Tanmay shah iss l2 support tanmay shah@us ibm com 25 th june 2011
1 / 20

IBM Security SiteProtector Overview - PowerPoint PPT Presentation

  • Uploaded on

Tanmay Shah - ISS L2 Support [email protected] 25 th June 2011. IBM Security SiteProtector Overview. Agenda. Introduction to ISS ISS offerings Business Challenges How SiteProtector helps? More about SiteProtector. Introduction to ISS. 1994 – Internet Security System

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about ' IBM Security SiteProtector Overview' - audra-lyons

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Tanmay shah iss l2 support tanmay shah@us ibm com 25 th june 2011

Tanmay Shah - ISS L2 Support [email protected]

25th June 2011

IBM Security SiteProtector Overview


  • Introduction to ISS

  • ISS offerings

  • Business Challenges

  • How SiteProtector helps?

  • More about SiteProtector

Introduction to iss
Introduction to ISS

  • 1994 – Internet Security System

  • 1998 – initial public offering of the company on NASDAQ

  • 2006 – it became IBM ISS

  • 2010 – GBS → Tivoli

  • Late 2010 – ISS Customer Support → IBM Software Support

  • Moving forward – Internet Security System → IBM Security Solutions

Iss offerings
ISS Offerings

  • Integrated Security Intelligence

  • Comprehensive suite of professional Security Services

  • Single, Integrated view into the network

  • Platform and service extensibility

  • Correlation and integration of multiple data sources

  • Underlying best-in-breed appliances

  • 24/7 outsourced security management

  • Guaranteed protection services

Protection platform integrated products
Protection Platform - Integrated Products

Proventia ADS Series –

“Anomaly/Behavioral” Protection and

Network Visability Appliances

Proventia Network MFS

MX5010, MX3006, MX1004

“All-in-One” Protection Appliance


  • FW / VPN

  • AntiVirus (signature & behavioral)

  • AntiSpam

  • Web Filter

  • Spyware

Proventia Desktop

“All-in-One” Protection Agent

- Firewall

- Virus Prevention System

- Intrusion Protection

- VPN Enforcer

- Buffer Overflow Protection

Proventia Server

“Multi-layered” Protection Agent

  • Windows

  • Linux

    RealSecure Server Sensor

  • Windows

  • Solaris

  • AIX

  • HP-UX

Proventia Network IPS

Preemptive Security for Enterprise Networks

GX4002, GX4004, GX5008, GX5108

G400, G2000,GX6116,GX7800

Protection platform xforce research
Protection Platform – Xforce Research

Implementing Research

IBM X-Force is the most recognized security research group in the world. X-Force maintains the industry's largest and most authoritative vulnerability database.

Protocol Analysis Module (PAM) is the engine behind the preemptive protection afforded by many of the IBM ISS security solutions. PAM is comprised of 5 key technologies.

Virtual Patch

What It Does:

Shields vulnerabilities from exploitation independent of a software patch, and enables a responsible patch management process that can be adhered to without fear of a breach

Why Important:

At the end of 2008, 53% of all vulnerabilities disclosed during the year had no vendor-supplied patches available to remedy the vulnerability.

Threat Detection & Prevention

What It Does:

Detects and prevents entire classes of threats as opposed to a specific exploit or vulnerability.

Why Important:

Eliminates need of constant signature updates. Protection includes the proprietary Shellcode Heuristics (SCH) technology, which has an unbeatable track record of protecting against zero day vulnerabilities.

Content Analysis

What It Does:

Monitors and identifies unencrypted personally identifiable information (PII) and other confidential information for data awareness. Also provides capability to explore data flow through the network to help determine if any potential risks exist.

Why Important:

Flexible and scalable customized data search criteria; serves as a complement to data security strategy

Web Protection

What It Does:

Protects web applications against sophisticated application-level attacks such as SQL Injection, XSS (Cross-site scripting), PHP file-includes, CSRF (Cross-site request forgery).

Why Important:

Expands security

capabilities to meet both compliance requirements and threat evolution.

Network Policy Enforcement

What It Does:

Manages security policy and risks within defined segments of the network, such as ActiveX fingerprinting, Peer To Peer, Instant Messaging, and tunneling.

Why Important:

Enforces network application and service access based on corporate policy and governance.

Business challenges
Business Challenges

  • Security generalists need specialized trainingSecuring an enterprise can involve complex deployments that require a variety of highly-specialized trained personnel to manage

  • Due diligence for secure transactional systems Demonstrating and documenting accountability, transparency, and measurability for compliance is a top priority

  • Economical management of diverse toolsManaging myriads of “silo” security management tools, associated servers and license keys, and the cost in doing so

  • Tracking expanding universeIdentifying, managing, and securing enterprise assets

  • SMEs spread thinLimited security resources (time and expertise)

  • Burgeoning dataInformation overload and consolidation

  • Competing prioritiesCommunicating the value of your security process

How siteprotector helps
How SiteProtector helps?

