Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
IBM Security Systems

The Results are in: IBM’s Capabilities Shine in
Latest NSS Labs Testing
December 10th 2013

Jim Bren...
IBM Security Systems

A brief primer to get started …

Vulnerability

Exploit

vs

???

•
•
•
2

A potential weakness in a...
IBM Security Systems

Two different protection approaches, yielding very different results

???

Focus on the Vulnerabilit...
IBM Security Systems

Mutated threats evade exploit-focused defense mechanisms
Vulnerability

Exploit

BLUE CROWBAR

email...
IBM Security Systems

IBM’s multiple intrusion prevention technologies work in tandem
Spectrum of Vulnerability
and Exploi...
The signatures and examples shown in this slide are for representation of
the heuristic coverage available and do not demo...
IBM Security Systems

2012 Tolly Group Report demonstrated IBM’s adaptive protection

http://ibm.co/Tolly






7

Del...
IBM Security Systems

Simple mutations rendered signature matching engines useless
A simple change to a
variable name allo...
IBM Security Systems

NSS Labs
 Independent information security research and
testing organization
 Pioneered third part...
IBM Security Systems

NSS Labs 2013 Group IPS Test:

Shows IBM’s solutions are especially effective against mutating threa...
IBM Security Systems

Coverage by Attack Vector

Attacker Initiated: Executed remotely against a vulnerable application or...
IBM Security Systems

Coverage by Target Vendor
“This graph highlights the coverage offered by the IBM GX7800 for some of ...
IBM Security Systems

Evasion Results in Detail
“The device proved effective against all evasion techniques tested. The IB...
IBM Security Systems

Stability & Reliability in Detail
“The IBM GX7800 is required to remain operational and stable throu...
IBM Security Systems

Performance Throughput Details

15

IBM Security Systems

© 2013 IBM Corporation
IBM Security Systems

IBM Security Network Protection XGS
The Next Generation of IBM intrusion prevention solutions

ADVAN...
IBM Security Systems

IBM’s Vision for Integrated Advanced Threat Protection
Cross-domain
awareness of
threat activity

In...
IBM Security Systems

Executing on the Vision
Cross-domain
awareness of
threat activity

Integrated platform
for distribut...
IBM Security Systems

Summary
 Vulnerability-focused intrusion prevention systems offer pre-emptive protection
that canno...
IBM Security Systems

Learn more about IBM’s IPS offerings:
Download the 2013 NSS Labs IPS Group Test :
http://ibm.co/IBM_...
IBM Security Systems

Questions?

21

IBM Security Systems

© 2013 IBM Corporation

© 2013 IBM Corporation
IBM Security Systems

ibm.com/security
© Copyright IBM Corporation 2013. All rights reserved. The information contained in...
Upcoming SlideShare
Loading in …5
×

Latest NSS Labs Testing Results

2,457 views

Published on

Download the NSS Labs 2013 IPS Group Test: http://securityintelligence.com/nss-labs-results-and-the-question-of-security-effectiveness/

Understanding the criteria and test methodology of various third-party testing is a key component of making an informed decision on your next intrusion prevention platform. In this webcast, we will delve into the latest NSS Labs testing results, where IBM scored 95.7% in exploit block rate, and describe what it shows about the effectiveness of IBM Intrusion Prevention Solutions. We will also cover the role of third-party testing in general and how this testing applies to “real-world” threats and constantly changing attacks. Don’t miss the chance to get insight on the latest IBM test results and learn more about what third-party testing means for you.

