tolly report: stopping attacks you can't see
TRANSCRIPT
© 2016 IBM Corporation
Kevin TollyFounderThe Tolly Group
Eric YorkSr. Product Offering ManagerIBM Security
Tolly Report: Stopping Attacks You Can’t See
IBM XGS 7100 Next-generation IPS Efficacy & Performance Evaluation
2© 2016 IBM Corporation
Agenda
Tolly Test Overview – Kevin TollyIBM Security Network Protection XGS 7100Next-generation Intrusion Prevention System (IPS) Efficacy & Performance Evaluation
IBM Security Network Protection (XGS) – Eric YorkPre-emptive protection to keep you Ahead of the Threat®
Questions & Answers
Commissioned by IBM SecurityIBM XGS 7100 Next-Generation IPS
Efficacy & SecurityConducted in January 2016
Download the Report: http://ibm.co/XGSTolly
05/02/2023 3
Tolly Test Project Overview
Presented by Kevin W. TollyFounder, The Tolly Group
www.tolly.comVerB-2016-04-28
IBM Security commissioned Tolly to evaluate security effectiveness and performance
Tolly found that IBM XGS 7100 stopped 100% of tested, publicly-disclosed attacks – both encrypted and unencrypted
Tolly found that IBM XGS 7100 stopped 100% of attacks that used advanced evasion techniques
Tolly benchmarked appliance performance of up to 26Gbps in a system with eight 10GbE interfaces
05/02/2023 4
Test Overview Threat Detection, Throughput, & Key Features
www.tolly.com
Throughput Test Traffic Generation:◦ Two Spirent Avalanche chassis with ARC100 modules
Efficacy Test:◦ Ixia BreakingPoint Systems PerfectStorm
IBM System Under Test:◦ IBM Security Network Protection XGS 7100◦ Eight 10 Gigabit Ethernet ports
Test Configuration Variables:◦ Inbound SSL/TLS inspection enabled/disabled◦ Threats encrypted/unencrypted
05/02/2023 5
Test Environment
www.tolly.com
05/02/2023 6
IPS System EfficacyPublicly-Disclosed Threats & McAfee Exploits
www.tolly.com
05/02/2023 7
Publicly-Disclosed ExploitsBlocked: Unencrypted & Encrypted
www.tolly.com
05/02/2023 8
IPS System PerformanceMulti-protocol & Connection Throughput
www.tolly.com
05/02/2023 9
Key Features & FunctionsEvaluated by Tolly
www.tolly.com
IP Reputation
URL Database & Application Control
Modular Network Interfaces
Flexible Performance Licensing
05/02/2023 10
IBM XGS Dashboard
www.tolly.com
IBM Security Network Protection XGS 7100: Is a high-performance security appliance Stopped 100% of tested, publicly-disclosed attacks – both
encrypted & unencrypted Stopped 100% of McAfee Evader test suite attacks Provides on board software support SSL/TLS Delivered 17 Gbps of throughput with SSL/TLS inspected
Inbound Delivered 26 Gbps of throughput without inspection
05/02/2023 11
Summary
www.tolly.com
05/02/2023 12
www.tolly.com
ABOUT TOLLYCurrently in their 27th year, Tolly is a leading global provider of independent, third-party validation services for vendors of IT products, components and services.
For more information, visit www.tolly.com or e-mail [email protected].
Download the Report: http://ibm.co/XGSTolly
Thank you!
© 2016 IBM Corporation
Pre-emptive protection to keep youAhead of the Threat
IBM Security Network Protection (XGS)
Eric P. YorkSr. Product Offering ManagerThreat Protection
14© 2016 IBM Corporation
IBM Security Network ProtectionPre-emptive protection to keep you Ahead of the Threat
IBM SecurityNetwork
Protection
ADVANCED INTELLIGENCEPowered by IBM XForce global threat research
ZERO-DAY PROTECTIONProtects against knownand unknown attacks
?
