© 2016 IBM Corporation

Kevin TollyFounderThe Tolly Group

Eric YorkSr. Product Offering ManagerIBM Security

Tolly Report: Stopping Attacks You Can’t See

IBM XGS 7100 Next-generation IPS Efficacy & Performance Evaluation

2© 2016 IBM Corporation

Agenda

Tolly Test Overview – Kevin TollyIBM Security Network Protection XGS 7100Next-generation Intrusion Prevention System (IPS) Efficacy & Performance Evaluation

IBM Security Network Protection (XGS) – Eric YorkPre-emptive protection to keep you Ahead of the Threat®

Questions & Answers

Commissioned by IBM SecurityIBM XGS 7100 Next-Generation IPS

Efficacy & SecurityConducted in January 2016

Download the Report: http://ibm.co/XGSTolly

05/02/2023 3

Tolly Test Project Overview

Presented by Kevin W. TollyFounder, The Tolly Group

www.tolly.comVerB-2016-04-28

IBM Security commissioned Tolly to evaluate security effectiveness and performance

Tolly found that IBM XGS 7100 stopped 100% of tested, publicly-disclosed attacks – both encrypted and unencrypted

Tolly found that IBM XGS 7100 stopped 100% of attacks that used advanced evasion techniques

Tolly benchmarked appliance performance of up to 26Gbps in a system with eight 10GbE interfaces

05/02/2023 4

Test Overview Threat Detection, Throughput, & Key Features

www.tolly.com

Throughput Test Traffic Generation:◦ Two Spirent Avalanche chassis with ARC100 modules

Efficacy Test:◦ Ixia BreakingPoint Systems PerfectStorm

IBM System Under Test:◦ IBM Security Network Protection XGS 7100◦ Eight 10 Gigabit Ethernet ports

Test Configuration Variables:◦ Inbound SSL/TLS inspection enabled/disabled◦ Threats encrypted/unencrypted

05/02/2023 5

Test Environment

www.tolly.com

05/02/2023 6

IPS System EfficacyPublicly-Disclosed Threats & McAfee Exploits

www.tolly.com

05/02/2023 7

Publicly-Disclosed ExploitsBlocked: Unencrypted & Encrypted

www.tolly.com

05/02/2023 8

IPS System PerformanceMulti-protocol & Connection Throughput

www.tolly.com

05/02/2023 9

Key Features & FunctionsEvaluated by Tolly

www.tolly.com

IP Reputation

URL Database & Application Control

Modular Network Interfaces

Flexible Performance Licensing

05/02/2023 10

IBM XGS Dashboard

www.tolly.com

IBM Security Network Protection XGS 7100: Is a high-performance security appliance Stopped 100% of tested, publicly-disclosed attacks – both

encrypted & unencrypted Stopped 100% of McAfee Evader test suite attacks Provides on board software support SSL/TLS Delivered 17 Gbps of throughput with SSL/TLS inspected

Inbound Delivered 26 Gbps of throughput without inspection

05/02/2023 11

Summary

www.tolly.com

05/02/2023 12

www.tolly.com

ABOUT TOLLYCurrently in their 27th year, Tolly is a leading global provider of independent, third-party validation services for vendors of IT products, components and services.

For more information, visit www.tolly.com or e-mail sales@tolly.com.

Download the Report: http://ibm.co/XGSTolly

Thank you!

© 2016 IBM Corporation

Pre-emptive protection to keep youAhead of the Threat

IBM Security Network Protection (XGS)

Eric P. YorkSr. Product Offering ManagerThreat Protection

14© 2016 IBM Corporation

IBM Security Network ProtectionPre-emptive protection to keep you Ahead of the Threat

IBM SecurityNetwork

Protection

ADVANCED INTELLIGENCEPowered by IBM XForce global threat research

ZERO-DAY PROTECTIONProtects against knownand unknown attacks

?

BROAD COVERAGEProtects against a full spectrum of attack techniques

15© 2016 IBM Corporation

Broad coverageProtects against a full spectrum of attack techniques

IBM SecurityNetwork

ProtectionWeb App

System andService

Traffic-based

User

RiskyApplications

Protocol Tunneling

RFC Non-Compliance

Unpatched / Unpatchable

Vulnerabilities

CodeInjection

Buffer Overflows

Cross-site Scripting

SQLInjection

Cross-site Request Forgery

Cross-path Injection

Spear Phishing

Drive-by Downloads

Malicious Attachments

MalwareLinks

Obfuscation Techniques

Protocol Anomalies

Protocol Anomalies

DoS / DDoS Information Leakage

Social Media

File Sharing

Remote Access

Audio / Video Transmission

THREATS…

16© 2016 IBM Corporation

Broad coverageComprehensive protection, visibility, and control over network traffic