View the On-demand webinar: https://www2.gotomeeting.com/register/577560858

Published in: Technology
  • Be the first to comment

Latest NSS Labs Testing Results

  1. 1. IBM Security Systems The Results are in: IBM’s Capabilities Shine in Latest NSS Labs Testing December 10th 2013 Jim Brennan Program Director of Strategy & Product Management Infrastructure Security 1 IBM Security Systems © 2013 IBM Corporation © 2013 IBM Corporation
  2. 2. IBM Security Systems A brief primer to get started … Vulnerability Exploit vs ??? • • • 2 A potential weakness in a system Not a danger on its own May be multiple ways of breaking in IBM Security Systems • • A tool used to gain entry Many different exploits can target a single weakness © 2013 IBM Corporation
  3. 3. IBM Security Systems Two different protection approaches, yielding very different results ??? Focus on the Vulnerability Prevent everything from breaking the window Pre-emptive protection 3 IBM Security Systems Focus on the Exploits Prevent a crowbar from breaking the window Prevent a rock from breaking the window Prevent a cannonball from breaking the window New exploit, new signature © 2013 IBM Corporation
  4. 4. IBM Security Systems Mutated threats evade exploit-focused defense mechanisms Vulnerability Exploit BLUE CROWBAR email password Submit Form input direct to Database query without proper validation or sanitization 4 IBM Security Systems Mutated Exploit RED CROWBAR ' OR username IS NOT NULL OR username = ' JyBPUiB1c2Vybm FtZSBJUyBOT1Q gTlVMTCBPUiB1 c2VybmFtZSA9IC c= Common SQL Injection In plaint text to dump usernames from table The same SQL Injection encoded with Base64 can evade pattern matching © 2013 IBM Corporation
  5. 5. IBM Security Systems IBM’s multiple intrusion prevention technologies work in tandem Spectrum of Vulnerability and Exploit Coverage IBM stays ahead of the threat with these protection engines Vulnerability Decodes Focused algorithms for mutating threats Application Layer Heuristics Proprietary algorithms to block malicious use Web Injection Logic Patented protection against web attacks - e.g. SQL Injection and Command Injection Shellcode Heuristics Behavioral approach to blocking exploit payloads Some IPS solutions stop at pattern matching Exploit Signatures Attack specific pattern matching 5 IBM Security Systems Content Analysis File and document inspection Protocol Anomaly Detection Protection against misuse, unknown vulnerabilities, and tunneling across over 230+ protocols © 2013 IBM Corporation
  6. 6. The signatures and examples shown in this slide are for representation of the heuristic coverage available and do not demonstrate the entire listing of attacks from the time the signature was created. IBM Security Systems The Result = Preemptive protection for today’s threats Pre-2009 2009 2010 2011 2012 2013 Oracle Java Exploit CVE-2012-4681 Java Byte Code Exploitation Red = Attacks Blue = Preemptive Heuristic Detection Java Plug-in for IE Remote Code Java_Sandbox_Code_Execution (IPS) Oracle Java Exploit CVE-2013-2465 and 2463 HTML_Browser_Plugin_Overflow Java_Malicious_Applet MS IE Remote Exploit CVE-2012-4781 Client-based Threats JavaScript_NOOP_Sled MS IE Remote Exploit CVE-2013-3893 JavaScript_Msvcrt_ROP_Detected Script_Suspicious_Score Adobe Flash Code Exec CVE-2011-0611 Gong Da Exploit CVE-2013-0633 CompoundFile_Embedded_SWF Web Application Attacks Cross_Site_Scripting SQL_Injection 6 IBM Security Systems EasyMedia Script XSS PHP-Fusion SQLi MS SharePoint CVE-2012-1859 MS SQL Server CVE-2012-2552 Oracle DB SQLi Lizamoon Lilupophilupop © 2013 IBM Corporation
  7. 7. IBM Security Systems 2012 Tolly Group Report demonstrated IBM’s adaptive protection http://ibm.co/Tolly     7 Delivers superior protection from evolving threats with high levels of performance Stops 99% of tested, publicly available attacks Is nearly twice as effective as Snort at stopping "mutated" attacks Protects streams of 100% HTTP traffic at speeds of 20 Gbps and mixed traffic loads of 35 Gbps+ IBM Security Systems Source: Tolly Test Report October 2012 © 2013 IBM Corporation
  8. 8. IBM Security Systems Simple mutations rendered signature matching engines useless A simple change to a variable name allows the attack to succeed, while rendering the protection of a signature matching engines useless A simple change to the HTML code in a compromised web page makes the attack invisible to signature protection Simply adding a comment to a web page results in an attack successfully bypassing signature IPS 8 IBM Security Systems Original Variable Names Mutated Variable Names Shellcode somecode Block brick heapLib badLib Original Class Reference Mutated Class Reference <html><head></head> <body><applet archive="jmBXTMuv.jar" code="msf.x.Exploit.class" width="1" height="1"><param name="data" value=""/><param name="jar"> <html><head></head> <body><applet archive="eXRZLr.jar" code="msf.x.badguy.class" width="1" height="1"><param name="data" value=""/><param name="jar"> Original Code Mutated Code var t = unescape; var t = unescape <!— Comment -->; © 2013 IBM Corporation
