Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.

Published byMerry Hart Modified over 8 years ago

Similar presentations

Presentation on theme: "© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework."— Presentation transcript:

1 © 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework http://ibm.biz/ISNP_ATP_API

2 © 2014 IBM Corporation IBM Security Systems 2 Advanced Threat Protection (ATP) Overview ATP Integration Framework is generic mechanism for IBM Security Network Protection (ISNP) to receive external alerts and act on these alerts using Quarantine

3 © 2014 IBM Corporation IBM Security Systems 3 Advanced Threat Protection Policy An alert will be mapped to one of five types Compromise a successful breach of security, currently active within the environment. This could range from subversive human behavior to automated command and control exploits. Reputation describes characteristics tied to an address or web URI and related to geography or observed content behavior. Intrusion an instance of an in progress network attack attempt Malware represents malicious software in flight on the network or at risk on a disk.

4 © 2014 IBM Corporation IBM Security Systems 4 Advanced Threat Protection Policy (cont.) Exposure/vulnerability represents an identified network weaknesses which, if successfully exploited, could result in compromises The classification of the alert into one of 3 severities – High – Medium – Low

5 © 2014 IBM Corporation IBM Security Systems 5 Advanced Threat Protection Policy (cont.)

6 © 2014 IBM Corporation IBM Security Systems 6 Web Security Appliance Uses enterprise based sandboxing to execute and profile files to identify C&C hosts Can monitor traffic and identify internal hosts that are compromised (through calls to known C&C sites) Although Malware Detection systems can raise alerts, they are not enforcement devices ISNP can provide the enforcement for Malware Detection i Sandbox Malware Detection Integration

7 © 2014 IBM Corporation IBM Security Systems 7 Malware Detection / ISNP Network Topology

8 © 2014 IBM Corporation IBM Security Systems 8 Typical Use Cases There are three supported Quarantine use cases: Compromise: A machine infected with malware, transmitting data to a Command & Control Server represents a Compromised Host in an enterprise network. Reputation: A Command & Control Server contacted by a Compromised Host or a Web Server Hosting A Web Exploit represents a Malicious Server with a poor reputation. Malware: A Malware Object being transmitted over the network to a Target Host from a Hosting Server represents a Threat-In-Flight.

9 © 2014 IBM Corporation IBM Security Systems 9 Event Log: Advanced Threat Events

10 © 2014 IBM Corporation IBM Security Systems 10 Active Quarantines

11 © 2014 IBM Corporation IBM Security Systems 11 Backup

12 © 2014 IBM Corporation IBM Security Systems 12 Menu - Advanced Threat Policy

13 © 2014 IBM Corporation IBM Security Systems 13 Advanced Threat Policy

14 © 2014 IBM Corporation IBM Security Systems 14 Menu - Advanced Threat Protection Agents

15 © 2014 IBM Corporation IBM Security Systems 15 Advanced Threat Protection Agents

16 © 2014 IBM Corporation IBM Security Systems 16 Menu - Active Quarantines

17 © 2014 IBM Corporation IBM Security Systems 17 Active Quarantines

18 © 2014 IBM Corporation IBM Security Systems 18 Menu – Event Log

19 © 2014 IBM Corporation IBM Security Systems 19 Event Log: Advanced Threat Events

20 © 2012 IBM Corporation IBM Security Systems 20 © 2014 IBM Corporation Qradar 7.2 MR1 IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework QRadar based integration

21 © 2014 IBM Corporation IBM Security Systems 21 QRadar There are four supported cases: – Compromise: If the source IP is "right clicked" this IP address is sent to the XGS. This might be used in the case when the host has been infected with malware. – Reputation: If the destination IP is “right-clicked” this IP address is sent to the XGS. This represents a malicious server such as a C&C server or one hosting Malware. – Intrusion: If a source port is “right-clicked” this IP address and port combination is sent to the XGS. This can result from that client system attacking a server. – Exposure: If the destination port is "right clicked" this IP address and port combination is sent to the XGS. This might be used in the case where the service has a vulnerability.

22 © 2014 IBM Corporation IBM Security Systems 22 QRadar “right click” Integration (source address) “on the glass” integration

23 © 2014 IBM Corporation IBM Security Systems 23 QRadar “right click” Integration (source address)

24 © 2014 IBM Corporation IBM Security Systems 24 QRadar Advanced Threat Events

25 © 2014 IBM Corporation IBM Security Systems 25 QRadar 'right click' Integration (destination port) “on the glass” integration

26 © 2014 IBM Corporation IBM Security Systems 26 QRadar 'right click' Integration (destination port)

27 © 2014 IBM Corporation IBM Security Systems 27 QRadar Advanced Threat Events

28 © 2014 IBM Corporation IBM Security Systems 28 ibm.com/security

Download ppt "© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework."

Similar presentations

Lecture slides for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 9 “Firewalls and Intrusion Prevention.

Lecture slides for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 9 “Firewalls and Intrusion Prevention.
FIREWALLS Chapter 11.

FIREWALLS Chapter 11.
Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
By Hiranmayi Pai Neeraj Jain

By Hiranmayi Pai Neeraj Jain
4/14/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/14/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Honeypot 서울과학기술대학교 Jeilyn Molina 121336101. Honeypot is the software or set of computers that are intended to attract attackers, pretending to be weak.

Honeypot 서울과학기술대학교 Jeilyn Molina Honeypot is the software or set of computers that are intended to attract attackers, pretending to be weak.
Lecture 14 Firewalls modified from slides of Lawrie Brown.

Lecture 14 Firewalls modified from slides of Lawrie Brown.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Microsoft Ignite /16/2017 4:54 PM

Microsoft Ignite /16/2017 4:54 PM
Intrusion Detection Systems and Practices

Intrusion Detection Systems and Practices
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.

Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
IBM Security Network Protection (XGS)

IBM Security Network Protection (XGS)
Enterprise Network Security Accessing the WAN Lecture week 4.

Enterprise Network Security Accessing the WAN Lecture week 4.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Department Of Computer Engineering

Department Of Computer Engineering
Network Intrusion Detection Systems Slides by: MM Clements A Adekunle The University of Greenwich.

Network Intrusion Detection Systems Slides by: MM Clements A Adekunle The University of Greenwich.
INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.

INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.

Similar presentations

Ads by Google