Blue Lane Technologies Best of Breed IPS April 29, 2008 Interop 2008.

Slides:

Advertisements

Similar presentations

Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.

Advertisements

New Solutions to New Threats. The Threats, They Are A Changing Page 2 | © 2008 Palo Alto Networks. Proprietary and Confidential.

System Center 2012 R2 Overview

I NDULGENC E There is no need for oversight or management direction. All staff members are superstars and act in the best interest of the company.

Virtual Machine Security Design of Secure Operating Systems Summer 2012 Presented By: Musaad Alzahrani.

ForeScout Technologies Ayelet Steinitz, Product Manager April, 2003.

Trusted End Host Monitors for Securing Cloud Datacenters Alan Shieh †‡ Srikanth Kandula ‡ Albert Greenberg ‡ †‡

Presented by Justin Bode CS 450 – Computer Security February 17, 2010.

Common IS Threat Mitigation Strategies An overview of common detection and protection technologies Max Caceres CORE Security Technologies

SECURE CLOUD-READY DATA CENTERS AppSecure development IDC IT Security conference – 2011 Budapest.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

MIGRATION FROM SCREENOS TO JUNOS based firewall

INTRODUCING: KASPERSKY Security FOR VIRTUALIZATION | LIGHT AGENT FOR MICROSOFT AND CITRIX VIRTUAL ENVIRONMENTS.

14,698 High & Critical Vulnerabilities since 2005 Source: CVE Details

Host Intrusion Prevention Systems & Beyond

Intrusion Prevention System Group 6 Mu-Hsin Wei Renaud Moussounda Group 6 Mu-Hsin Wei Renaud Moussounda.

Department Of Computer Engineering

Microsoft Virtual Academy Module 4 Creating and Configuring Virtual Machine Networks.

Microsoft delivers a complete datacenter solution with Windows Server 2012 R2 out-of-the-box Cloud OS Development Management Identity Virtualization.

Additional SugarCRM details for complete, functional, and portable deployment.

©2012 Check Point Software Technologies Ltd. | [Confidential] For Check Point users and approved third parties Building Your Security Strategy with 3D.

1 Integrating a Network IDS into an Open Source Cloud Computing Environment 1st International Workshop on Security and Performance in Emerging Distributed.

Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.

Lesson 7 Intrusion Prevention Systems. UTSA IS 3523 ID & Incident Response Overview Definitions Differences Honeypots Defense in Depth.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

©2003–2008 Check Point Software Technologies Ltd. All rights reserved. CheckPoint new security architecture and R70 highlights.

© 2010 IBM Corporation Cloudy with a chance of security Information security in virtual environments Johan Celis Security Solutions Architect EMEA IBM.

Extreme Networks Confidential and Proprietary. © 2010 Extreme Networks Inc. All rights reserved.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Welcome to the Human Network Matt Duke 11/29/06.

Imperva Total Application Security Idan Soen, CISSP Security Engineer SecureSphere – The First Dynamic Profiling Firewall Idan Soen, CISSP Security Engineer.

1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now.

Web Application Firewall (WAF) RSA ® Conference 2013.

Intrusion Detection and Prevention. Objectives ● Purpose of IDS's ● Function of IDS's in a secure network design ● Install and use an IDS ● Customize.

Infrastructure Consolidation Cloud/SaaS Web 2.0 Converged Communications Virtualization Mobile Devices.

CSCI 530 Lab Intrusion Detection Systems IDS. A collection of techniques and methodologies used to monitor suspicious activities both at the network and.

Detecting Targeted Attacks Using Shadow Honeypots Authors: K.G. Anagnostakis, S. Sidiroglou, P. Akritidis, K. Xinidis, E. Markatos, A.D. Keromytis Published:

1 Topic 2: Lesson 3 Intro to Firewalls Summary. 2 Basic questions What is a firewall? What is a firewall? What can a firewall do? What can a firewall.

Virtual Server Monitoring Solution Overview. Agenda MonitorIT Overview Solution Demonstration Questions Contact Information.

How to Integrate Security Tools to Defend Data Assets Robert Lara Senior Enterprise Solutions Consultant, GTSI.

Denial of Service Sharmistha Roy Adversarial challenges in Web Based Services.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

DETECTING TARGETED ATTACKS USING SHADOW HONEYPOTS AUTHORS: K. G. Anagnostakisy, S. Sidiroglouz, P. Akritidis, K. Xinidis, E. Markatos, A. D. Keromytisz.

© 2009 WatchGuard Technologies WatchGuard ReputationAuthority Rejecting Unwanted & Web Traffic at the Perimeter.

Hyper-V Performance, Scale & Architecture Changes Benjamin Armstrong Senior Program Manager Lead Microsoft Corporation VIR413.

Highly Scalable Distributed Dataflow Analysis Joseph L. Greathouse Advanced Computer Architecture Laboratory University of Michigan Chelsea LeBlancTodd.

Rob Davidson, Partner Technology Specialist Microsoft Management Servers: Using management to stay secure.

1 ForeScout Technologies Inc. Frontline Defense against Network Attack Tim Riley, Forescout.

Sampling Dynamic Dataflow Analyses Joseph L. Greathouse Advanced Computer Architecture Laboratory University of Michigan University of British Columbia.

