This post covers the IBM Red Paper: Addressing Emerging Threats and Targeted Attacks with IBM Security Network Protection (redp4826).
The book is about addressing new kinds of network threats such as advanced persistent threats (APTs), stealth bots, targeted application attacks, and designer malware. For an up-to-date understanding of the threat landscape the reader is referred to the IBM X-Force Trend and Risk Report. These new threats are being addressed by incorporating best-of-breed intrusion prevention, application visibility and control, IP reputation, and SSL inspection into one solution, and integrating this solution with security intelligence.
The protocol-aware Protocol Analysis Module (PAM) engine provides in-depth security and protection by analyzing every packet that traverses the IBM Security Network Protection solution. The engine can process low-level protocols, such as the Internet Protocol (IP), to detect and block attacks at this level (such as denial of service attacks). PAM can perform a deep analysis of data that is transferred by high-level protocols, such as Hypertext Transfer Protocol (HTTP), File Transfer Protocol (FTP), and Remote Procedure Calls (RPCs).
The following core components are features of the PAM:
- IBM Virtual Patch® technology: Shields vulnerabilities from exploitation, independent of a software patch.
- Client-side application protection: Protects users against attacks that target applications that are used everyday, such as attacks that are embedded in Microsoft Office files, Adobe PDF files, and multimedia files.
- Web application protection: Provides protection against sophisticated web application attacks, such as SQL injection, cross-site scripting (XSS), and cross-site request forgery (CSRF).
- Advanced threat detection and prevention: Provides advanced intrusion prevention,including protection against potential zero-day attacks.
- Data security: Provides monitoring and identification of personally identifiable information (PII) and other confidential data over both unencrypted traffic and SSL encrypted traffic if SSL inspection is enabled.