mobile MetricsIBM Security
 
Valuing Data in the Age of Ransomware
Valuing Data in the Age of Ransomware Valuing Data in the Age of Ransomware
Valuing Data in the Age of Ransomware IBM Security
 
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network InsightsNowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network InsightsIBM Security
 
Top 12 Cybersecurity Predictions for 2017
Top 12 Cybersecurity Predictions for 2017Top 12 Cybersecurity Predictions for 2017
Top 12 Cybersecurity Predictions for 2017IBM Security
 
Safeguard Healthcare Identities and Data with Identity Governance and Intelli...
Safeguard Healthcare Identities and Data with Identity Governance and Intelli...Safeguard Healthcare Identities and Data with Identity Governance and Intelli...
Safeguard Healthcare Identities and Data with Identity Governance and Intelli...IBM Security
 
Cybersecurity In The Cognitive Era: Priming Your Digital Immune System
Cybersecurity In The Cognitive Era: Priming Your Digital Immune SystemCybersecurity In The Cognitive Era: Priming Your Digital Immune System
Cybersecurity In The Cognitive Era: Priming Your Digital Immune SystemIBM Security
 

More from IBM Security (20)

How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationHow to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
 
Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?
 
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceOrchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
 
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
 
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
 
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
 
WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do Now
 
How to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsHow to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security Operations
 
IBM QRadar UBA
IBM QRadar UBA IBM QRadar UBA
IBM QRadar UBA
 
Mobile Vision 2020
Mobile Vision 2020Mobile Vision 2020
Mobile Vision 2020
 
Retail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityRetail Mobility, Productivity and Security
Retail Mobility, Productivity and Security
 
Close the Loop on Incident Response
Close the Loop on Incident ResponseClose the Loop on Incident Response
Close the Loop on Incident Response
 
Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats
 
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...
 
See How You Measure Up With MaaS360 Mobile Metrics
See How You Measure Up With MaaS360 Mobile MetricsSee How You Measure Up With MaaS360 Mobile Metrics
See How You Measure Up With MaaS360 Mobile Metrics
 
Valuing Data in the Age of Ransomware
Valuing Data in the Age of Ransomware Valuing Data in the Age of Ransomware
Valuing Data in the Age of Ransomware
 
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network InsightsNowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
 
Top 12 Cybersecurity Predictions for 2017
Top 12 Cybersecurity Predictions for 2017Top 12 Cybersecurity Predictions for 2017
Top 12 Cybersecurity Predictions for 2017
 
Safeguard Healthcare Identities and Data with Identity Governance and Intelli...
Safeguard Healthcare Identities and Data with Identity Governance and Intelli...Safeguard Healthcare Identities and Data with Identity Governance and Intelli...
Safeguard Healthcare Identities and Data with Identity Governance and Intelli...
 
Cybersecurity In The Cognitive Era: Priming Your Digital Immune System
Cybersecurity In The Cognitive Era: Priming Your Digital Immune SystemCybersecurity In The Cognitive Era: Priming Your Digital Immune System
Cybersecurity In The Cognitive Era: Priming Your Digital Immune System
 

Recently uploaded

Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 

Recently uploaded (20)

Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 

Latest NSS Labs Testing Results

  • 1. IBM Security Systems The Results are in: IBM’s Capabilities Shine in Latest NSS Labs Testing December 10th 2013 Jim Brennan Program Director of Strategy & Product Management Infrastructure Security 1 IBM Security Systems © 2013 IBM Corporation © 2013 IBM Corporation
  • 2. IBM Security Systems A brief primer to get started … Vulnerability Exploit vs ??? • • • 2 A potential weakness in a system Not a danger on its own May be multiple ways of breaking in IBM Security Systems • • A tool used to gain entry Many different exploits can target a single weakness © 2013 IBM Corporation
  • 3. IBM Security Systems Two different protection approaches, yielding very different results ??? Focus on the Vulnerability Prevent everything from breaking the window Pre-emptive protection 3 IBM Security Systems Focus on the Exploits Prevent a crowbar from breaking the window Prevent a rock from breaking the window Prevent a cannonball from breaking the window New exploit, new signature © 2013 IBM Corporation
  • 4. IBM Security Systems Mutated threats evade exploit-focused defense mechanisms Vulnerability Exploit BLUE CROWBAR email password Submit Form input direct to Database query without proper validation or sanitization 4 IBM Security Systems Mutated Exploit RED CROWBAR ' OR username IS NOT NULL OR username = ' JyBPUiB1c2Vybm FtZSBJUyBOT1Q gTlVMTCBPUiB1 c2VybmFtZSA9IC c= Common SQL Injection In plaint text to dump usernames from table The same SQL Injection encoded with Base64 can evade pattern matching © 2013 IBM Corporation
  • 5. IBM Security Systems IBM’s multiple intrusion prevention technologies work in tandem Spectrum of Vulnerability and Exploit Coverage IBM stays ahead of the threat with these protection engines Vulnerability Decodes Focused algorithms for mutating threats Application Layer Heuristics Proprietary algorithms to block malicious use Web Injection Logic Patented protection against web attacks - e.g. SQL Injection and Command Injection Shellcode Heuristics Behavioral approach to blocking exploit payloads Some IPS solutions stop at pattern matching Exploit Signatures Attack specific pattern matching 5 IBM Security Systems Content Analysis File and document inspection Protocol Anomaly Detection Protection against misuse, unknown vulnerabilities, and tunneling across over 230+ protocols © 2013 IBM Corporation
  • 6. The signatures and examples shown in this slide are for representation of the heuristic coverage available and do not demonstrate the entire listing of attacks from the time the signature was created. IBM Security Systems The Result = Preemptive protection for today’s threats Pre-2009 2009 2010 2011 2012 2013 Oracle Java Exploit CVE-2012-4681 Java Byte Code Exploitation Red = Attacks Blue = Preemptive Heuristic Detection Java Plug-in for IE Remote Code Java_Sandbox_Code_Execution (IPS) Oracle Java Exploit CVE-2013-2465 and 2463 HTML_Browser_Plugin_Overflow Java_Malicious_Applet MS IE Remote Exploit CVE-2012-4781 Client-based Threats JavaScript_NOOP_Sled MS IE Remote Exploit CVE-2013-3893 JavaScript_Msvcrt_ROP_Detected Script_Suspicious_Score Adobe Flash Code Exec CVE-2011-0611 Gong Da Exploit CVE-2013-0633 CompoundFile_Embedded_SWF Web Application Attacks Cross_Site_Scripting SQL_Injection 6 IBM Security Systems EasyMedia Script XSS PHP-Fusion SQLi MS SharePoint CVE-2012-1859 MS SQL Server CVE-2012-2552 Oracle DB SQLi Lizamoon Lilupophilupop © 2013 IBM Corporation
  • 7. IBM Security Systems 2012 Tolly Group Report demonstrated IBM’s adaptive protection http://ibm.co/Tolly     7 Delivers superior protection from evolving threats with high levels of performance Stops 99% of tested, publicly available attacks Is nearly twice as effective as Snort at stopping "mutated" attacks Protects streams of 100% HTTP traffic at speeds of 20 Gbps and mixed traffic loads of 35 Gbps+ IBM Security Systems Source: Tolly Test Report October 2012 © 2013 IBM Corporation
  • 8. IBM Security Systems Simple mutations rendered signature matching engines useless A simple change to a variable name allows the attack to succeed, while rendering the protection of a signature matching engines useless A simple change to the HTML code in a compromised web page makes the attack invisible to signature protection Simply adding a comment to a web page results in an attack successfully bypassing signature IPS 8 IBM Security Systems Original Variable Names Mutated Variable Names Shellcode somecode Block brick heapLib badLib Original Class Reference Mutated Class Reference <html><head></head> <body><applet archive="jmBXTMuv.jar" code="msf.x.Exploit.class" width="1" height="1"><param name="data" value=""/><param name="jar"> <html><head></head> <body><applet archive="eXRZLr.jar" code="msf.x.badguy.class" width="1" height="1"><param name="data" value=""/><param name="jar"> Original Code Mutated Code var t = unescape; var t = unescape <!— Comment -->; © 2013 IBM Corporation