BROAD COVERAGEProtects against a full spectrum of attack techniques
15© 2016 IBM Corporation
Broad coverageProtects against a full spectrum of attack techniques
IBM SecurityNetwork
ProtectionWeb App
System andService
Traffic-based
User
RiskyApplications
Protocol Tunneling
RFC Non-Compliance
Unpatched / Unpatchable
Vulnerabilities
CodeInjection
Buffer Overflows
Cross-site Scripting
SQLInjection
Cross-site Request Forgery
Cross-path Injection
Spear Phishing
Drive-by Downloads
Malicious Attachments
MalwareLinks
Obfuscation Techniques
Protocol Anomalies
Protocol Anomalies
DoS / DDoS Information Leakage
Social Media
File Sharing
Remote Access
Audio / Video Transmission
THREATS…
16© 2016 IBM Corporation
Broad coverageComprehensive protection, visibility, and control over network traffic
Identity and Application Awareness
Associates users and groups with their network activity,
application usage and actions
Deep Packet Inspection
Fully classifies network traffic, regardless of
address, port, or protocol
SSLVisibility
Identifies inbound and outbound traffic threats, without needing
a separate appliance
Network Traffic and Flows
Application A
Application B
Employee A
Employee B Prohibited Application
Attack Traffic
Employee C Botnet Traffic
Inbound Traffic
Outbound Traffic
Good Application
Clean Traffic
400+Protocols and file formats analyzed
2,900+Applications and actions identified
25+ BillionURLs classified in 70 categories
17© 2016 IBM Corporation
IBM goes beyond pattern matching with a broad spectrum of vulnerability and exploit coverage
Web Injection LogicPatented protection against web attacks,
e.g., SQL injection and cross-site scripting
ExploitSignatures
Attack-specific pattern matching
VulnerabilityDecodes
Focused algorithmsfor mutating threats
Application LayerHeuristics
Proprietary algorithms to block malicious use
Protocol AnomalyDetection
Protection against misuse, unknown vulnerabilities, and
tunneling across 230+ protocols
ShellcodeHeuristics
Behavioral protectionto block exploit payloads
ContentAnalysis
File and document inspection and
anomaly detection
Other IPS solutionsstop at pattern matching
18© 2016 IBM Corporation
Ahead of the ThreatBehavioral-based detection blocks attacks that have never been seen before
ShellshockCVE 2014-6271
MS OLE Remote Code ExecutionCVE-2014-6332
MS SharePoint Priv EscalationCVE-2015-1640
IE Cross-Domain Info DisclosureCVE-2015-0070
Cisco PrimeSQL InjectionCVE-2015-6350
DisclosedIBM Protection
2007 2015
Sept 2014Jun 2007
(10 other vulnerabilities covered)
Shell_Command_Injection
7.3 years ahead
Oct 2014
6.8 years ahead(201 other vulnerabilities covered)
CompoundFile_Shellcode_DetectedFeb 2008
Apr 2015
(31 other vulnerabilities covered)
HTTP_HTML_Tag_InjectionNov 2008
6.4 years ahead
Feb 2015Nov 2008
(10,000+ other vulnerabilities covered)
Cross_Site_Scripting
6.3 years ahead
Oct 2015Jun 2007
(9,500+ other vulnerabilities covered)
SQL_Injection
6.9 years ahead
19© 2016 IBM Corporation
IBM X-Force® Research and DevelopmentExpert analysis and data sharing on the global threat landscape
VulnerabilityProtection
IPReputation
Anti-Spam
MalwareAnalysis
WebApplication
Control
URL / WebFiltering
Zero-dayResearch
The IBM X-Force Mission Monitor and evaluate the rapidly changing threat landscape Research new attack techniques and develop protection for tomorrow’s security challenges Educate our customers and the general public Integrate and distribute Threat Protection and Intelligence to make IBM solutions smarter
20© 2016 IBM Corporation
XGS = IBM X-Force in a box
Coverage20,000+ devices under contract
15B+ events managed per day
133 monitored countries (MSS)
3,000+ security related patents
270M+ endpoints reporting malware
Depth25B+ analyzed web pages and images
12M+ spam and phishing attacks daily
89K+ documented vulnerabilities
860K+ malicious IP addresses
Millions of unique malware samples
21© 2016 IBM Corporation
Evolving beyond intrusion prevention to provide greater value
1997+ 2002+ 2005+ 2008+ 2012+ 2013+ 2014+ Future
Threat Management.NEXTNew protection and integration capabilities to stay ahead of the threat
Advanced Malware DefenseBlocks malware
infections on the
networkSSL/TLS Inspection
Protects against attackshidden inside
encrypted traffic
URL/App ControlProtects users from
visiting risky sites
on the webWeb App Protection
Heuristically protects against common
app-based attacks
Behavioral DefenseProtects against
attacks basedon behavior, not specific
vulnerabilities
Intrusion PreventionProtects against
attacks on vulnerabilities,
not exploits
Intrusion Detection
Evol
utio
n ba
sed
on c
lient
nee
ds
XGS Only
XGS Only
XGS Only
XGS Only
22© 2016 IBM Corporation
XGS appliance models
IBM Network Protection XGS
Capabilities per Model XGS 3100 XGS 4100 XGS 5100 XGS 7100 XGS Virtual
Inspected Throughput Up to 800 Mbps Up to 1.5 Gbps Up to 7.0 Gbps Up to 25 Gbps Up to 1 Gbps
Flexible Performance Levels 400 and 800 Mbps
750 Mbps and
1.5 Gbps 2.5, 4.0,
5.5, and 7.0 Gbps 5, 10, 15,
20, and 25 Gbps600 Mbps and
1 GBps
Inspected Throughput (with SSL/TLS)
Up to 500 Mbps (in)Up to 400 Mbps (out)
Up to 900 Mbps (in)Up to 700 Mbps (out)
Up to 4.5 Gbps (in)Up to 2.5 Gbps (out)
Up to 12 Gbps (in)Up to 7.5 Gbps (out)
Up to 500 Mbps (in)
Up to 400 Mbps (out)
Pluggable Network Interface Modules 0 1 2 4 0
Protected Segments 2 Up to 6 Up to 10 Up to 16 Up to 4
XGS 5100
XGS 4100
XGS 7100
XGS 3100
23© 2016 IBM Corporation
Modular network interfaces help future-proof investmentSeven different network modules to meet current and future connectivity needs
