Protecting corporate data with preemptive risk identification

IBM Proventia Network Enterprise Scanner

Identifying risk and prioritizing protection

IBM Proventia® Network Enterprise Scanner*

(Enterprise Scanner) is designed to ensure the

availability of your revenue-producing services

and to protect your corporate data by identify-

ing where risk exists, prioritizing and assigning

protection activities and reporting on results.

Benefits

• Reducerisktoyournetwork’suptime,band-

widthandcriticalsystemswithEnterprise

Scanner’svulnerabilitymanagementand

protection capabilities.

• Freeupresourcesbyautomatingthescan-

ning process.

• Leverageyourexistinginfrastructurecompo-

nents:EnterpriseScannerprovidesseamless

integration with Microsoft® Active Directory, asset

managementdatabasesandworkflowsystems.

• Virtuallyeliminateduplicatedeffort:Information

canbestoredonceandsharedamongsystems.

• Reduceemergencypatchingandfollownormal

change-controlprocesses:IBMVirtualPatch®

technologyhelpsprotectat-risksystemsand

segmentsbeforethevendor-suppliedpatch

is available.

• SupportregulatorycompliancewithEnterprise

Scanner’ssupersetofaudittoolstakenfrom

theauditors’preferredtool,IBMInternet

Scanner® software.

Features and capabilities

Specifications

• Identifies2,691assettypesout-of-the-box,includingdesktops,

servers,routers,switches,applicationsandoperatingsystems

• Identifiesnewlyconnecteddevicesandpreviouslyundis-

covered assets on the network

• Assignsorallowsresponsibilitytobeassignedto

specificassetstomeetcorporategovernanceand

traceability standards

• Iscapableofpassive/activeassetidentificationwiththe

inclusionoftheIBMProventiaNetworkAnomalyDetection

System(ADS)

Multisource discovery

• Activediscoveryscan

• ActiveDirectoryimport

• Intrusionpreventionsystem(IPS)-baseddiscovery

• ProventiaNetworkADSdiscovery

• Assetdatabaseimport

• Manualinput

• Customservicediscovery

–User-defined

Asset identification techniques

• Pingsweep

• UserDatagramProtocol(UDP)probe

• Assetfingerprinting

• Rapiddiscovery

• NetBIOS-baseddiscovery

• TransferControlProtocol(TCP)discovery

• UDPportdiscovery

• Operatingsystem(OS)fingerprinting

• Applicationfingerprinting

• IntegratedNetworkedMessagingApplicationProtocol

(NMAP) 4.0 database

Network services identified

–2,691

Asset classification

• Hierarchicalgroupstructurethatmirrorsyourorganizational

structure, providing context for both scanning and reporting

• ActiveDirectoryimportandmirroring

• Assetdatabaseimport

• Geographical,organizational,topologicalorsystem-

levelclassification

Vulnerability assessment

• Discovery-basedassessment

– Efficient,high-performancevulnerabilityassessment

• Scriptedassessment

– Allows for new content without updating product binaries

– Providessmallercontentupdates(IBMX-PressUpdate™

productenhancements)

– Supportsfastertimetomarketwithsecuritycontent

• Attackemulation

– Performsspecifictestsinanonimpactingmanner(pos-

ing no danger to your network) to analyze the effects of

a real attack

• RenownedvulnerabilitydatabasebytheIBMInternetSecurity

Systems™(ISS)X-Force®researchanddevelopmentteam

recognizesvulnerabilitiesandprogrammaticerrorsthat

couldcompromiseanasset

• Hostcriticality-prioritizedscanning

Security content updates featuring Virtual Patch technology

• Preemptive,ahead-of-the-threatcoverage,poweredby

X-Forcevulnerability-basedresearch

Spyware scanning

– Detects existence of spyware

Trust X-Force option

– Automaticallydetectsnewvulnerabilitiesbasedon

X-Forceexpertrecommendations

Scan windows

• Automatedscanningduringopenscanwindows

• Auto-pause/auto-resume—automaticscansuspension

uponclosureofscanwindows;resumeswhenthescan

window reopens

• Scan-windowconfigurationthat’sdesignedforeaseofuse

• Configurablerefreshperiodrefreshesdataautomatically

during open scan window, helping to ensure up-to-date

vulnerabilityinformation

• Group-orientedscanwindows

Workflow

• Vulnerabilityprioritization

• Internalticketingsystem

• Remedyintegration

• Openapplicationprogramminginterface(API),supporting

otherticketingsystems

• Ownershipassignmentandtracking

• Activityloggingandtracking

• Traditionalpatch-and-protectremediation

• VirtualPatchtechnology,incombinationwiththeIBM

ProventiaNetworkIntrusionPreventionSystem(IPS)portfolio

• Automaticresolutionvalidation

• Multiplevulnerabilitiesperticket

• Statusmonitoringandtracking(eightlevels)

