| Why IPS

Intro

Does business need IPS

McAfee Overview of the Network Security Platform

Customer Experience

| Why IPS

•Began working with IDS in 1999

•Implemented IDS/IPS:

–Legal industry

–Telecommunications

–Manufacturing

•Managed two global deployments of inline IPS

•CISSP, CISM and GCIH

| Why IPS

• DG Technology Consulting was founded with a vision to provide a unique service to our clients

• DG Technology provides a broad range of Security solutions including:–Vulnerability Assessments

–Security Health Checks

–Mainframe Security Services

–Mainframe Event Acquisition System (MEAS)

| Why IPS

Not IDS

| Why IPS

| Why IPS

| Why IPS

• All the major operating systems, application and network equipment vendors continue to find flaws in their products that leave these products vulnerable to attack.

• Many businesses only patch major applications once a year, since they can not afford the downtime.

• Businesses are increasingly going mobile. This results in more employees working on “untrusted” networks.

• Attackers are relentless in going after the data they want.

| Why IPS

| Why IPS

| Why IPS

4 IPS vendors > 90% of the IPS market.

| Why IPS

• Traditional IPS systems use a library of “signatures” to identify software which is a threat.

• The design of these signatures is critically important since they need to:

– Correctly identify all of the threat software;

– Do so at the breakneck speed of today’s networks; and

– Create no false positives (i.e., identifying a threat where there is none).

• The best IPSs actually run with the fewest, most effectively written signatures.

| Why IPS

• Integrates vulnerability data — Integration of your organizations vulnerability data allows for more accurate and quicker response to attacks. Analyst are able to quickly identify if an asset is vulnerable to the attack and/or initiate a vulnerability scan from the IPS console.

• Reputation Data — By identifying the reputation of the source or destination of traffic flowing through the device. Threats can be blocked without the need for signatures. This also allows for a more accurate and quicker response to threats.

• Geo-Location — Another way to increase operational efficiency is through Geo-Location. This allows the analyst to quickly see the County location of a source and destination. Alerts where the business does not have operations should be prioritized. Traffic can be blocked based on the geo-location.

| Why IPS

• Application Awareness — By being able to identify the application in use analysts can quickly identify if it is a critical application or a false positive.

• SSL Decryption— Many attackers are hiding there attacks by using your SSL tunnel against you. Without this capability you traditional IDS is “blind” to these attacks.

• Virtualization— Virtual and virtualized IPS. Virtual IPS allows the IPS to run multiple policies on a single interface. This reduces false positives while providing detailed protection to the environment. Virtualized IPS allows for the monitoring of virtual environments such as VmWare.

| Why IPS

• Purpose built hardware— Look for products with few moving parts. Ask about RMA rates and look for a less than .5% RMA rate

• Modular Components — Components such as the power supplies, GBIC, SFP should be hot swappable and should be able to be replaced individually.

• High Availability — Hardware based fail-open kits, internal mechanisms to detect failure, HA configuration.

• High Performance — Look at NSS Labs rating, real-world testing scenarios.

March 17, 201316 March 17, 201316

Acquisition Cost – what’s the real cost of acquisition, software, hardware, related infrastructure, internal IT staff, and third-party resources.

Performance & Reliability – up to the rated speed of the appliance across a test range of TCP and HTTP response sizes and connections per second, in a real world traffic mix.

Stability & Reliability – ability to sustain legitimate traffic (i.e., not crash) while under hostile attack.

Management & Usability – strength of the management UI in focusing on network performance, system health, and major events – with the ability to drill down and create

reports.

Gartner business metrics – overall vendor viability, sales execution, market responsiveness and track record, marketing execution, customer experience, and operations.

Security Effectiveness – in accurately detecting/blocking the range of common exploits, across the relevant range of operating systems and applications, with low

false positives.

|