Blue Lane Technologies Best of Breed IPS April 29, 2008 Interop 2008.
-
Upload
tyrone-blankenship -
Category
Documents
-
view
216 -
download
1
Transcript of Blue Lane Technologies Best of Breed IPS April 29, 2008 Interop 2008.
![Page 1: Blue Lane Technologies Best of Breed IPS April 29, 2008 Interop 2008.](https://reader035.fdocuments.us/reader035/viewer/2022062805/5697c0031a28abf838cc3ec7/html5/thumbnails/1.jpg)
Blue Lane TechnologiesBlue Lane TechnologiesBest of Breed IPSBest of Breed IPSBlue Lane TechnologiesBlue Lane TechnologiesBest of Breed IPSBest of Breed IPS
April 29, 2008
Interop 2008Interop 2008
![Page 2: Blue Lane Technologies Best of Breed IPS April 29, 2008 Interop 2008.](https://reader035.fdocuments.us/reader035/viewer/2022062805/5697c0031a28abf838cc3ec7/html5/thumbnails/2.jpg)
Network IPS Architecture Needs to Evolve
Current IPS Architecture Deep packet inspection Exploit-centric Static signatures Block Custom HW Physical Monolith
Next Gen Architecture L7 Protocol decoding Vulnerability-centric Dynamic logic Protect Multi-core SW Virtual + physical Distributed
Key drivers:- Data center server & network consolidation- Virtualization- Signature explosion
![Page 3: Blue Lane Technologies Best of Breed IPS April 29, 2008 Interop 2008.](https://reader035.fdocuments.us/reader035/viewer/2022062805/5697c0031a28abf838cc3ec7/html5/thumbnails/3.jpg)
Blue Lane’s Layer 7 Architecture
100% ProtectionResilient against sophisticatedattacks against all major server
OS, app, database vulnerabilities.Proactive policies for app control.
100%Accuracy
No signatures,tuning, false alarms
and/or securityvs. availability
tradeoffs.
100%VisibilityFlows visible by
server, VM, cluster,data center, OS,application, patch
status.
Low OverheadLow Latency, low CPU usage, small
footprint and minimal oversightrequired for both physicaland virtual data centers.
![Page 4: Blue Lane Technologies Best of Breed IPS April 29, 2008 Interop 2008.](https://reader035.fdocuments.us/reader035/viewer/2022062805/5697c0031a28abf838cc3ec7/html5/thumbnails/4.jpg)
Comprehensive Protocol / Vulnerability Intelligence
• 130+ protocols and services decoded• Hundreds of vulnerabilities protected across dozens of applications/OSs
![Page 5: Blue Lane Technologies Best of Breed IPS April 29, 2008 Interop 2008.](https://reader035.fdocuments.us/reader035/viewer/2022062805/5697c0031a28abf838cc3ec7/html5/thumbnails/5.jpg)
Accurate, Granular Enforcement
● Detection and Correction with no false positives● Appropriate Response based on protocol, vulnerability and policy● Controlled code execution (no session reset)
This attack is attempting to exploit MS06-019 by sending two CDO-MODPROPS sections in the Vcalendar message, with the second larger then the first. The Exchange / SMTP server allocates buffer space based on the first section, but processes the second if it is present resulting in a buffer overflow.
By understanding the protocols and vulnerabilities, Blue Lane stops the attack by removing the second CDO-MODPROPS section and adjusting the packet headers to reflect the new packet size.
Controlled Code Execution
Buffer Overflow Attack
Blue Lane
![Page 6: Blue Lane Technologies Best of Breed IPS April 29, 2008 Interop 2008.](https://reader035.fdocuments.us/reader035/viewer/2022062805/5697c0031a28abf838cc3ec7/html5/thumbnails/6.jpg)
Superior Vulnerability Protection
• Comprehensive coverage of data center vulnerabilities• Comprehensive knowledge of leading protocols• No signatures, tuning, or guesswork
Total vuln’s:
8215Apache
260VMware
1373Linux
643Solaris
42039Oracle
198147Microsoft
Blue LaneLeading IPS
911209
![Page 7: Blue Lane Technologies Best of Breed IPS April 29, 2008 Interop 2008.](https://reader035.fdocuments.us/reader035/viewer/2022062805/5697c0031a28abf838cc3ec7/html5/thumbnails/7.jpg)
OperationalFeasibility- Resources- Expertise- Server availability- Server touches- Application testing- Tuning complexity
- Handling offline VMs, snapshots, VM sprawl
Security Effectiveness- Accurate detection- Vulnerability correction- Resiliency against evasion- Mobile VMs, tainted VMs
VLAN
NIPSIDS
Firewall
NIPS
Blue Lane
Why current solutions fall short
PatchHIPS
![Page 8: Blue Lane Technologies Best of Breed IPS April 29, 2008 Interop 2008.](https://reader035.fdocuments.us/reader035/viewer/2022062805/5697c0031a28abf838cc3ec7/html5/thumbnails/8.jpg)
The Data Center Security Payoff
• Defense in depth for servers, VMs, next gen data centers
Operational ease (tuning, etc)
Application control policy
Virtualization readiness
Resilience to IPS evasion
Non-disruptive protection
Accurate vulnerability detection
Server, database, app coverage
Blue LaneIPSSecurity Requirements
Anomaly detection
Port scans, DOS, A/V
FirewallIPS
![Page 9: Blue Lane Technologies Best of Breed IPS April 29, 2008 Interop 2008.](https://reader035.fdocuments.us/reader035/viewer/2022062805/5697c0031a28abf838cc3ec7/html5/thumbnails/9.jpg)
9
The New Virtualized Data Center
Host System Host System Host System
HypervisorHypervisor Hypervisor
Virtual Network Virtual NetworkVirtual Network
Virtual Servers Virtual Servers
![Page 10: Blue Lane Technologies Best of Breed IPS April 29, 2008 Interop 2008.](https://reader035.fdocuments.us/reader035/viewer/2022062805/5697c0031a28abf838cc3ec7/html5/thumbnails/10.jpg)
NGDC Defense-in-depth Strategy
Secure Physical Servers and Databases
Active
Update
ServerShield
Manager
ServerShield
Secure Virtual Hosts and VMs
VirtualFlow
Center
Servers
ServerShield
Virtual Servers
Database
ServerShield
![Page 11: Blue Lane Technologies Best of Breed IPS April 29, 2008 Interop 2008.](https://reader035.fdocuments.us/reader035/viewer/2022062805/5697c0031a28abf838cc3ec7/html5/thumbnails/11.jpg)
Comprehensive Coverage for Servers/VMs
DBMS 7, 8, 9, 10g
5.0, 5.5, 2003,2007
IIS v1-v6
7, 8 9, 10 EL 2, 3, 4, 5
Technology Partners:
EMGC PARTNER
BIND
8, 9 10
Application Server
Operating Systems:Network & Core Services
Database Servers:
Email Servers:
Application Servers:
Other Applications:
WebSphere IHS
ProFTP
![Page 12: Blue Lane Technologies Best of Breed IPS April 29, 2008 Interop 2008.](https://reader035.fdocuments.us/reader035/viewer/2022062805/5697c0031a28abf838cc3ec7/html5/thumbnails/12.jpg)
For more information:For more information:
Thank you.Thank you.
www.bluelane.comwww.bluelane.com