Scan and block protection

• Vulnerabilityprotectionwithoutdeploymentofavendor-

suppliedpatchwhencombinedwithIBMProventia

Network IPS

• TurnkeyintegrationwithProventiaNetworkIPSthroughthe

IBMProventiaManagementSiteProtector™system

• Detectsvulnerabilitiesandidentifiescorrespondingblock-

ingalgorithmswithintheProventiaNetworkIPSportfolio

• Unifiedmanagementthatprovideseasyconfigurationof

IPS devices for discovered vulnerabilities

Reporting

• Reportsthatillustrateinformationinthecontextofyour

organization:

– Groupandreportonriskinapplicablebusinesscontext

usingamirrorofyourorganization

– Groupandreportbygeography,networklayout,business

systemoranyotherusefulgroupingofassets

– Reportrisktotherightpeopleattherighttime—

quicklycompareriskofdifferentbusinessunits,

systemsorgeographies

• Flexibleview-basedanalysiswithmorethan1,800reports

• Enterprise-levelmultiscan,multiscannerreports

• Preconfiguredreporttemplates

• ExportablereportstoPDF,CSV,HTML

• Schedule-drivenreports

• Web-accessiblereports

• FastAnalysisreports

• Extensivefiltering

Automation

• Virtuallyeliminatesmanualsteps,savingtimeandmoney

• Automaticandcontinuousscanning

• Scanprioritization

• Scanteams(multiplescannersworkingasone)

• X-PressUpdateenhancementsofvulnerabilityinformation

• Assetclassificationandgrouping

Easy-to-install appliance based on Linux ® management

• CentrallymanagedbySiteProtectorsystem—award-winning

managementsystemandthesecurityindustry’sonlyplatform

designed to unify the protection of network, server and desk-

top assets

• Emergencyscans—providingquick,adhocscansofyour

network on request

• Automatedsecurityintelligenceupdatesonthenewest

electronic threats

– X-PressUpdateproductenhancementsdeliveredbythe

globallyrespectedX-Forceresearchanddevelopmentteam

User interface options

• SiteProtectorsystemcentralizedmanagementinterface

• Web-basedProventiamanagerlocalmanagementinterface

SiteProtector system

– Centralizedcommand,reportingandanalysisforEnterprise

Scanner and all IBM ISS products

– User auditing

– Flexibleeventanalysis

Proventia manager

• Web-basedlocalmanagementinterface(LMI)

• Deviceconfiguration,establishmentofSiteProtectorcom-

municationslink

Device health monitoring

• SiteProtectorsystemcentralizedmanagementinterface

• Web-basedlocalmanagementinterface

Asset-based management

• Asset-centricassessmentpoliciesassociatedwithassets

rather than with scanner

• Scanpolicy—asset-basedscanpolicyallowspolicy

association with assets or groups of assets rather than with

scanners, allowing context-sensitive scanning

• Assessmentrefreshcycles

• Scanwindows

• AssessmentcredentialsforMicrosoftWindows® and Secure

Shell(SSH)technology

• Assessmentpolicy

• Discoverypolicy/scanexclusions

Correlation

• SupportsIBMSecurityFusion™module

• SiteProtectorFastAnalysisandcentralizedcorrelation

Independent discovery and assessment

• Separatepolicies

• Separatescanwindows

• Separaterefreshperiods

World-class support

• 24x7support,includingplatformupdates

Hardware specifications

Model Enterprise Scanner 1500 Enterprise Scanner 750

Physical characteristicsFormfactor 1-RU Desktop

DxWxH 429mmDx382mmWx44mmH16.9"Dx15.0"Wx1.73"H

177mmDx250mmWx39mmH6.9"Dx9.8"Wx1.5"H

Weight Gross11.1kg(24.47lb) Net:6.5kg(14.33lb)

1.2kg(2.6lb)

