IBM Security Network IPS models, End of Support Dates and Replacement options 1

Proventia Network IPS GX appliances (subsequently referred to as V1) Block threats before they impact your network Reclaim network capacity lost to threats or noise (non-essential traffic: Skype, peer-to-peer, etc.) Security platform drives convergence Solutions that scale for every network Flexible configurations Active Blocking (IPS), Passive Alerting (IDS), Simulated Blocking Network Remote Segments Perimeter Core Here you can see the wide array of network IPS appliances we carry. We recommend the varying speeds to suit different areas of your network, whether remote segments, the perimeter or the core. Regardless of capacity, all our network IPS appliances include the PAM technology for deep packet inspection and content analysis, virtual patch capability, application security and network policy enforcement. Model GX3002 GX4002 GX4004 GX5008 GX5108 GX5208 GX6116 Throughput 10 Mbps 200 Mbps 200 Mbps 400 Mbps 1.2 Gbps 2 Gbps 15 Gbps Inspected Throughput 10 Mbps 200 Mbps 200 Mbps 400 Mbps 1.2 Gbps 2 Gbps 8 Gbps Protected Segments 1 1 2 4 4 4 8

IBM Security Network IPS GX-V2 appliances GX7800 and GX7412 GX4 Block threats before they impact your organization Uncompromising security backed by X-Force® Inspected throughput from 200 Mbps to 20Gbps+ Protection for up to 8 network segments Scale from remote offices to the network core GX5 GX-V2 series of appliances launched Q1 2010 Hardware improvements include: Doubled the Performance compared to V1 64 bit processor Increased memory Improved motherboard for faster BUS speed IBM Security Network IPS Models Remote Perimeter Core Model GX4004-200 GX4004 GX5008 GX5108 GX5208 GX7412-5 GX7412-10 GX7412 GX7800 Inspected Throughput 200 Mbps 800 Mbps 1.5 Gbps 2.5 Gbps 4 Gbps 5 Gbps 10 Gbps 15 Gbps 20 Gbps+ Protected Segments 2 4 8 NEW NEW NEW NEW No End of Support dates yet for any V2 models 3

IBM IPS Proventia GX (Version 1) – GX Replacement models Model Names Protected Segments Chassis Color Inspection Rate Bypass End of Support Replacement (differences) GX3002 1 Blue 10 Mbps Built-in Oct 12, 2015 GX4004C-V2-200 (200 Mbps, 2 Segments) GX4002 200 Mbps Jan 26, 2015 GX4004 2 GX4004C-V2-200 GX5008 4 400 Mbps External Mar 2, 2105 GX4004C-V2 (800 Mbps, 2 Segments, Internal Bypass, Copper only) GX5008SFP-V2 (1.5 Gbps) GX5108 1.2 Gbps Mar 2, 2015 GX5208 2.0 Gbps GX5108SFP-V2 (2.5 Gbps) GX7412SFP-5 (5 Gbps, 8 Segments, 2-10 Gig or 1 Gig and 6-1 Gig) GX6116 8 8 Gbps Sept 30, 2105 GX7412SFP-10 (10 Gbps, 8 Segments, 2-10 Gig or 1 Gig and 6-1 Gig) All IBM Security IPS appliances are supported for 5 years after the end of sale. As of Sept 2013, the IBM Security GX-V2 IPS’s have no scheduled EOS dates. (All IBM Security IPS GX-V2 appliances have BLACK chassis)

IBM IPS Proventia GX (Version 1) – XGS Replacement models Model Names Protected Segments Chassis Color Inspection Rate Bypass End of Support Replacement (differences) GX3002 1 Blue 10 Mbps Built-in Oct 12, 2015 XGS 3100 due early Q4 3100 supports 250 or 500Meg, 2 segments Copper w/ bypass, no SSL card, no Modular Interface Bays GX4002 200 Mbps Jan 26, 2015 3100 supports 250 or 500Meg, 2 segments Copper only with bypass, no SSL card, no Modular Interface Bays GX4004 2 GX5008 4 400 Mbps External Mar 2, 2105 or XGS 4100 due early Q4 4100 supports 500 Meg or 1 Gig, 2 segments Copper w/ bypass , with SSL card and one Modular Interface Bay GX5108 1.2 Gbps Mar 2, 2015 XGS 5100 now shipping !!! 5100 supports 2, 3.5 or 4 Gig, 2 segments Copper w/ bypass , with SSL card and two Modular Interface Bay GX5208 2.0 Gbps GX6116 8 8 Gbps Sept 30, 2105 XGS 7100 due mid 2104 ~ 20 Gig/sec All IBM Security IPS appliances are supported for 5 years after the end of sale. As of Sept 2013, the IBM Security GX-V2 IPS’s have no scheduled EOS dates. (All IBM Security IPS GX-V2 appliances have BLACK chassis)

