ibm_datasheet_enterprise_scanner
DESCRIPTION
De IBM Proventia Enterprise Scanner gives you insights in indentity risks and how to prioritize protection.TRANSCRIPT
Protecting corporate data with preemptive risk identification
IBM Proventia Network Enterprise Scanner
Identifying risk and prioritizing protection
IBM Proventia® Network Enterprise Scanner*
(Enterprise Scanner) is designed to ensure the
availability of your revenue-producing services
and to protect your corporate data by identify-
ing where risk exists, prioritizing and assigning
protection activities and reporting on results.
Benefits
• Reducerisktoyournetwork’suptime,band-
widthandcriticalsystemswithEnterprise
Scanner’svulnerabilitymanagementand
protection capabilities.
• Freeupresourcesbyautomatingthescan-
ning process.
• Leverageyourexistinginfrastructurecompo-
nents:EnterpriseScannerprovidesseamless
integration with Microsoft® Active Directory, asset
managementdatabasesandworkflowsystems.
• Virtuallyeliminateduplicatedeffort:Information
canbestoredonceandsharedamongsystems.
• Reduceemergencypatchingandfollownormal
change-controlprocesses:IBMVirtualPatch®
technologyhelpsprotectat-risksystemsand
segmentsbeforethevendor-suppliedpatch
is available.
• SupportregulatorycompliancewithEnterprise
Scanner’ssupersetofaudittoolstakenfrom
theauditors’preferredtool,IBMInternet
Scanner® software.
Features and capabilities
Specifications
• Identifies2,691assettypesout-of-the-box,includingdesktops,
servers,routers,switches,applicationsandoperatingsystems
• Identifiesnewlyconnecteddevicesandpreviouslyundis-
covered assets on the network
• Assignsorallowsresponsibilitytobeassignedto
specificassetstomeetcorporategovernanceand
traceability standards
• Iscapableofpassive/activeassetidentificationwiththe
inclusionoftheIBMProventiaNetworkAnomalyDetection
System(ADS)
Multisource discovery
• Activediscoveryscan
• ActiveDirectoryimport
• Intrusionpreventionsystem(IPS)-baseddiscovery
• ProventiaNetworkADSdiscovery
• Assetdatabaseimport
• Manualinput
• Customservicediscovery
–User-defined
Asset identification techniques
• Pingsweep
• UserDatagramProtocol(UDP)probe
• Assetfingerprinting
• Rapiddiscovery
• NetBIOS-baseddiscovery
• TransferControlProtocol(TCP)discovery
• UDPportdiscovery
• Operatingsystem(OS)fingerprinting
• Applicationfingerprinting
• IntegratedNetworkedMessagingApplicationProtocol
(NMAP) 4.0 database
Network services identified
–2,691
Asset classification
• Hierarchicalgroupstructurethatmirrorsyourorganizational
structure, providing context for both scanning and reporting
• ActiveDirectoryimportandmirroring
• Assetdatabaseimport
• Geographical,organizational,topologicalorsystem-
levelclassification
Vulnerability assessment
• Discovery-basedassessment
– Efficient,high-performancevulnerabilityassessment
• Scriptedassessment
– Allows for new content without updating product binaries
– Providessmallercontentupdates(IBMX-PressUpdate™
productenhancements)
– Supportsfastertimetomarketwithsecuritycontent
• Attackemulation
– Performsspecifictestsinanonimpactingmanner(pos-
ing no danger to your network) to analyze the effects of
a real attack
• RenownedvulnerabilitydatabasebytheIBMInternetSecurity
Systems™(ISS)X-Force®researchanddevelopmentteam
recognizesvulnerabilitiesandprogrammaticerrorsthat
couldcompromiseanasset
• Hostcriticality-prioritizedscanning
Security content updates featuring Virtual Patch technology
• Preemptive,ahead-of-the-threatcoverage,poweredby
X-Forcevulnerability-basedresearch
Spyware scanning
– Detects existence of spyware
Trust X-Force option
– Automaticallydetectsnewvulnerabilitiesbasedon