Identity and Application Awareness

Associates users and groups with their network activity,

application usage and actions

Deep Packet Inspection

Fully classifies network traffic, regardless of

address, port, or protocol

SSLVisibility

Identifies inbound and outbound traffic threats, without needing

a separate appliance

Network Traffic and Flows

Application A

Application B

Employee A

Employee B Prohibited Application

Attack Traffic

Employee C Botnet Traffic

Inbound Traffic

Outbound Traffic

Good Application

Clean Traffic

400+Protocols and file formats analyzed

2,900+Applications and actions identified

25+ BillionURLs classified in 70 categories

17© 2016 IBM Corporation

IBM goes beyond pattern matching with a broad spectrum of vulnerability and exploit coverage

Web Injection LogicPatented protection against web attacks,

e.g., SQL injection and cross-site scripting

ExploitSignatures

Attack-specific pattern matching

VulnerabilityDecodes

Focused algorithmsfor mutating threats

Application LayerHeuristics

Proprietary algorithms to block malicious use

Protocol AnomalyDetection

Protection against misuse, unknown vulnerabilities, and

tunneling across 230+ protocols

ShellcodeHeuristics

Behavioral protectionto block exploit payloads

ContentAnalysis

File and document inspection and

anomaly detection

Other IPS solutionsstop at pattern matching

18© 2016 IBM Corporation

Ahead of the ThreatBehavioral-based detection blocks attacks that have never been seen before

ShellshockCVE 2014-6271

MS OLE Remote Code ExecutionCVE-2014-6332

MS SharePoint Priv EscalationCVE-2015-1640

IE Cross-Domain Info DisclosureCVE-2015-0070

Cisco PrimeSQL InjectionCVE-2015-6350

DisclosedIBM Protection

2007 2015

Sept 2014Jun 2007

(10 other vulnerabilities covered)

Shell_Command_Injection

7.3 years ahead

Oct 2014

6.8 years ahead(201 other vulnerabilities covered)

CompoundFile_Shellcode_DetectedFeb 2008

Apr 2015

(31 other vulnerabilities covered)

HTTP_HTML_Tag_InjectionNov 2008

6.4 years ahead

Feb 2015Nov 2008

(10,000+ other vulnerabilities covered)

Cross_Site_Scripting

6.3 years ahead

Oct 2015Jun 2007

(9,500+ other vulnerabilities covered)

SQL_Injection

6.9 years ahead

19© 2016 IBM Corporation

IBM X-Force® Research and DevelopmentExpert analysis and data sharing on the global threat landscape

VulnerabilityProtection

IPReputation

Anti-Spam

MalwareAnalysis

WebApplication

Control

URL / WebFiltering

Zero-dayResearch

The IBM X-Force Mission Monitor and evaluate the rapidly changing threat landscape Research new attack techniques and develop protection for tomorrow’s security challenges Educate our customers and the general public Integrate and distribute Threat Protection and Intelligence to make IBM solutions smarter

20© 2016 IBM Corporation

XGS = IBM X-Force in a box

Coverage20,000+ devices under contract

15B+ events managed per day

133 monitored countries (MSS)

3,000+ security related patents

270M+ endpoints reporting malware

Depth25B+ analyzed web pages and images

12M+ spam and phishing attacks daily

89K+ documented vulnerabilities

860K+ malicious IP addresses

Millions of unique malware samples

21© 2016 IBM Corporation

Evolving beyond intrusion prevention to provide greater value

1997+ 2002+ 2005+ 2008+ 2012+ 2013+ 2014+ Future

Threat Management.NEXTNew protection and integration capabilities to stay ahead of the threat

Advanced Malware DefenseBlocks malware

infections on the

networkSSL/TLS Inspection

Protects against attackshidden inside

encrypted traffic

URL/App ControlProtects users from

visiting risky sites

on the webWeb App Protection

Heuristically protects against common

app-based attacks

Behavioral DefenseProtects against

attacks basedon behavior, not specific

vulnerabilities

Intrusion PreventionProtects against

attacks on vulnerabilities,

not exploits

Intrusion Detection

Evol

utio

n ba

sed

on c

lient

nee

ds

XGS Only

XGS Only

XGS Only

XGS Only

22© 2016 IBM Corporation

XGS appliance models

IBM Network Protection XGS

Capabilities per Model XGS 3100 XGS 4100 XGS 5100 XGS 7100 XGS Virtual

Inspected Throughput Up to 800 Mbps Up to 1.5 Gbps Up to 7.0 Gbps Up to 25 Gbps Up to 1 Gbps

Flexible Performance Levels 400 and 800 Mbps

750 Mbps and

1.5 Gbps 2.5, 4.0,

5.5, and 7.0 Gbps 5, 10, 15,

20, and 25 Gbps600 Mbps and

1 GBps

Inspected Throughput (with SSL/TLS)

Up to 500 Mbps (in)Up to 400 Mbps (out)

Up to 900 Mbps (in)Up to 700 Mbps (out)

Up to 4.5 Gbps (in)Up to 2.5 Gbps (out)

Up to 12 Gbps (in)Up to 7.5 Gbps (out)

Up to 500 Mbps (in)

Up to 400 Mbps (out)

