Presentation is loading. Please wait.

Presentation is loading. Please wait.

Protection Solutions Peter Häufel Channel Manager

Similar presentations


Presentation on theme: "Protection Solutions Peter Häufel Channel Manager"— Presentation transcript:

1 Protection Solutions Peter Häufel Channel Manager Phaeufel@iss.net

2 Are you ready?

3 Source: www.computereconomics.com In 24 hours NIMDA hit 2.2 Million servers. The clean-up cost of malicious code attacks in 2001 was $12 Billion. The security software industry is worth only $4.5 Billion. In 24 hours NIMDA hit 2.2 Million servers. The clean-up cost of malicious code attacks in 2001 was $12 Billion. The security software industry is worth only $4.5 Billion.

4 Agenda Sicherheitsprobleme sind Realität Protection Lösungen im Überblick Intrusion Protection Site Protector Zentrales Security Management Fusion Korrelation von Security Meldungen Warum Internet Security Systems?

5 And Vulnerabilities Are Increasing Source: Security Focus * 2001 through July is 499 150 100 50 0 System and Network Vulnerabilities by Year 1998199920002001 Total Vulnerabilities 177 Total Vulnerabilities 511 Total Vulnerabilities 794 Total Vulnerabilities >1000*

6 Automated tools increase threats Source: Carnegie Mellon University

7 Human Resources Systems Management R&D Internet Finance What is at stake? Corporate Remote Users VPN DSL or Cable Modem E-CommerceB2B Partner Cell Phone PDA Frauds committed internally and externally across Europe External fraud 41% Internal fraud 59% European Economic Crime Survey 2001 PriceWaterhouseCoopers

8 Managing risk = Vulnerabilities x Threats x Asset value x Reaction Time = RISK Expected LOSS Technical RISK

9 Today’s Threats

10 Internal Threats

11 The costs are real Analysis by Incident Year 2001 2000 1999 Code Name Nimda Code Red(s) SirCam Love Bug Melissa Explorer Worldwide Economic Impact ($ U.S. Billions) 0.59 2.62 1.05 8.75 1.10 1.02 Cyber Quake Rating 0.67 2.99 1.20 10.00 1.26 1.17 Source: www.computereconomics.com

12 Spieler oder Manager? Faites vos jeux!

13 Protection Lösungen im Überblick

14 Desktop Server Netzwerk Schwachstellen/Policy Management Angriffs – Abwehr Management Security Management RealSecure Protection Systems Risk Spectrum Viruses Worms Back Doors Malicious Code Unauthorized Access Misuse DDoS Web Defacement Exploits IT Infrastructure

15 The RealSecure Solution

16 Funktionalität Sensoren Network Sensor (Funktion,Plattform) Server Sensor (Funktion, Plattform) Reaktionen X-Press Updates Remote Update RSKill für Nokia SSL Support für IIS und Apache

17 Angriffe erkennen External Attack ATTACK DETECTED RECORD SESSION Alert SESSION TERMINATED FIREWALL/ ROUTER RECONFIGURED EXTERNAL ATTACK

18 DMZ Win9xWinNT Linux Server WinNT Server Ethernet Switch MAINFRAME UNIX Server Mail Interior Firewall Exterior Firewall Win2000 WWW Ethernet Switch Rechenzentrum Gigabit N x 100 Mbps Intrusion Protection - Gesamtlösung SQL Server Database Zentrale Konsole

19 Alles unter eine Konsole – Site Protector Schwachstellenanalyse –Internet Scanner –System Scanner –Database Scanner –Desktop Scanner (F) –Wireless Scanner Intrusion Detection –Real Secure Server Sensor Network Sensor Sentry Gigabit Desktop Protector Guard * Site Protector 1.0 Logfileinformation Fremdhersteller

20 Graphic: Conceptual Diagram

21 Deployment Manager SiteProtector and sensor deployments Benefits: –Easily Install Sites –Easily Install Sensors –Easily Maintain Sensor Packages –Remotely install consoles –Centrally distribute components –Centrally administer change control

22 Site Rules – automated exception handling Eliminate …..False Alarms ……Environmental False Positives From your console From Everyone’s Console Forever !

23 Remote, Secure, Roles-based User Interface

24 Fast Analysis

25 Security Fusion Module 1.0 Modify (decrease) The priority of attacks Which you are not vulnerable to Increase the priority Of correlated Attacks Add or modify responses (add page) to Correlated attack! Don’t wake me up If I’m not vulnerable Add or modify responses for attacks against non- vulnerable hosts!