X-Forceexpertrecommendations
Scan windows
• Automatedscanningduringopenscanwindows
• Auto-pause/auto-resume—automaticscansuspension
uponclosureofscanwindows;resumeswhenthescan
window reopens
• Scan-windowconfigurationthat’sdesignedforeaseofuse
• Configurablerefreshperiodrefreshesdataautomatically
during open scan window, helping to ensure up-to-date
vulnerabilityinformation
• Group-orientedscanwindows
Workflow
• Vulnerabilityprioritization
• Internalticketingsystem
• Remedyintegration
• Openapplicationprogramminginterface(API),supporting
otherticketingsystems
• Ownershipassignmentandtracking
• Activityloggingandtracking
• Traditionalpatch-and-protectremediation
• VirtualPatchtechnology,incombinationwiththeIBM
ProventiaNetworkIntrusionPreventionSystem(IPS)portfolio
• Automaticresolutionvalidation
• Multiplevulnerabilitiesperticket
• Statusmonitoringandtracking(eightlevels)
Scan and block protection
• Vulnerabilityprotectionwithoutdeploymentofavendor-
suppliedpatchwhencombinedwithIBMProventia
Network IPS
• TurnkeyintegrationwithProventiaNetworkIPSthroughthe
IBMProventiaManagementSiteProtector™system
• Detectsvulnerabilitiesandidentifiescorrespondingblock-
ingalgorithmswithintheProventiaNetworkIPSportfolio
• Unifiedmanagementthatprovideseasyconfigurationof
IPS devices for discovered vulnerabilities
Reporting
• Reportsthatillustrateinformationinthecontextofyour
organization:
– Groupandreportonriskinapplicablebusinesscontext
usingamirrorofyourorganization
– Groupandreportbygeography,networklayout,business
systemoranyotherusefulgroupingofassets
– Reportrisktotherightpeopleattherighttime—
quicklycompareriskofdifferentbusinessunits,
systemsorgeographies
• Flexibleview-basedanalysiswithmorethan1,800reports
• Enterprise-levelmultiscan,multiscannerreports
• Preconfiguredreporttemplates
• ExportablereportstoPDF,CSV,HTML
• Schedule-drivenreports
• Web-accessiblereports
• FastAnalysisreports
• Extensivefiltering
Automation
• Virtuallyeliminatesmanualsteps,savingtimeandmoney
• Automaticandcontinuousscanning
• Scanprioritization
• Scanteams(multiplescannersworkingasone)
• X-PressUpdateenhancementsofvulnerabilityinformation
• Assetclassificationandgrouping
Easy-to-install appliance based on Linux ® management
• CentrallymanagedbySiteProtectorsystem—award-winning
managementsystemandthesecurityindustry’sonlyplatform
designed to unify the protection of network, server and desk-
top assets
• Emergencyscans—providingquick,adhocscansofyour
network on request
• Automatedsecurityintelligenceupdatesonthenewest
electronic threats
– X-PressUpdateproductenhancementsdeliveredbythe
globallyrespectedX-Forceresearchanddevelopmentteam
User interface options
• SiteProtectorsystemcentralizedmanagementinterface
• Web-basedProventiamanagerlocalmanagementinterface
SiteProtector system
– Centralizedcommand,reportingandanalysisforEnterprise
Scanner and all IBM ISS products
– User auditing
– Flexibleeventanalysis
Proventia manager
• Web-basedlocalmanagementinterface(LMI)
• Deviceconfiguration,establishmentofSiteProtectorcom-
municationslink
Device health monitoring
• SiteProtectorsystemcentralizedmanagementinterface
• Web-basedlocalmanagementinterface
Asset-based management
• Asset-centricassessmentpoliciesassociatedwithassets
rather than with scanner
• Scanpolicy—asset-basedscanpolicyallowspolicy
association with assets or groups of assets rather than with
scanners, allowing context-sensitive scanning
• Assessmentrefreshcycles
• Scanwindows
• AssessmentcredentialsforMicrosoftWindows® and Secure
Shell(SSH)technology
• Assessmentpolicy
• Discoverypolicy/scanexclusions
Correlation