  • 9. IBM Security Systems NSS Labs  Independent information security research and testing organization  Pioneered third party intrusion detection and prevention system testing with the publication of the first such test criteria in 1999  Evaluates firewall, unified threat management, anti-malware, encryption, web application firewall, and other technologies on a regular basis 9 IBM Security Systems © 2013 IBM Corporation
  • 10. IBM Security Systems NSS Labs 2013 Group IPS Test: Shows IBM’s solutions are especially effective against mutating threats 95.7% Exploit Block Rate 97.7% Block Rate for Server Attacks 94.1% Block Rate for Client Attacks PASS All tests related to “Stability & Reliability” PASS “ [IBM’s score] speaks to the ability of the IBM IPS to perform against the types of constantly evolving threats that are often seen in today’s networks.” –Vikram Phatak Chairman and CEO, NSS Labs All tests related to “Evasions” 10 IBM Security Systems © 2013 IBM Corporation
  • 11. IBM Security Systems Coverage by Attack Vector Attacker Initiated: Executed remotely against a vulnerable application or operating system Target Initiated: Initiated by user behavior (clicking on a link, opening an attachment, etc) 11 IBM Security Systems © 2013 IBM Corporation
  • 12. IBM Security Systems Coverage by Target Vendor “This graph highlights the coverage offered by the IBM GX7800 for some of the top vendor targets (out of more than 70) represented in this round of testing” 12 IBM Security Systems © 2013 IBM Corporation
  • 13. IBM Security Systems Evasion Results in Detail “The device proved effective against all evasion techniques tested. The IBM GX7800 successfully blocked all evasions, resulting in an overall PASS.” 13 IBM Security Systems © 2013 IBM Corporation
  • 14. IBM Security Systems Stability & Reliability in Detail “The IBM GX7800 is required to remain operational and stable throughout the tests, and to block 100% of previously blocked traffic, raising an alert for each.” 14 IBM Security Systems © 2013 IBM Corporation
  • 15. IBM Security Systems Performance Throughput Details 15 IBM Security Systems © 2013 IBM Corporation
  • 16. IBM Security Systems IBM Security Network Protection XGS The Next Generation of IBM intrusion prevention solutions ADVANCED THREAT PROTECTION SEAMLESS DEPLOYMENT & INTEGRATION Proven adaptive protection from sophisticated and constantly evolving threats, powered by X-Force® 16 COMPREHENSIVE VISIBILITY & CONTROL Helps discover and block existing infections and rogue applications while enforcing access policies Adaptive deployment and superior integration with the full line of IBM security solutions IBM Security Systems © 2013 IBM Corporation
  • 17. IBM Security Systems IBM’s Vision for Integrated Advanced Threat Protection Cross-domain awareness of threat activity Integrated platform for distribution of threat intelligence In the Wild     Malware analysis Vulnerability analysis URL classification Reputation On the Network     Intrusion prevention URL filtering Application control Malware detection On the Endpoint  Malware prevention  Configuration management Cross-domain awareness of targeted assets 17 IBM Security Systems © 2013 IBM Corporation
  • 18. IBM Security Systems Executing on the Vision Cross-domain awareness of threat activity Integrated platform for distribution of threat intelligence In the Wild On the Network IBM Network Protection On the Endpoint Endpoint Manager Trusteer Apex Cross-domain awareness of targeted assets 18 IBM Security Systems © 2013 IBM Corporation
  • 19. IBM Security Systems Summary  Vulnerability-focused intrusion prevention systems offer pre-emptive protection that cannot be easily evaded by mutating threats  IBM’s score of 95.7% exploit block rate in NSS Labs 2013 IPS Group Test speaks to its ability to perform against the types of constantly evolving threats often seen in today’s networks  IBM’s Network Protection platform builds upon IBM’s proven adaptive protection to include robust application visibility and control, and is part of a comprehensive platform that defends against threats 19 IBM Security Systems © 2013 IBM Corporation
  • 20. IBM Security Systems Learn more about IBM’s IPS offerings: Download the 2013 NSS Labs IPS Group Test : http://ibm.co/IBM_NSS Read the Tolly Test report on IBM: http://ibm.co/Tolly Learn about Forrester’s Zero Trust Model : http://ibm.co/Forrester Visit our: Blog: www.securityintelligence.com Website: www.ibm.com/security 20 IBM Security Systems © 2013 IBM Corporation
  • 21. IBM Security Systems Questions? 21 IBM Security Systems © 2013 IBM Corporation © 2013 IBM Corporation
  • 22. IBM Security Systems ibm.com/security © Copyright IBM Corporation 2013. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are © 2013 IBM Corporation 22 trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, IBM Security Systems or service names may be trademarks or service marks of others.