XGS 5100 now Shipping !!! Modular Appliance Hardware Platform *NEW New 1U appliance form factor Pluggable network interface modules (2 Modular Bays) Three Performance Levels Up to 5.0 Gig/Sec, including 10 Gig/Sec Interfaces 2 Modular Bays SSL Inspection *NEW This slide is used to explain the basic concept of NextGen. Key Points. In today’s security products, the definition of “who” is limited to network constructs like ip addresses, vlans, and similar network objects. This does not work anymore. A nextgen product must give the net-admin the ability to define “who” using geo, identity, reputation, along with network objects. In today’s security products, the definition of “what” is limited to using IANA port definitions.constructs. This does not work anymore. In the web space, port is massively overloaded, with every application using the same 2 ports. In the non-web space, common p2p applications are using techniques to intentionally evade simple port detection. A nextgen product must be able to determine application based on what is really happening. If you don’t know the real who or the real what, you cannot manage it. Finally, when you know the real who and the real what, this must be combined with the ability to provide rich visibility and layered protection. See above for sample rules that are possible with nextgen. Provides visibility into attacks over encrypted channels Transparent Man-In-The-Middle implementation Hardware accelerated via on-board Cavium card 6

XGS 5100 Modular Network Interfaces Two modules with seven different options each allow the XGS 5100 to meet current and future connectivity needs 8-port RJ-45 copper w/ built-bypass 2-port 10GbE (LR) w/ built-bypass 4-port Fixed fiber (SX) w/ built-bypass 4-port SFP (requires transceivers) 4-port Fixed fiber (LX) w/ built-bypass 2-port 10GbE SFP+ (requires transceivers) 2-port 10GbE (SR) w/ built-bypass

Pricing Flexibility of the new XGS 1) The Base model includes 4 Ethernet ports (2 IPS Segments) with fail-open bypass. 2) Add any additional optional Interface Modules , up to 2 2) Add any Options, up to 2 Performance Upgrades, SSL Inspection, IP Reputation, and App Control 4) If SFP Interfaces are ordered, then SFP Transceivers Kits need to ordered (not included)

XGS 4100 Not Public -- NDA required Modular Appliance Hardware Platform 1 Modular Bay New 1U appliance form factor Pluggable network interface modules (1 Modular Bay) Two Performance Levels 500 Meg/sec or 1 Gig/Sec Protection, including optional 10 Gig/Sec Interfaces SSL Inspection *NEW This slide is used to explain the basic concept of NextGen. Key Points. In today’s security products, the definition of “who” is limited to network constructs like ip addresses, vlans, and similar network objects. This does not work anymore. A nextgen product must give the net-admin the ability to define “who” using geo, identity, reputation, along with network objects. In today’s security products, the definition of “what” is limited to using IANA port definitions.constructs. This does not work anymore. In the web space, port is massively overloaded, with every application using the same 2 ports. In the non-web space, common p2p applications are using techniques to intentionally evade simple port detection. A nextgen product must be able to determine application based on what is really happening. If you don’t know the real who or the real what, you cannot manage it. Finally, when you know the real who and the real what, this must be combined with the ability to provide rich visibility and layered protection. See above for sample rules that are possible with nextgen. Provides visibility into attacks over encrypted channels Transparent Man-In-The-Middle implementation Hardware accelerated via on-board Cavium card 9

XGS 3100 Not Public -- NDA required Modular Appliance Hardware Platform *coming soon No Modular Bays New 1U appliance form factor Two Performance Levels 250 Meg/Sec or 500 Meg/Sec Copper Ethernet only, built in bypass 0 Modular Interface bays No SSL Accelerator card This slide is used to explain the basic concept of NextGen. Key Points. In today’s security products, the definition of “who” is limited to network constructs like ip addresses, vlans, and similar network objects. This does not work anymore. A nextgen product must give the net-admin the ability to define “who” using geo, identity, reputation, along with network objects. In today’s security products, the definition of “what” is limited to using IANA port definitions.constructs. This does not work anymore. In the web space, port is massively overloaded, with every application using the same 2 ports. In the non-web space, common p2p applications are using techniques to intentionally evade simple port detection. A nextgen product must be able to determine application based on what is really happening. If you don’t know the real who or the real what, you cannot manage it. Finally, when you know the real who and the real what, this must be combined with the ability to provide rich visibility and layered protection. See above for sample rules that are possible with nextgen. 10

The XGS offers next-generation solutions to address today’s security headaches Network IPS (GX Series) Network Protection (XGS Series) Advanced Threat Protection Protocol-based intrusion protection  Web application protection Virtual Patch Network Visibility & Control SSL visibility - Granular visibility/control of over 20B URLs Granular visibility/control of over 2,100 application actions IP reputation Seamless Deployment & Integration SiteProtector central management Advanced QRadar integration (GX4 and GX5 only) 10GB network interfaces (GX7 only) On-Appliance network bypass (GX4 only) Pluggable/swappable network interfaces Flexible performance licensing

GX To Comparison