XGS 7100: supports 4 NIMsXGS 5100: supports 2 NIMs (+ 4 built-in RJ-45 ports)XGS 4100: supports 1 NIM (+ 4 built-in RJ-45 ports)
4-port Fixed fiber (LX)with built-in bypass
8-port RJ-45 copperwith built-in bypass
4-port Fixed fiber (SX)with built-in bypass
2-port 10GbE (SR)with built-in bypass
2-port 10GbE (LR)with built-in bypass
4-port SFP(requires transceivers)
2-port 10GbE SFP+(requires transceivers)
24© 2016 IBM Corporation
Flexible Performance Licensing (FPL)Flexible levels of inspected throughput allow upgradable performance without the need to change hardware
FPL Level 2
FPL Level 2
800 Mb/s Inspected
FPL Level 1 (base)
400Mb/s Inspected
750Mb/s Inspected
1.5 Gb/s Inspected
XGS 3100
XGS 4100
XGS 5100
FPL Level 1 (base)
FPL Level 1 (base) FPL Level 2 FPL Level 3 FPL Level 4
5.0Gb/s Inspected
10.0 Gb/s Inspected
15.0Gb/s Inspected
XGS 7100
FPL Level 1 (base) FPL Level 2
20.0Gb/s Inspected
FPL Level 3
25.0Gb/s Inspected
FPL Level 5
FPL Level 2
1.0 Gb/s Inspected
600Mb/s Inspected
XGS Virtual
FPL Level 4
FPL Level 1 (base)
2.5Gb/s Inspected
4.0 Gb/s Inspected
7.0Gb/s Inspected
5.5Gb/s Inspected
25© 2016 IBM Corporation
XGS provides the protection needed for today’s threats
Guard against mutated threatsBy protecting the vulnerability, not looking for the exploit
Protect against zero-day vulnerabilitiesThrough advanced behavioral techniques
Fight malwareDisrupt the attack chain including integration with Trusteer Apex and leading malware sandboxes
Protect usersLimit access to phishing messages, while blocking malicious links, drive-by downloads, and file attachments
Integrates seamlessly with QRadarSend Layer 7 flow data to QRadar and receive quarantine commands
Download the Tolly Report: http://ibm.co/XGSTolly
26© 2015 IBM Corporation
Learn more about IBM Security Network Protection (XGS)
countries where IBM delivers managed security services
industry analyst reports rankIBM Security as a LEADER
enterprise security vendor in total revenue
clients protectedincluding…
130+
25No. 1
12K+
90% of the Fortune 100 companies
Visit the website IBM Security Network Protection
Watch the videosIBM Security Network Protection
Read new blog postsSecurityIntelligence.com
Follow us on Twitter@ibmsecurity
Join IBM X-Force Exchangexforce.ibmcloud.com
© Copyright IBM Corporation 2016. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and / or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.
THANK YOUwww.ibm.com/security
Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products in connection with this publication and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products. IBM does not warrant the quality of any third-party products, or the ability of any such third-party products to interoperate with IBM’s products. IBM EXPRESSLY DISCLAIMS ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
The provision of the information contained herein is not intended to, and does not, grant any right or license under any IBM patents, copyrights, trademarks or other intellectual property right.
Other company, product, or service names may be trademarks or service marks of others. A current list of IBM trademarks is available at “Copyright and trademark information” www.ibm.com/legal/copytrade.shtml
Copyright © 2016 by International Business Machines Corporation (IBM). No part of this document may be reproduced or transmitted in any form without written permission from IBM.
U.S. Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM.
Information in these presentations (including information relating to products that have not yet been announced by IBM) has been reviewed for accuracy as of the date of initial publication and could include unintentional technical or typographical errors. IBM shall have no responsibility to update this information. THIS document is distributed "AS IS" without any warranty, either express or implied. In no event shall IBM be liable for any damage arising from the use of this information, including but not limited to, loss of data, business interruption, loss of profit or loss of opportunity.
IBM products and services are warranted according to the terms and conditions of the agreements under which they are provided.
Any statements regarding IBM’s future direction, intent or product plans are subject to change or withdrawal without notice. Performance data contained herein was generally obtained in a controlled, isolated environments. Customer examples are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual performance, cost, savings or other results in other operating environments may vary. References in this document to IBM products, programs, or services does not imply that IBM intends to make such products, programs or services available in all countries in which IBM operates or does business.
Workshops, sessions and associated materials may have been prepared by independent session speakers, and do not necessarily reflect the views of IBM. All materials and discussions are provided for informational purposes only, and are neither intended to, nor shall constitute legal or other guidance or advice to any individual participant or their specific situation.
It is the customer’s responsibility to insure its own compliance with legal requirements and to obtain advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulatory requirements that may affect the customer’s business and any actions the customer may need to take to comply with such laws. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the customer is in compliance with any law.
Legal notices and disclaimers