Presentation is loading. Please wait.

Presentation is loading. Please wait.

IBM Security Network Protection (XGS)

Published byMorgan Douglas Modified over 8 years ago

Similar presentations

Presentation on theme: "IBM Security Network Protection (XGS)"— Presentation transcript:

1 IBM Security Network Protection (XGS)
Advanced Threat Protection Integration Framework Summary Full Details:

2 Advanced Threat Protection (ATP) Integration Framework
ATP Integration Framework is mechanism for IBM Security Network Protection (ISNP) to receive external alerts and act on these alerts using Quarantine Two integrations methods User instigated via QRadar GUI Right-Click tool Automated via direct XML API on the ISNP Appliance

3 Advanced Threat Protection Policy
An alert will be mapped to one of five types Compromise a successful breach of security, currently active within the environment. This could range from subversive human behavior to automated command and control exploits. Reputation describes characteristics tied to an address or web URI and related to geography or observed content behavior. Intrusion an instance of an in progress network attack attempt Malware represents malicious software in flight on the network or at risk on a disk.

4 Advanced Threat Protection Policy (cont.)
Exposure/vulnerability represents an identified network weaknesses which, if successfully exploited, could result in compromises The classification of the alert into one of 3 severities High Medium Low

5 Advanced Threat Protection Policy (cont.)

6 Sandbox Malware Detection Integration example
Web Security Appliance Uses sandboxing to execute and profile files to identify Command & Control (C&C) hosts Can monitor traffic and identify internal hosts that are compromised (through calls to known C&C sites) Although Malware Detection systems can raise alerts, they are not enforcement devices ISNP can provide the enforcement for Malware Detection i

7 Malware Detection / ISNP Network Topology

8 Typical Use Cases There are three supported Quarantine use cases:
Compromise: A machine infected with malware, transmitting data to a Command & Control Server represents a Compromised Host in an enterprise network. Reputation: A Command & Control Server contacted by a Compromised Host or a Web Server Hosting A Web Exploit represents a Malicious Server with a poor reputation. Malware: A Malware Object being transmitted over the network to a Target Host from a Hosting Server represents a Threat-In-Flight.

9 Event Log: Advanced Threat Events

10 Active Quarantines

11 IBM Security QRadar Right Click Integration with IBM Security Network Protection

12 QRadar “right click” Integration (source address)
“on the glass” integration

13 QRadar “right click” Integration (source address)

14 QRadar Advanced Threat Events

15 QRadar 'right click' Integration (destination port)
“on the glass” integration

16 QRadar 'right click' Integration (destination port)

17 QRadar Advanced Threat Events

18 ibm.com/security

Download ppt "IBM Security Network Protection (XGS)"

Similar presentations

Lecture slides for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 9 “Firewalls and Intrusion Prevention.

Lecture slides for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 9 “Firewalls and Intrusion Prevention.
FIREWALLS Chapter 11.

FIREWALLS Chapter 11.
The Most Analytical and Comprehensive Defense Network in a Box.

The Most Analytical and Comprehensive Defense Network in a Box.
Honeypot 서울과학기술대학교 Jeilyn Molina 121336101. Honeypot is the software or set of computers that are intended to attract attackers, pretending to be weak.

Honeypot 서울과학기술대학교 Jeilyn Molina Honeypot is the software or set of computers that are intended to attract attackers, pretending to be weak.
Lecture 14 Firewalls modified from slides of Lawrie Brown.

Lecture 14 Firewalls modified from slides of Lawrie Brown.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Microsoft Ignite /16/2017 4:54 PM

Microsoft Ignite /16/2017 4:54 PM
Intrusion Detection Systems and Practices

Intrusion Detection Systems and Practices
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.

Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.

© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.
Enterprise Network Security Accessing the WAN Lecture week 4.

Enterprise Network Security Accessing the WAN Lecture week 4.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Department Of Computer Engineering

Department Of Computer Engineering
Network Intrusion Detection Systems Slides by: MM Clements A Adekunle The University of Greenwich.

Network Intrusion Detection Systems Slides by: MM Clements A Adekunle The University of Greenwich.
INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.

INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.
Website Hardening HUIT IT Security | Sep 30 2011.

Website Hardening HUIT IT Security | Sep
Information Systems CS-507 Lecture 40. Availability of tools and techniques on the Internet or as commercially available software that an intruder can.

Information Systems CS-507 Lecture 40. Availability of tools and techniques on the Internet or as commercially available software that an intruder can.
Outline  Infections  1) r57 shell  2) rogue software  What Can We Do?  1) Seccheck  2) Virus total  3) Sandbox  Prevention  1) Personal Software.

Outline  Infections  1) r57 shell  2) rogue software  What Can We Do?  1) Seccheck  2) Virus total  3) Sandbox  Prevention  1) Personal Software.
Using Windows Firewall and Windows Defender

Using Windows Firewall and Windows Defender

Similar presentations

Ads by Google