Server Sensor
Werbung
Protection Solutions Peter Häufel Channel Manager [email protected] Are you ready? In 24 hours NIMDA hit 2.2 Million servers. The clean-up cost of malicious code attacks in 2001 was $12 Billion. The security software industry is worth only $4.5 Billion. Source: www.computereconomics.com Agenda • • • • Sicherheitsprobleme sind Realität Protection Lösungen im Überblick Intrusion Protection Site Protector Zentrales Security Management • Fusion Korrelation von Security Meldungen • Warum Internet Security Systems? And Vulnerabilities Are Increasing System and Network Vulnerabilities by Year 150 100 Total Vulnerabilities 177 Total Vulnerabilities 511 50 0 1998 Source: Security Focus * 2001 through July is 499 1999 Total Vulnerabilities 794 Total Vulnerabilities >1000* 2000 2001 Automated tools increase threats Source: Carnegie Mellon University What is at stake? Corporate Remote Users VPN Frauds committed internally and externally across Europe DSL or Cable Modem R&D Internal External fraud fraud Internet 59% 41% Finance Human Resources European Economic Crime Survey 2001 PriceWaterhouseCoopers Systems Management E-Commerce B2B Partner Cell Phone PDA Managing risk Technical RISK x = Vulnerabilities Expected LOSS = RISK Threats x x Asset value Reaction Time Today’s Threats Internal Threats The costs are real Analysis by Incident Worldwide Economic Impact ($ U.S. Billions) Cyber Quake Rating Year Code Name 2001 Nimda 0.59 0.67 2001 Code Red(s) 2.62 2.99 2001 SirCam 1.05 1.20 2000 Love Bug 8.75 10.00 1999 Melissa 1.10 1.26 1999 Explorer 1.02 1.17 Source: www.computereconomics.com Spieler oder Manager? Faites vos jeux! Protection Lösungen im Überblick RealSecure Protection Systems Angriffs – Abwehr Management Schwachstellen/Policy Management Security Management Desktop Server Netzwerk IT Infrastructure DDoS Unauthorized Access Web Defacement Misuse Exploits Back Doors Malicious Code Worms Viruses Risk Spectrum The RealSecure Solution Funktionalität Sensoren • • • • • • • Network Sensor (Funktion,Plattform) Server Sensor (Funktion, Plattform) Reaktionen X-Press Updates Remote Update RSKill für Nokia SSL Support für IIS und Apache Angriffe erkennen EXTERNAL ATTACK SESSION TERMINATED External Attack ATTACK DETECTED RECORD SESSION Alert FIREWALL/ ROUTER RECONFIGURED Intrusion Protection - Gesamtlösung DMZ Mail Exterior Firewall Rechenzentrum WWW Ethernet Switch N x 100 Mbps UNIX Server SQL Server Database Ethernet Switch Zentrale Konsole Gigabit WinNT Server MAINFRAME Interior Firewall Linux Server Win9x WinNT Win2000 Alles unter eine Konsole – Site Protector • Schwachstellenanalyse – – – – – Internet Scanner System Scanner Database Scanner Desktop Scanner (F) Wireless Scanner • Intrusion Detection – Real Secure • • • • • Server Sensor Network Sensor Sentry Gigabit Desktop Protector Guard • Logfileinformation Fremdhersteller * Site Protector 1.0 RealSecure Site Protector 1.0 Conceptual Overview Graphic: Conceptual Diagram Application Server service Database Event Collector event daemon RealSecure Network Sensor Data Server Sensor Controller service Remote Console(s) event XPU Repository RealSecure Server Sensor daemon Application Server event Deployment Manager Website Install additional Sensors, Site Protector components... daemon Internet Scanner Databridge Internet Scanner IIS Optional Proxy Server Internet ISS Website Legend Security Data flow Command & Control comms. Installation comms. XPU comms. Copyright (c) 2001 Internet Security Systems Inc. All Rights Reserved. Deployment Manager SiteProtector and sensor deployments • Benefits: – Easily Install Sites – Easily Install Sensors – Easily Maintain Sensor Packages – Remotely install consoles – Centrally distribute components – Centrally administer change control Site Rules – automated exception handling Eliminate …..False Alarms ……Environmental False Positives From your console From Everyone’s Console Forever! Remote, Secure, Roles-based User Interface Fast Analysis Security Fusion Module 1.0 Increase the priority Of correlated Attacks Add or modify responses (add page) to