1. Blue Lane Technologies Best of Breed IPS April 29, 2008 Interop 2008

2. Network IPS Architecture Needs to Evolve Current IPS Architecture  Deep packet inspection  Exploit-centric  Static signatures  Block  Custom HW  Physical  Monolith Next Gen Architecture L7 Protocol decoding Vulnerability-centric Dynamic logic Protect Multi-core SW Virtual + physical Distributed Key drivers: - Data center server & network consolidation - Virtualization - Signature explosion

3. Blue Lane’s Layer 7 Architecture 100% Protection Resilient against sophisticated attacks against all major server OS, app, database vulnerabilities. Proactive policies for app control. 100% Accuracy No signatures, tuning, false alarms and/or security vs. availability tradeoffs. 100% Visibility Flows visible by server, VM, cluster, data center, OS, application, patch status. Low Overhead Low Latency, low CPU usage, small footprint and minimal oversight required for both physical and virtual data centers.

4. Comprehensive Protocol / Vulnerability Intelligence 130+ protocols and services decoded Hundreds of vulnerabilities protected across dozens of applications/OSs

5. Accurate, Granular Enforcement ● Detection and Correction with no false positives ● Appropriate Response based on protocol, vulnerability and policy ● Controlled code execution (no session reset) This attack is attempting to exploit MS06-019 by sending two CDO-MODPROPS sections in the Vcalendar message, with the second larger then the first. The Exchange / SMTP server allocates buffer space based on the first section, but processes the second if it is present resulting in a buffer overflow. By understanding the protocols and vulnerabilities, Blue Lane stops the attack by removing the second CDO-MODPROPS section and adjusting the packet headers to reflect the new packet size. Controlled Code Execution Buffer Overflow Attack Blue Lane

6. Superior Vulnerability Protection Comprehensive coverage of data center vulnerabilities Comprehensive knowledge of leading protocols No signatures, tuning, or guesswork Total vuln’s: 8215 Apache 260 VMware 1373 Linux 643 Solaris 42039 Oracle 198147 Microsoft Blue LaneLeading IPS 911209

7. Operational Feasibility - Resources - Expertise - Server availability - Server touches - Application testing - Tuning complexity - Handling offline VMs, snapshots, VM sprawl Security Effectiveness - Accurate detection - Vulnerability correction - Resiliency against evasion - Mobile VMs, tainted VMs VLAN NIPS IDS Firewall NIPS Blue Lane Why current solutions fall short Patch HIPS

8. The Data Center Security Payoff Defense in depth for servers, VMs, next gen data centers Operational ease (tuning, etc) Application control policy Virtualization readiness Resilience to IPS evasion Non-disruptive protection Accurate vulnerability detection Server, database, app coverage Blue LaneIPS Security Requirements Anomaly detection Port scans, DOS, A/V FirewallIPS

9. 9 The New Virtualized Data Center Host System Hypervisor Virtual Network Virtual Servers

10. NGDC Defense-in-depth Strategy Secure Physical Servers and Databases Active Update ServerShield Manager ServerShield Secure Virtual Hosts and VMs VirtualFlow Center Servers ServerShield Virtual Servers Database ServerShield

11. Comprehensive Coverage for Servers/VMs DBMS 7, 8, 9, 10g 5.0, 5.5, 2003,2007 IIS v1-v6 7, 8 9, 10 EL 2, 3, 4, 5 Technology Partners: EMGC PARTNER BIND 8, 9 10 Application Server Operating Systems: Network & Core Services Database Servers: Email Servers: Application Servers: Other Applications: WebSphere IHS ProFTP

12. For more information: Thank you. www.bluelane.com