  • Offers a centralized interface to control and manage diverse network and host security devices

  • Incorporates advanced event analytics and flexible, customizable reporting

  • Integrates within existing systems and expands to support additional types and functions of security offerings

  • Delivers “room to grow” security, to combat the rising cost of security without hiring more personnel

  • Centrally manages an enterprise mesh of technical controls

  • Documents the security process for compliance and audit needs

  • Reduces the personnel and training requirements for the enterprise security team

Business value of siteprotector reduces capital cost operations costs and operational complexity
Business value of SiteProtector reduces capital cost, operations costs, and operational complexity

Lower TCO sets up quicker ROI

Console Consolidation

Still decentralized command and control

Increased productivity

More about siteprotector
More about SiteProtector operations costs, and operational complexity

More about SiteProtector operations costs, and operational complexity




Asset Assessment Detail

Asset Assessment Summary

Vulnerability Names By Assets

Vulnerability Remedies by Asset

Vulnerability Summary by Asset

Vulnerability by Asset

Vulnerability Trend

Asset Assessment Summary

Asset Assessment Detail

Attack Status Summary

Vulnerability Counts

Top Vulnerabilities

Attack Trend

Top Attacks



Attack Status Summary

Desktop Protection

Top Attacks

Top Sources of Attack

Top Targets of Attack

In this initial stage, define your desired states for network and system configurations, resource protection and resource access




Vulnerability Remedies by Asset

Asset Assessment Summary

Asset Assessment Detail

Vulnerability Trend

Vulnerability by Asset

Vulnerability Names By Assets

Vulnerability Summary by Asset

Ticket Trending

Ticket Time Tracking

Ticket Activity Summary



Audit Detail

Permission Detail

SiteProtector Analysis Views

Siteprotector s service packs continue to expand value for security management
SiteProtector’s Service Packs continue to expand value for security management

Central Response, Auditing, Express Install

SecureSync module

UI, Ticketing, Permissions, Asset view, Reporting, new platforms

Policy Management, SQL 2005, Email Reporting

Policy management, UI enhancements

Fidelis Integration

AppScan Integration

Appliance Expansion, BIRT Reporting, Analysis

GX, VSP & AppScan policy integration, Extended platform support, UI enhancements

Enhanced usability; reducing Total Cost of Ownership; better access to powerful functionality

  • SiteProtector Release 2.0









Jan 05

Jun 05

Mar 06

Dec 06

Jun 08

Jan 09

May 09

Jul 09

Jul 10


Siteprotector service pack 8 0 july 2009
SiteProtector Service Pack 8.0 (July 2009) security management

  • Policy Management

    • Policy diff between policies

    • Policy reporting

  • Platform Support

    • Included:

      • MS Server 2008 & SQL 2008

      • MS Server 2005 & SQL 2005

      • 64Bit Hardware and Windows OS support

      • Hyper-V, VMware ESX 3.x and 4.x

    • No longer supported:

      • MS Windows 2000 Server

      • MS SQL Server 2000

      • MSDE 2000 in express version

  • Performance enhancements

Enhancements in siteprotector service pack 8 1 july 2010
Enhancements in SiteProtector Service Pack 8.1 (July 2010) security management

  • Seamless integration with latest agent releases

    • GX series Network IPS 4.1 firmware

      • Application policy enhancement – such as for Authentication Servers, DLP, SNMP

      • Broader IPv6 support in UI (analysis, configuration, policies)

      • Health Status for network appliance

      • Web Application wizard importing AppScan data

      • Data Leakage configuration (Content Analyzer)

    • Virtual Server Protection

      • Support and reporting features for VSP agent

  • Extended platform support

    • Windows 7

    • Updated BIRT Reporting version

    • Installation of Agent Manager on native IPv6 Network

  • Improved graphical interface, reporting and analysis

    • Single-click intrusion blocking

    • Scheduled export of customized analysis views

    • Policy Tuning from Analysis – Block intruder

    • Analysis by new dimensions:

      • Trending – Day, Week, month in analysis

      • MS Bulletin, CVE, X-Force Categories, other standards coming

Siteprotector reporting in sp 8 x
SiteProtector Reporting in SP 8.x security management

  • Default report templates

  • Custom report templates

  • User’s personally designed reportsfolder containing their templates

  • Create reports / templates directlyfrom Analysis view

  • Modify existing templates & save as new

  • Policy-based reporting

    • Create report on a policy

    • Include which items are enabled and/or disabled

    • Report on changes made between selected versions of a policy

  • Trend reporting by Agent or group

  • User community report sharing

Enhanced reporting interface allows quick delivery of the right information to the right people
Enhanced reporting interface allows quick delivery of the right information to the right people

Siteprotector next release planning overview

DRAFT right information to the right people

SiteProtector next release planning overview

  • Service Pack 9.0 targeted for 2011

    • Enhanced usability & improved analysis

      • Additional right-click actions & view navigations

      • Visibility of network health & vulnerability dashboard

    • Improved resiliency & performance

      • High availability & redundancy

      • Increased transaction processing for next.gen network protection

    • Extended portfolio integration & platform support

      • Expanded policy management, role management

      • Extended TSIEM integration, endpoint coverage

    • Re-platform HW to new chassis

  • Primary Objective

    • Focus on enhancing usability and reducing Total Cost of Ownership

    • Bring better access to the already-powerful-but-hidden functionality