I NTRUSION P REVENTION S YSTEM (IPS). O UTLINE Introduction Objectives IPS’s Detection methods Classifications IPS vs. IDS IPS vs. Firewall.

“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.

© 2006, iPolicy Networks, Inc. All rights reserved. Security Technology Correlation Proneet Biswas Sr. Security Architect iPolicy Networks

Microsoft NDA Material Adwait Joshi Sr. Technical Product Manager Microsoft Corporation.

@Yuan Xue Worm Attack Yuan Xue Fall 2012.

Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.

No boundaries with Unified Web Security Solutions Steven Vlastra Sr. Systems Engineer - Benelux.

Memory Protection through Dynamic Access Control Kun Zhang, Tao Zhang and Santosh Pande College of Computing Georgia Institute of Technology.

Deep Security and VMware NSX Advanced Security Framework for the Software-Defined Data Center Anand Patil National Sales Manager, SDDC CONFIDENTIAL1.

HIPS. Host-Based Intrusion Prevention Systems  One of the major benefits to HIPS technology is the ability to identify and stop known and unknown attacks,

INDULGENCE There is no need for oversight or management direction. All staff members are superstars and act in the best interest of the company.

Protection Against Rootkits “Defense In Depth”

Real-time protection for web sites and web apps against ATTACKS

Threat Management Gateway

Virtualization & Security real solutions

Firewalls at UNM 11/8/2018 Chad VanPelt Sean Taylor.

Securing Cloud-Native Applications Jason Schmitt CEO

CORE Security Technologies

Building an Integrated Security System Microsoft Forefront code name “Stirling” Ravi Sankar Technology Evangelist | Microsoft

Healthcare Cloud Security Stack for Microsoft Azure

Using Software Restriction Policies

Presentation transcript:

Blue Lane Technologies Best of Breed IPS April 29, 2008 Interop 2008

Network IPS Architecture Needs to Evolve Current IPS Architecture  Deep packet inspection  Exploit-centric  Static signatures  Block  Custom HW  Physical  Monolith Next Gen Architecture L7 Protocol decoding Vulnerability-centric Dynamic logic Protect Multi-core SW Virtual + physical Distributed Key drivers: - Data center server & network consolidation - Virtualization - Signature explosion

Blue Lane’s Layer 7 Architecture 100% Protection Resilient against sophisticated attacks against all major server OS, app, database vulnerabilities. Proactive policies for app control. 100% Accuracy No signatures, tuning, false alarms and/or security vs. availability tradeoffs. 100% Visibility Flows visible by server, VM, cluster, data center, OS, application, patch status. Low Overhead Low Latency, low CPU usage, small footprint and minimal oversight required for both physical and virtual data centers.

Comprehensive Protocol / Vulnerability Intelligence 130+ protocols and services decoded Hundreds of vulnerabilities protected across dozens of applications/OSs

Accurate, Granular Enforcement ● Detection and Correction with no false positives ● Appropriate Response based on protocol, vulnerability and policy ● Controlled code execution (no session reset) This attack is attempting to exploit MS by sending two CDO-MODPROPS sections in the Vcalendar message, with the second larger then the first. The Exchange / SMTP server allocates buffer space based on the first section, but processes the second if it is present resulting in a buffer overflow. By understanding the protocols and vulnerabilities, Blue Lane stops the attack by removing the second CDO-MODPROPS section and adjusting the packet headers to reflect the new packet size. Controlled Code Execution Buffer Overflow Attack Blue Lane

Superior Vulnerability Protection Comprehensive coverage of data center vulnerabilities Comprehensive knowledge of leading protocols No signatures, tuning, or guesswork Total vuln’s: 8215 Apache 260 VMware 1373 Linux 643 Solaris Oracle Microsoft Blue LaneLeading IPS

Operational Feasibility - Resources - Expertise - Server availability - Server touches - Application testing - Tuning complexity - Handling offline VMs, snapshots, VM sprawl Security Effectiveness - Accurate detection - Vulnerability correction - Resiliency against evasion - Mobile VMs, tainted VMs VLAN NIPS IDS Firewall NIPS Blue Lane Why current solutions fall short Patch HIPS

The Data Center Security Payoff Defense in depth for servers, VMs, next gen data centers Operational ease (tuning, etc) Application control policy Virtualization readiness Resilience to IPS evasion Non-disruptive protection Accurate vulnerability detection Server, database, app coverage Blue LaneIPS Security Requirements Anomaly detection Port scans, DOS, A/V FirewallIPS

9 The New Virtualized Data Center Host System Hypervisor Virtual Network Virtual Servers

NGDC Defense-in-depth Strategy Secure Physical Servers and Databases Active Update ServerShield Manager ServerShield Secure Virtual Hosts and VMs VirtualFlow Center Servers ServerShield Virtual Servers Database ServerShield

Comprehensive Coverage for Servers/VMs DBMS 7, 8, 9, 10g 5.0, 5.5, 2003,2007 IIS v1-v6 7, 8 9, 10 EL 2, 3, 4, 5 Technology Partners: EMGC PARTNER BIND 8, 9 10 Application Server Operating Systems: Network & Core Services Database Servers: Servers: Application Servers: Other Applications: WebSphere IHS ProFTP

For more information: Thank you.