Blue Lane TechnologiesBlue Lane TechnologiesBest of Breed IPSBest of Breed IPSBlue Lane TechnologiesBlue Lane TechnologiesBest of Breed IPSBest of Breed IPS

April 29, 2008

Interop 2008Interop 2008

Network IPS Architecture Needs to Evolve

Current IPS Architecture Deep packet inspection Exploit-centric Static signatures Block Custom HW Physical Monolith

Next Gen Architecture L7 Protocol decoding Vulnerability-centric Dynamic logic Protect Multi-core SW Virtual + physical Distributed

Key drivers:- Data center server & network consolidation- Virtualization- Signature explosion

Blue Lane’s Layer 7 Architecture

100% ProtectionResilient against sophisticatedattacks against all major server

OS, app, database vulnerabilities.Proactive policies for app control.

100%Accuracy

No signatures,tuning, false alarms

and/or securityvs. availability

tradeoffs.

100%VisibilityFlows visible by

server, VM, cluster,data center, OS,application, patch

status.

Low OverheadLow Latency, low CPU usage, small

footprint and minimal oversightrequired for both physicaland virtual data centers.

Comprehensive Protocol / Vulnerability Intelligence

• 130+ protocols and services decoded• Hundreds of vulnerabilities protected across dozens of applications/OSs

Accurate, Granular Enforcement

● Detection and Correction with no false positives● Appropriate Response based on protocol, vulnerability and policy● Controlled code execution (no session reset)

This attack is attempting to exploit MS06-019 by sending two CDO-MODPROPS sections in the Vcalendar message, with the second larger then the first. The Exchange / SMTP server allocates buffer space based on the first section, but processes the second if it is present resulting in a buffer overflow.

By understanding the protocols and vulnerabilities, Blue Lane stops the attack by removing the second CDO-MODPROPS section and adjusting the packet headers to reflect the new packet size.

Controlled Code Execution

Buffer Overflow Attack

Blue Lane

Superior Vulnerability Protection

• Comprehensive coverage of data center vulnerabilities• Comprehensive knowledge of leading protocols• No signatures, tuning, or guesswork

Total vuln’s:

8215Apache

260VMware

1373Linux

643Solaris

42039Oracle

198147Microsoft

Blue LaneLeading IPS

911209

OperationalFeasibility- Resources- Expertise- Server availability- Server touches- Application testing- Tuning complexity

- Handling offline VMs, snapshots, VM sprawl

Security Effectiveness- Accurate detection- Vulnerability correction- Resiliency against evasion- Mobile VMs, tainted VMs

VLAN

NIPSIDS

Firewall

NIPS

Blue Lane

Why current solutions fall short

PatchHIPS

The Data Center Security Payoff

• Defense in depth for servers, VMs, next gen data centers

Operational ease (tuning, etc)

Application control policy

Virtualization readiness

Resilience to IPS evasion

Non-disruptive protection

Accurate vulnerability detection

Server, database, app coverage

Blue LaneIPSSecurity Requirements

Anomaly detection

Port scans, DOS, A/V

FirewallIPS

9

The New Virtualized Data Center

Host System Host System Host System

HypervisorHypervisor Hypervisor

Virtual Network Virtual NetworkVirtual Network

Virtual Servers Virtual Servers

NGDC Defense-in-depth Strategy

Secure Physical Servers and Databases

Active

Update

ServerShield

Manager

ServerShield

Secure Virtual Hosts and VMs

VirtualFlow

Center

Servers

ServerShield

Virtual Servers

Database

ServerShield

Comprehensive Coverage for Servers/VMs

DBMS 7, 8, 9, 10g

5.0, 5.5, 2003,2007

IIS v1-v6

7, 8 9, 10 EL 2, 3, 4, 5

Technology Partners:

EMGC PARTNER

BIND

8, 9 10

Application Server

Operating Systems:Network & Core Services

Database Servers:

Email Servers:

Application Servers:

Other Applications:

WebSphere IHS

ProFTP

For more information:For more information:

Thank you.Thank you.

www.bluelane.comwww.bluelane.com