Pluggable Network Interface Modules 0 1 2 4 0

Protected Segments 2 Up to 6 Up to 10 Up to 16 Up to 4

XGS 5100

XGS 4100

XGS 7100

XGS 3100

23© 2016 IBM Corporation

Modular network interfaces help future-proof investmentSeven different network modules to meet current and future connectivity needs

XGS 7100: supports 4 NIMsXGS 5100: supports 2 NIMs (+ 4 built-in RJ-45 ports)XGS 4100: supports 1 NIM (+ 4 built-in RJ-45 ports)

4-port Fixed fiber (LX)with built-in bypass

8-port RJ-45 copperwith built-in bypass

4-port Fixed fiber (SX)with built-in bypass

2-port 10GbE (SR)with built-in bypass

2-port 10GbE (LR)with built-in bypass

4-port SFP(requires transceivers)

2-port 10GbE SFP+(requires transceivers)

24© 2016 IBM Corporation

Flexible Performance Licensing (FPL)Flexible levels of inspected throughput allow upgradable performance without the need to change hardware

FPL Level 2

FPL Level 2

800 Mb/s Inspected

FPL Level 1 (base)

400Mb/s Inspected

750Mb/s Inspected

1.5 Gb/s Inspected

XGS 3100

XGS 4100

XGS 5100

FPL Level 1 (base)

FPL Level 1 (base) FPL Level 2 FPL Level 3 FPL Level 4

5.0Gb/s Inspected

10.0 Gb/s Inspected

15.0Gb/s Inspected

XGS 7100

FPL Level 1 (base) FPL Level 2

20.0Gb/s Inspected

FPL Level 3

25.0Gb/s Inspected

FPL Level 5

FPL Level 2

1.0 Gb/s Inspected

600Mb/s Inspected

XGS Virtual

FPL Level 4

FPL Level 1 (base)

2.5Gb/s Inspected

4.0 Gb/s Inspected

7.0Gb/s Inspected

5.5Gb/s Inspected

25© 2016 IBM Corporation

XGS provides the protection needed for today’s threats

Guard against mutated threatsBy protecting the vulnerability, not looking for the exploit

Protect against zero-day vulnerabilitiesThrough advanced behavioral techniques

Fight malwareDisrupt the attack chain including integration with Trusteer Apex and leading malware sandboxes

Protect usersLimit access to phishing messages, while blocking malicious links, drive-by downloads, and file attachments

Integrates seamlessly with QRadarSend Layer 7 flow data to QRadar and receive quarantine commands

Download the Tolly Report: http://ibm.co/XGSTolly

26© 2015 IBM Corporation

Learn more about IBM Security Network Protection (XGS)

countries where IBM delivers managed security services

industry analyst reports rankIBM Security as a LEADER

enterprise security vendor in total revenue

clients protectedincluding…

130+

25No. 1

12K+

90% of the Fortune 100 companies

Visit the website IBM Security Network Protection

Watch the videosIBM Security Network Protection

Read new blog postsSecurityIntelligence.com

Follow us on Twitter@ibmsecurity

Join IBM X-Force Exchangexforce.ibmcloud.com

© Copyright IBM Corporation 2016. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and / or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.

Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.

THANK YOUwww.ibm.com/security

Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products in connection with this publication and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products. IBM does not warrant the quality of any third-party products, or the ability of any such third-party products to interoperate with IBM’s products. IBM EXPRESSLY DISCLAIMS ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.

The provision of the information contained herein is not intended to, and does not, grant any right or license under any IBM patents, copyrights, trademarks or other intellectual property right.

Other company, product, or service names may be trademarks or service marks of others. A current list of IBM trademarks is available at “Copyright and trademark information” www.ibm.com/legal/copytrade.shtml

Copyright © 2016 by International Business Machines Corporation (IBM). No part of this document may be reproduced or transmitted in any form without written permission from IBM.

U.S. Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM.

Information in these presentations (including information relating to products that have not yet been announced by IBM) has been reviewed for accuracy as of the date of initial publication and could include unintentional technical or typographical errors. IBM shall have no responsibility to update this information. THIS document is distributed "AS IS" without any warranty, either express or implied. In no event shall IBM be liable for any damage arising from the use of this information, including but not limited to, loss of data, business interruption, loss of profit or loss of opportunity.

IBM products and services are warranted according to the terms and conditions of the agreements under which they are provided.

Any statements regarding IBM’s future direction, intent or product plans are subject to change or withdrawal without notice. Performance data contained herein was generally obtained in a controlled, isolated environments. Customer examples are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual performance, cost, savings or other results in other operating environments may vary. References in this document to IBM products, programs, or services does not imply that IBM intends to make such products, programs or services available in all countries in which IBM operates or does business.

Workshops, sessions and associated materials may have been prepared by independent session speakers, and do not necessarily reflect the views of IBM. All materials and discussions are provided for informational purposes only, and are neither intended to, nor shall constitute legal or other guidance or advice to any individual participant or their specific situation.

It is the customer’s responsibility to insure its own compliance with legal requirements and to obtain advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulatory requirements that may affect the customer’s business and any actions the customer may need to take to comply with such laws. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the customer is in compliance with any law.

Legal notices and disclaimers