Emissions FCCClassA FCCClassA

Certifications CE/FCC/UL/cUL CE/FCC/UL/cUL

PowerPower supply unit Full-range250-wattPSU

auto-switching65-wattPSU,100–240voltsAC,47–63Hz

Operating environmentTemperature Temp:5°C–35°C(41°F–95°F)for

P43.0–3.4GHzprocessorsTemp:0°C–40°C(32°F–104°F)

Humidity 20%–90%relative 20%–90%relative

Storage environmentTemperature -20°C–70°C(-4°F–158°F) -20°C–70°C(-4°F–158°F)

PortsScan ports Five32-bitgigabitPCI-ExpressEthernetports

(one active, four reserved for future use) One10/100/1,000PCIEthernetport

Management One32-bitgigabitEthernetport One32-bitgigabitEthernetport

Console Serial port one – front-accessible RJ-45connector

Serialportone–front-accessibleRJ-45connector

USB TwoUSB2.0/frontaccessible TwoUSB2.0/rearaccessible

Front panelLCDdisplay LCDpanel2x16characters

LCDmodulewithfourbuttons

(reserved for future use)

N/A

Discovery performance specifications

Enterprise Scanner 1500

Discovery 2,600-3,000IPsperhour

Assessment 700-800assetsperhour

Enterprise Scanner 750

Discovery 2,400-2,800IPsperhour

Assessment 200-250assetsperhour

Performance figures based on Firmware 1.3 with XPU 1.21 default policies on several different sized networks. Discovery speeds can be 2x to 3x faster on much smaller networks (50-500) hosts due to the low number of time-outs.

Scan-team performance gains

Performance features

• DynamiccheckassignmenttoidentifyandrunOS-specific

checks

• Loadbalancing(teaming)amongmultiplescanners

Scan-time work distribution

• Abilitytoaddascanneratalocation,toautomaticallyand

transparently load balance

• Perspective-basedloadbalancing

Distributed scanning

• Performanceoptimizationbyaddingmultiplescannersin

multiplenetworklocations

• Multiplescannerscolocatedtoloadbalance

For more information

Proventia Network Enterprise Scanner is also an integral part

ofIBMManagedSecurityServices,includingIBMVulnerability

ManagementService,andIBMProfessionalSecurityServices.

IBMManagedSecurityServicesprovides24x7x365expert

monitoringandprotectionforafractionofthecostoftraining

Scan team performance gains

Scan team Percent reduction from base

Discovery Assessment Timeeffect

Onescanner 0 percent 0 percent (base)1hour

Twoscanners 45percent 45percent 35minutes

Threescanners 60percent 60percent 24minutes

Fourscanners 70percent 70percent 18minutes

Fivescanners 75percent 75percent 15minutes

Six scanners 80percent 80percent 12minutes

andmaintaininganin-housesecuritystaff.Discoverhow

EnterpriseScannercanprotectyourbusinessfromInternet

threats.Besuretoaskifyourcompanyqualifiesfora30-day

evaluation.Foranonsitedemonstration,contacttheIBMISSoffice

nearestyou.Forlocationsandmoreproductinformation,visit:

ibm.com/services/us/iss

©CopyrightIBMCorporation2008

IBMGlobalServices Route100 Somers,NY10589 U.S.A.

ProducedintheUnitedStatesofAmerica 02-08 AllRightsReserved

IBM, the IBM logo, Internet Scanner, Internet SecuritySystems,Proventia,SecurityFusion,SiteProtector, VirtualPatch,X-ForceandX-PressUpdatearetrademarksorregisteredtrademarksofInternationalBusinessMachinesCorporationin the United States, other countries, or both.

LinuxisaregisteredtrademarkofLinusTorvaldsintheUnitedStates,othercountries, or both.

MicrosoftandWindowsaretrademarksofMicrosoftCorporationintheUnitedStates,other countries, or both.

Othercompany,productandservicenamesmaybetrademarksorservicemarksofothers.

ReferencesinthispublicationtoIBMproductsorservicesdonotimplythatIBMintendstomakethemavailableinallcountries in which IBM operates.

Allperformancedatacontainedinthispublication was obtained in the specific operatingenvironmentandundertheconditions described above and is presentedasanillustration.Performanceobtainedinotheroperatingenvironmentsmayvaryandcustomersshouldconducttheir own testing.

* U.S.PatentNo.7,093,239

GTD01130-USEN-01