26 Security Fusion Module 1.0 Automatically correlates an attack with vulnerability information about the target to help IDS operators determine attack success or failure. Example: Fusion can automatically change 10,000 attack probes events into 7 attacked & vulnerable, and automatically clear the other 9,993!

27 Desktop Server Network Security Landscape Risk Spectrum Viruses Worms Back Doors Malicious Code Unauthorized Access Misuse DDoS Web Defacement Exploits IT Infrastructure A/V VA/ Policy IDSFW/VPN

28 Desktop Server Network Traditional Point Security Risk Spectrum Viruses Worms Back Doors Malicious Code Unauthorized Access Misuse DDoS Web Defacement Exploits IT Infrastructure A/V VAIDSFW/VPN A/V VAIDSFW/VPN RealSecure Server Sensor BlackICEWorkstation(IDS) RealSecure RealSecure Network Sensor + NetICE Gigabit BlackICE Workstation (FW) RealSecure Server Sensor RS/WGM ICEcap Decisions DesktopScanner System & DatabaseScanner InternetScanner

29 Desktop Server Network One Protection System Risk Spectrum Viruses Worms Back Doors Malicious Code Unauthorized Access Misuse DDoS Web Defacement Exploits IT Infrastructure A/V VAIDSFW/VPN A/V VAIDSFW/VPN RealSecure Server Sensor BlackICEWorkstation(IDS) RealSecure RealSecure Network Sensor + NetICE Gigabit BlackICE Workstation (FW) RealSecure Server Sensor RS/WGM ICEcap Decision s DesktopScanner System & DatabaseScanner InternetScanner RealSecure Protection System (for Desktops, Servers, Networks) RealSecure SiteProtector

30 RealSecure Protection System

31 Protection Systems Increased connectivity means increased risk. Customers want to manage that risk – cost effectively - without disrupting their business. Converging technologies, with consolidated and scalable management, reduces the TCO and simplifies security for our customers. RealSecure Site Protector

32 SiteProtector 1.0 multi-site coordination Access multiple sites simultaneously through 2 instances of the console The same console can access unique sites Customers can deploy multiple sites to accommodate their specific geographic, business unit, or scalability needs

33 SiteProtector 1.x scalability multi-site coordination Links multiple sites with a top-tier SiteProtector Analysis Dashboard - “big picture” security trends, metrics, graphs across Sites Transparent drill-down to local Site for detailed analysis

34 SiteProtector 1.0 IS 6.2 RS 6.0 & later Fusion Q4,01 ICEcap Manager Integration for SiteProtector 1.x Enables Event linkage for Network ICE Gig/Guard/Sentry/Desktop Events With RealSecure SiteProtector 1.0 Q1,02 SiteProtector 1.x Dashboard Scalability RealSecure Network Sensor 7.0 Server Protection System New Policy Editor Q2,01 RealSecure 6.0 3 Tiered Architecture Improved Scalability Reduced Cost of Operations Q3,01Q4,02Q2,02Q3,02 RealSecure Server Sensor 6.01 ICEcap Manager 3.0 PIM RealSecure 6.5 FastAnalysis RealSecure SiteProtector Release Plan

35 RealSecure Protection Systems SecureLogic Desktop, Server, Network RealSecure Site Protector

36 Warum Internet Security Systems? … …Worldwide leader !

37 ISS : pioneer and leader Founded in 1994, headquartered in Atlanta, GA Pioneered Vulnerability Assessment, Intrusion Detection and Managed Security Services (MSS) Three operating theatres EMEA, AsiaPac, Americas, 14 offices in EMEA Established public company –1998 IPO, Nasdaq ISSX –2001 IPO, Jasdaq ISSKK 2000 revenues of $195,000,000 9,000 customers worldwide

38 ISS - worldwide market share

39 ISS Market Share Growth

40 Gartner’s IDS Magic Quadrant

41 In eigener Sache – ISS Partner Programm 2002 Authorised Partner: –3 Tage Schulung Real Secure (Wert: € 1.950) –2 Tage Schulung Internet Scanner (Wert: € 1.300) –Zugriff auf Knowledge Base –Zugriff auf Marketing Infos –Zugriff auf Newsgroups –Nutzung ISS Logo –Schulung Vertrieb –Starter Kit (Wert: € 14.000)

42

43

44 THANK YOU!


Download ppt "Protection Solutions Peter Häufel Channel Manager"

Similar presentations


Ads by Google