IBM Security Network Protection (XGS)

Slides:

Advertisements

Similar presentations

Lecture slides for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 9 “Firewalls and Intrusion Prevention.

Advertisements

FIREWALLS Chapter 11.

The Most Analytical and Comprehensive Defense Network in a Box.

Honeypot 서울과학기술대학교 Jeilyn Molina Honeypot is the software or set of computers that are intended to attract attackers, pretending to be weak.

Lecture 14 Firewalls modified from slides of Lawrie Brown.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Microsoft Ignite /16/2017 4:54 PM

Intrusion Detection Systems and Practices

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.

© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.

Enterprise Network Security Accessing the WAN Lecture week 4.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Department Of Computer Engineering

Network Intrusion Detection Systems Slides by: MM Clements A Adekunle The University of Greenwich.

INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.

Website Hardening HUIT IT Security | Sep

Information Systems CS-507 Lecture 40. Availability of tools and techniques on the Internet or as commercially available software that an intruder can.

Outline  Infections  1) r57 shell  2) rogue software  What Can We Do?  1) Seccheck  2) Virus total  3) Sandbox  Prevention  1) Personal Software.

Using Windows Firewall and Windows Defender

1 All Your iFRAMEs Point to Us Mike Burry. 2 Drive-by downloads Malicious code (typically Javascript) Downloaded without user interaction (automatic),

Intrusion Prevention System. Module Objectives By the end of this module, participants will be able to: Use the FortiGate Intrusion Prevention System.

Business Computing 550 Lesson 6. 2 Security Threats on Web Sites Issues and vulnerabilities 1.Illegal Access and Use (Hacking the system or users exposing.

Trend Micro Confidential 9/23/2015 Threat Rules Sharing Advanced Threats Research.

Honeypot and Intrusion Detection System

FIREWALLS Vivek Srinivasan. Contents Introduction Need for firewalls Different types of firewalls Conclusion.

A virus is software that spreads from program to program, or from disk to disk, and uses each infected program or disk to make copies of itself. Basically.

Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.

Chapter 5: Implementing Intrusion Prevention

Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Enterprise Network Security Accessing the WAN – Chapter 4.

© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Integration Framework: QRadar 7.2 MR1.

Nexthink V5 Demo Security – Malicious Anomaly. Situation › Avoid damage resulting from the incident itself and the cost of the unplanned response › Protection.

IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.

Marin Frankovic Datacenter TSP

Synchronized Security Revolutionizing Advanced Threat Protection

Malicious Software.

Sky Advanced Threat Prevention

Cryptography and Network Security Sixth Edition by William Stallings.

I NTRUSION P REVENTION S YSTEM (IPS). O UTLINE Introduction Objectives IPS’s Detection methods Classifications IPS vs. IDS IPS vs. Firewall.

Role Of Network IDS in Network Perimeter Defense.

1 #UPAugusta Today’s Topics What are Deadly IT Sins? Know them. Fear them. Fix them. #UPAugusta201 6.

©2015 Check Point Software Technologies Ltd. 1 [Restricted] ONLY for designated groups and individuals CHECK POINT MOBILE THREAT PREVENTION.

Enterprise’ Ever-Evolving Challenge & Constraints Dealing with BYOD Challenges Enable Compliance to Regulations Stay Current with New Consumption Models.

Unit 2 Personal Cyber Security and Social Engineering Part 2.

No boundaries with Unified Web Security Solutions Steven Vlastra Sr. Systems Engineer - Benelux.

25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.

©2014 Check Point Software Technologies Ltd Security Report “Critical Security Trends and What You Need to Know Today” Nick Hampson Security Engineering.

Tripwire Threat Intelligence Integrations. 2 Threat Landscape by the Numbers Over 390K malicious programs are found every day AV-Test.org On day 0, only.

Protect your Digital Enterprise

SIEM Rotem Mesika System security engineering

Exchange Online Advanced Threat Protection

Secure Software Confidentiality Integrity Data Security Authentication

Securing the Network Perimeter with ISA 2004

Wireless Network Security

Jon Peppler, Menlo Security Channels

NETWORK SECURITY LAB Lab 9. IDS and IPS.

11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

Home Internet Vulnerabilities

Shifting from “Incident” to “Continuous” Response

Intrusion detection systems?

The Next Generation Cyber Security in the 4th Industrial Revolution

Intrusion Prevention Systems

Secure once, run anywhere Simplify your security with Sophos

Chapter 4: Protecting the Organization

Implementing Client Security on Windows 2000 and Windows XP Level 150

Securing Windows 7 Lesson 10.

AIR-T11 What We’ve Learned Building a Cyber Security Operation Center: du Case Study Tamer El Refaey Senior Director, Security Monitoring and Operations.

Presentation transcript:

IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework Summary Full Details: http://ibm.biz/ISNP_ATP_API

Advanced Threat Protection (ATP) Integration Framework ATP Integration Framework is mechanism for IBM Security Network Protection (ISNP) to receive external alerts and act on these alerts using Quarantine Two integrations methods User instigated via QRadar GUI Right-Click tool Automated via direct XML API on the ISNP Appliance

Advanced Threat Protection Policy An alert will be mapped to one of five types Compromise a successful breach of security, currently active within the environment. This could range from subversive human behavior to automated command and control exploits. Reputation describes characteristics tied to an address or web URI and related to geography or observed content behavior. Intrusion an instance of an in progress network attack attempt Malware represents malicious software in flight on the network or at risk on a disk.

Advanced Threat Protection Policy (cont.) Exposure/vulnerability represents an identified network weaknesses which, if successfully exploited, could result in compromises The classification of the alert into one of 3 severities High Medium Low

Advanced Threat Protection Policy (cont.)

Sandbox Malware Detection Integration example Web Security Appliance Uses sandboxing to execute and profile files to identify Command & Control (C&C) hosts Can monitor traffic and identify internal hosts that are compromised (through calls to known C&C sites) Although Malware Detection systems can raise alerts, they are not enforcement devices ISNP can provide the enforcement for Malware Detection i

Malware Detection / ISNP Network Topology

Typical Use Cases There are three supported Quarantine use cases: Compromise: A machine infected with malware, transmitting data to a Command & Control Server represents a Compromised Host in an enterprise network. Reputation: A Command & Control Server contacted by a Compromised Host or a Web Server Hosting A Web Exploit represents a Malicious Server with a poor reputation. Malware: A Malware Object being transmitted over the network to a Target Host from a Hosting Server represents a Threat-In-Flight.

Event Log: Advanced Threat Events

Active Quarantines

IBM Security QRadar Right Click Integration with IBM Security Network Protection

QRadar “right click” Integration (source address) “on the glass” integration

QRadar “right click” Integration (source address)

QRadar Advanced Threat Events

QRadar 'right click' Integration (destination port) “on the glass” integration

QRadar 'right click' Integration (destination port)

QRadar Advanced Threat Events

ibm.com/security