  9. 9. IBM Security Systems NSS Labs  Independent information security research and testing organization  Pioneered third party intrusion detection and prevention system testing with the publication of the first such test criteria in 1999  Evaluates firewall, unified threat management, anti-malware, encryption, web application firewall, and other technologies on a regular basis 9 IBM Security Systems © 2013 IBM Corporation
  10. 10. IBM Security Systems NSS Labs 2013 Group IPS Test: Shows IBM’s solutions are especially effective against mutating threats 95.7% Exploit Block Rate 97.7% Block Rate for Server Attacks 94.1% Block Rate for Client Attacks PASS All tests related to “Stability & Reliability” PASS “ [IBM’s score] speaks to the ability of the IBM IPS to perform against the types of constantly evolving threats that are often seen in today’s networks.” –Vikram Phatak Chairman and CEO, NSS Labs All tests related to “Evasions” 10 IBM Security Systems © 2013 IBM Corporation
  11. 11. IBM Security Systems Coverage by Attack Vector Attacker Initiated: Executed remotely against a vulnerable application or operating system Target Initiated: Initiated by user behavior (clicking on a link, opening an attachment, etc) 11 IBM Security Systems © 2013 IBM Corporation
  12. 12. IBM Security Systems Coverage by Target Vendor “This graph highlights the coverage offered by the IBM GX7800 for some of the top vendor targets (out of more than 70) represented in this round of testing” 12 IBM Security Systems © 2013 IBM Corporation
  13. 13. IBM Security Systems Evasion Results in Detail “The device proved effective against all evasion techniques tested. The IBM GX7800 successfully blocked all evasions, resulting in an overall PASS.” 13 IBM Security Systems © 2013 IBM Corporation
  14. 14. IBM Security Systems Stability & Reliability in Detail “The IBM GX7800 is required to remain operational and stable throughout the tests, and to block 100% of previously blocked traffic, raising an alert for each.” 14 IBM Security Systems © 2013 IBM Corporation
  15. 15. IBM Security Systems Performance Throughput Details 15 IBM Security Systems © 2013 IBM Corporation
  16. 16. IBM Security Systems IBM Security Network Protection XGS The Next Generation of IBM intrusion prevention solutions ADVANCED THREAT PROTECTION SEAMLESS DEPLOYMENT & INTEGRATION Proven adaptive protection from sophisticated and constantly evolving threats, powered by X-Force® 16 COMPREHENSIVE VISIBILITY & CONTROL Helps discover and block existing infections and rogue applications while enforcing access policies Adaptive deployment and superior integration with the full line of IBM security solutions IBM Security Systems © 2013 IBM Corporation
  17. 17. IBM Security Systems IBM’s Vision for Integrated Advanced Threat Protection Cross-domain awareness of threat activity Integrated platform for distribution of threat intelligence In the Wild     Malware analysis Vulnerability analysis URL classification Reputation On the Network     Intrusion prevention URL filtering Application control Malware detection On the Endpoint  Malware prevention  Configuration management Cross-domain awareness of targeted assets 17 IBM Security Systems © 2013 IBM Corporation
  18. 18. IBM Security Systems Executing on the Vision Cross-domain awareness of threat activity Integrated platform for distribution of threat intelligence In the Wild On the Network IBM Network Protection On the Endpoint Endpoint Manager Trusteer Apex Cross-domain awareness of targeted assets 18 IBM Security Systems © 2013 IBM Corporation
  19. 19. IBM Security Systems Summary  Vulnerability-focused intrusion prevention systems offer pre-emptive protection that cannot be easily evaded by mutating threats  IBM’s score of 95.7% exploit block rate in NSS Labs 2013 IPS Group Test speaks to its ability to perform against the types of constantly evolving threats often seen in today’s networks  IBM’s Network Protection platform builds upon IBM’s proven adaptive protection to include robust application visibility and control, and is part of a comprehensive platform that defends against threats 19 IBM Security Systems © 2013 IBM Corporation
  20. 20. IBM Security Systems Learn more about IBM’s IPS offerings: Download the 2013 NSS Labs IPS Group Test : http://ibm.co/IBM_NSS Read the Tolly Test report on IBM: http://ibm.co/Tolly Learn about Forrester’s Zero Trust Model : http://ibm.co/Forrester Visit our: Blog: www.securityintelligence.com Website: www.ibm.com/security 20 IBM Security Systems © 2013 IBM Corporation
  21. 21. IBM Security Systems Questions? 21 IBM Security Systems © 2013 IBM Corporation © 2013 IBM Corporation
  22. 22. IBM Security Systems ibm.com/security © Copyright IBM Corporation 2013. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are © 2013 IBM Corporation 22 trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, IBM Security Systems or service names may be trademarks or service marks of others.

×