Correlated attack! Don’t wake me up If I’m not vulnerable Modify (decrease) The priority of attacks Which you are not vulnerable to Add or modify responses for attacks against nonvulnerable hosts! Security Fusion Module 1.0 • Automatically correlates an attack with vulnerability information about the target to help IDS operators determine attack success or failure. • Example: Fusion can automatically change 10,000 attack probes events into 7 attacked & vulnerable, and automatically clear the other 9,993! Security Landscape Desktop VA/ Policy A/V Server IDS FW/VPN Network IT Infrastructure DDoS Unauthorized Access Web Defacement Misuse Exploits Back Doors Malicious Code Worms Viruses Risk Spectrum Traditional Point Security Desktop RealSecure A/V Server Sensor Server Network A/V Decisions ICEcap RS/WGM Desktop Scanner BlackICE Workstation (IDS) BlackICE Workstation (FW) System & VA Database Scanner RealSecure IDS Server Sensor RealSecure FW/VPN Server Sensor Internet Scanner RealSecure Network Sensor + NetICE Gigabit VA IDS FW/VPN IT Infrastructure DDoS Unauthorized Access Web Defacement Misuse Exploits Back Doors Malicious Code Worms Viruses Risk Spectrum One Protection System Decision s RS/WGM RealSecure ICEcap SiteProtector BlackICE Workstation (IDS) Desktop Scanner Desktop RealSecure RealSecure IDS Server Sensor Protection System System & VA Database Scanner RealSecure A/V Server Sensor Server BlackICE Workstation (FW) RealSecure FW/VPN Server Sensor (for Desktops, Servers, Networks) Network A/V Internet Scanner RealSecure Network Sensor + NetICE Gigabit VA IDS FW/VPN IT Infrastructure DDoS Unauthorized Access Web Defacement Misuse Exploits Back Doors Malicious Code Worms Viruses Risk Spectrum RealSecure Protection System Protection Systems RealSecure Site Protector • Increased connectivity means increased risk. • Customers want to manage that risk – cost effectively without disrupting their business. • Converging technologies, with consolidated and scalable management, reduces the TCO and simplifies security for our customers. SiteProtector 1.0 multi-site coordination • Access multiple sites simultaneously through 2 instances of the console • The same console can access unique sites • Customers can deploy multiple sites to accommodate their specific geographic, business unit, or scalability needs SiteProtector 1.x scalability multi-site coordination • Links multiple sites with a top-tier SiteProtector • Analysis Dashboard - “big picture” security trends, metrics, graphs across Sites • Transparent drill-down to local Site for detailed analysis RealSecure SiteProtector Release Plan RealSecure 6.0 SiteProtector 1.0 SiteProtector 1.x •3 Tiered Architecture •Improved Scalability •Reduced Cost of Operations •IS 6.2 •RS 6.0 & later •Fusion •Dashboard Scalability •RealSecure Network Sensor 7.0 •Server Protection System •New Policy Editor Q2,01 Q3,01 Q4,01 RealSecure 6.5 FastAnalysis PIM ICEcap Manager 3.0 RealSecure Server Sensor 6.01 Q1,02 Q2,02 Q3,02 Q4,02 ICEcap Manager Integration for SiteProtector 1.x • Enables Event linkage for Network ICE • Gig/Guard/Sentry/Desktop Events With RealSecure SiteProtector 1.0 RealSecure Protection Systems RealSecure Site Protector SecureLogic Desktop, Server, Network • Warum Internet Security Systems? … …Worldwide leader ! ISS : pioneer and leader • Founded in 1994, headquartered in Atlanta, GA • Pioneered Vulnerability Assessment, Intrusion Detection and Managed Security Services (MSS) • Three operating theatres EMEA, AsiaPac, Americas, 14 offices in EMEA • Established public company – 1998 IPO, Nasdaq ISSX – 2001 IPO, Jasdaq ISSKK • 2000 revenues of $195,000,000 • 9,000 customers worldwide ISS - worldwide market share ISS Market Share Growth Gartner’s IDS Magic Quadrant In eigener Sache – ISS Partner Programm 2002 • Authorised Partner: – – – – – – – – 3 Tage Schulung Real Secure (Wert: € 1.950) 2 Tage Schulung Internet Scanner (Wert: € 1.300) Zugriff auf Knowledge Base Zugriff auf Marketing Infos Zugriff auf Newsgroups Nutzung ISS Logo Schulung Vertrieb Starter Kit (Wert: € 14.000) 10 THANK YOU!