slide1 n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework PowerPoint Presentation
Download Presentation
IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework

Loading in 2 Seconds...

play fullscreen
1 / 28

IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework - PowerPoint PPT Presentation


  • 378 Views
  • Uploaded on

IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework http://ibm.biz/ISNP_ATP_API. Advanced Threat Protection (ATP) Overview.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework' - josette-roux


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1

IBM Security Network Protection (XGS)

Advanced Threat Protection Integration Framework

http://ibm.biz/ISNP_ATP_API

advanced threat protection atp overview
Advanced Threat Protection (ATP) Overview
  • ATP Integration Framework is generic mechanism for IBM Security Network Protection (ISNP) to receive external alerts and act on these alerts using Quarantine
advanced threat protection policy
Advanced Threat Protection Policy
  • An alert will be mapped to one of five types
    • Compromise
      • a successful breach of security, currently active within the environment. This could range from subversive human behavior to automated command and control exploits.
    • Reputation
      • describes characteristics tied to an address or web URI and related to geography or observed content behavior.
    • Intrusion
      • an instance of an in progress network attack attempt
    • Malware
      • represents malicious software in flight on the network or at risk on a disk.
advanced threat protection policy cont
Advanced Threat Protection Policy (cont.)
    • Exposure/vulnerability
      • represents an identified network weaknesses which, if successfully exploited, could result in compromises
  • The classification of the alert into one of 3 severities
    • High
    • Medium
    • Low
slide6

Sandbox Malware Detection Integration

  • Web Security Appliance
    • Uses enterprise based sandboxing to execute and profile files to identify C&C hosts
    • Can monitor traffic and identify internal hosts that are compromised (through calls to known C&C sites)
  • Although Malware Detection systems can raise alerts, they are not enforcement devices
    • ISNP can provide the enforcement for Malware Detection
  • i
typical use cases
Typical Use Cases
  • There are three supported Quarantine use cases:
    • Compromise: A machine infected with malware, transmitting data to a Command & Control Server represents a Compromised Host in an enterprise network.
    • Reputation: A Command & Control Server contacted by a Compromised Host or a Web Server Hosting A Web Exploit represents a Malicious Server with a poor reputation.
    • Malware: A Malware Object being transmitted over the network to a Target Host from a Hosting Server represents a Threat-In-Flight.
slide20

IBM Security Network Protection (XGS)

  • Advanced Threat Protection Integration Framework
  • QRadar based integration

Qradar 7.2 MR1

qradar
QRadar
  • There are four supported cases:
    • Compromise: If the source IP is "right clicked" this IP address is sent to the XGS. This might be used in the case when the host has been infected with malware.
    • Reputation: If the destination IP is “right-clicked” this IP address is sent to the XGS. This represents a malicious server such as a C&C server or one hosting Malware.
    • Intrusion: If a source port is “right-clicked” this IP address and port combination is sent to the XGS. This can result from that client system attacking a server.
    • Exposure: If the destination port is "right clicked" this IP address and port combination is sent to the XGS. This might be used in the case where the service has a vulnerability.