Editor's Notes

  1. Writing signatures to match specific exploit or attack traffic is the outermost layer. Many of our competitors rely on this approach as their predominant detection method, but we believe this is insufficient, which is why we&apos;ve spent over a decade developing additional layers of complex inspection technologies beyond simple pattern matching to stop whole classes of threats.IBM goes deeper and...... build decodes on the vulnerabilities, not the exploits... apply heuristics to application behavior... analyze web traffic for injection attempts... block embedded shellcode... dive into content... and FINALLY, spend a lot of time understanding full network protocols, giving us a unique capability to identify complex techniques such as evasions and tunneling... but also zero-day behavior that might be something entirely new
  2. HTML_Browser_Plugin_Overflow - This signature detects the network transfer of HTML directives containing a java plugin instantiation that could overflow a buffer and cause the browser to execute code specified by a remote attacker on a victim&apos;s computer. (CVE 2010-3522)Java_Malicious_Applet - This signature analyzes Java applet class files and computes a threat level heuristic representing likely potential for malicious activity. (CVE-2013-2465, CVE-2013-2463)Java_Sandbox_Code_Execution - This signature analyzes Java applet class files for classes and methods that may indicate an attempt to call the security manager with the intent of extending applet permissions.JavaScript_NOOP_Sled - This signature detects a simple NOOP sled in an &apos;unescape()&apos; JavaScript function. This may indicate an attempt to overflow a buffer by padding the request with a large number of NO-OP instructions. A successful attempt could cause a denial of service or allow arbitrary code to be executed on the system. Script_Suspicious_Score - This event signifies an accumulation of suspicious characteristics in scripting languages. The script source code is scanned for various attributes, each of which might be used legitimately, but, in combination, appear suspicious and may be evidence of malicious or clandestine intent. Blocking by default since July 2012 (CVE-2013-3893)JavaScript_Msvcrt_ROP_Detected - This event detects JavaScript code that appears to be an attempt to exploit return-oriented programming techniques when using the Microsoft Visual Studio C run-time library. (CVE-2013-3893)CompoundFile_Embedded_SWF - This event looks for the transfer of a compound file (for instance, a Microsoft Office document) that appears to embed a SWF file that creates another SWF file. This represents a suspicious condition which may be used to obfuscate an attack. Cross-site scripting – Vulnerability, commonly found in web applications, that makes it possible for attackers to inject malicious code into victim’s web browser,.SQL Injection – vulnerability allowing for malicious SQL statements to run on a database, i.e. reading sensitive data, modify database data, execute admin operations on the database
  3. &quot;In order to determine which IPS products were protecting against known public exploits vs. the underlying vulnerability, the NSS Labs 2013 IPS Group Test put increased emphasis on using exploits that varied from their known public form,” said Vikram Phatak, Chairman and CEO of NSS Labs. “IBM performed extremely well in this testing, achieving an overall score of 95.7%. This speaks to the ability of the IBM IPS to perform against the types of constantly evolving threats that are often seen in today’s networks.”
  4. The XGS 5100 is a follow-on release from our initial launch of this product last yearPositioning the solution around three main pillars - Threat protection - Network control - IntegrationWe’ll get into each of these pillars a bit more in a minute…