Upload
travis-abrams
View
2.694
Download
0
Embed Size (px)
Citation preview
| Why IPS
Intro
Does business need IPS
McAfee Overview of the Network Security Platform
Customer Experience
| Why IPS
•Began working with IDS in 1999
•Implemented IDS/IPS:
–Legal industry
–Telecommunications
–Manufacturing
•Managed two global deployments of inline IPS
•CISSP, CISM and GCIH
| Why IPS
• DG Technology Consulting was founded with a vision to provide a unique service to our clients
• DG Technology provides a broad range of Security solutions including:–Vulnerability Assessments
–Security Health Checks
–Mainframe Security Services
–Mainframe Event Acquisition System (MEAS)
| Why IPS
Not IDS
| Why IPS
| Why IPS
| Why IPS
• All the major operating systems, application and network equipment vendors continue to find flaws in their products that leave these products vulnerable to attack.
• Many businesses only patch major applications once a year, since they can not afford the downtime.
• Businesses are increasingly going mobile. This results in more employees working on “untrusted” networks.
• Attackers are relentless in going after the data they want.
| Why IPS
| Why IPS
| Why IPS
4 IPS vendors > 90% of the IPS market.
| Why IPS
• Traditional IPS systems use a library of “signatures” to identify software which is a threat.
• The design of these signatures is critically important since they need to:
– Correctly identify all of the threat software;
– Do so at the breakneck speed of today’s networks; and
– Create no false positives (i.e., identifying a threat where there is none).
• The best IPSs actually run with the fewest, most effectively written signatures.
| Why IPS
• Integrates vulnerability data — Integration of your organizations vulnerability data allows for more accurate and quicker response to attacks. Analyst are able to quickly identify if an asset is vulnerable to the attack and/or initiate a vulnerability scan from the IPS console.
• Reputation Data — By identifying the reputation of the source or destination of traffic flowing through the device. Threats can be blocked without the need for signatures. This also allows for a more accurate and quicker response to threats.
• Geo-Location — Another way to increase operational efficiency is through Geo-Location. This allows the analyst to quickly see the County location of a source and destination. Alerts where the business does not have operations should be prioritized. Traffic can be blocked based on the geo-location.
| Why IPS
• Application Awareness — By being able to identify the application in use analysts can quickly identify if it is a critical application or a false positive.
• SSL Decryption— Many attackers are hiding there attacks by using your SSL tunnel against you. Without this capability you traditional IDS is “blind” to these attacks.
• Virtualization— Virtual and virtualized IPS. Virtual IPS allows the IPS to run multiple policies on a single interface. This reduces false positives while providing detailed protection to the environment. Virtualized IPS allows for the monitoring of virtual environments such as VmWare.
| Why IPS
• Purpose built hardware— Look for products with few moving parts. Ask about RMA rates and look for a less than .5% RMA rate
• Modular Components — Components such as the power supplies, GBIC, SFP should be hot swappable and should be able to be replaced individually.
• High Availability — Hardware based fail-open kits, internal mechanisms to detect failure, HA configuration.
• High Performance — Look at NSS Labs rating, real-world testing scenarios.
March 17, 201316 March 17, 201316
Acquisition Cost – what’s the real cost of acquisition, software, hardware, related infrastructure, internal IT staff, and third-party resources.
Performance & Reliability – up to the rated speed of the appliance across a test range of TCP and HTTP response sizes and connections per second, in a real world traffic mix.
Stability & Reliability – ability to sustain legitimate traffic (i.e., not crash) while under hostile attack.
Management & Usability – strength of the management UI in focusing on network performance, system health, and major events – with the ability to drill down and create
reports.
Gartner business metrics – overall vendor viability, sales execution, market responsiveness and track record, marketing execution, customer experience, and operations.
Security Effectiveness – in accurately detecting/blocking the range of common exploits, across the relevant range of operating systems and applications, with low
false positives.
|