• SupportsIBMSecurityFusion™module
• SiteProtectorFastAnalysisandcentralizedcorrelation
Independent discovery and assessment
• Separatepolicies
• Separatescanwindows
• Separaterefreshperiods
World-class support
• 24x7support,includingplatformupdates
Hardware specifications
Model Enterprise Scanner 1500 Enterprise Scanner 750
Physical characteristicsFormfactor 1-RU Desktop
DxWxH 429mmDx382mmWx44mmH16.9"Dx15.0"Wx1.73"H
177mmDx250mmWx39mmH6.9"Dx9.8"Wx1.5"H
Weight Gross11.1kg(24.47lb) Net:6.5kg(14.33lb)
1.2kg(2.6lb)
Emissions FCCClassA FCCClassA
Certifications CE/FCC/UL/cUL CE/FCC/UL/cUL
PowerPower supply unit Full-range250-wattPSU
auto-switching65-wattPSU,100–240voltsAC,47–63Hz
Operating environmentTemperature Temp:5°C–35°C(41°F–95°F)for
P43.0–3.4GHzprocessorsTemp:0°C–40°C(32°F–104°F)
Humidity 20%–90%relative 20%–90%relative
Storage environmentTemperature -20°C–70°C(-4°F–158°F) -20°C–70°C(-4°F–158°F)
PortsScan ports Five32-bitgigabitPCI-ExpressEthernetports
(one active, four reserved for future use) One10/100/1,000PCIEthernetport
Management One32-bitgigabitEthernetport One32-bitgigabitEthernetport
Console Serial port one – front-accessible RJ-45connector
Serialportone–front-accessibleRJ-45connector
USB TwoUSB2.0/frontaccessible TwoUSB2.0/rearaccessible
Front panelLCDdisplay LCDpanel2x16characters
LCDmodulewithfourbuttons
(reserved for future use)
N/A
Discovery performance specifications
Enterprise Scanner 1500
Discovery 2,600-3,000IPsperhour
Assessment 700-800assetsperhour
Enterprise Scanner 750
Discovery 2,400-2,800IPsperhour
Assessment 200-250assetsperhour
Performance figures based on Firmware 1.3 with XPU 1.21 default policies on several different sized networks. Discovery speeds can be 2x to 3x faster on much smaller networks (50-500) hosts due to the low number of time-outs.
Scan-team performance gains
Performance features
• DynamiccheckassignmenttoidentifyandrunOS-specific
checks
• Loadbalancing(teaming)amongmultiplescanners
Scan-time work distribution
• Abilitytoaddascanneratalocation,toautomaticallyand
transparently load balance
• Perspective-basedloadbalancing
Distributed scanning
• Performanceoptimizationbyaddingmultiplescannersin
multiplenetworklocations
• Multiplescannerscolocatedtoloadbalance
For more information
Proventia Network Enterprise Scanner is also an integral part
ofIBMManagedSecurityServices,includingIBMVulnerability
ManagementService,andIBMProfessionalSecurityServices.
IBMManagedSecurityServicesprovides24x7x365expert
monitoringandprotectionforafractionofthecostoftraining
Scan team performance gains
Scan team Percent reduction from base
Discovery Assessment Timeeffect
Onescanner 0 percent 0 percent (base)1hour
Twoscanners 45percent 45percent 35minutes
Threescanners 60percent 60percent 24minutes
Fourscanners 70percent 70percent 18minutes
Fivescanners 75percent 75percent 15minutes
Six scanners 80percent 80percent 12minutes
andmaintaininganin-housesecuritystaff.Discoverhow
EnterpriseScannercanprotectyourbusinessfromInternet
threats.Besuretoaskifyourcompanyqualifiesfora30-day
evaluation.Foranonsitedemonstration,contacttheIBMISSoffice
nearestyou.Forlocationsandmoreproductinformation,visit:
ibm.com/services/us/iss
©CopyrightIBMCorporation2008
IBMGlobalServices Route100 Somers,NY10589 U.S.A.
ProducedintheUnitedStatesofAmerica 02-08 AllRightsReserved
IBM, the IBM logo, Internet Scanner, Internet SecuritySystems,Proventia,SecurityFusion,SiteProtector, VirtualPatch,X-ForceandX-PressUpdatearetrademarksorregisteredtrademarksofInternationalBusinessMachinesCorporationin the United States, other countries, or both.
LinuxisaregisteredtrademarkofLinusTorvaldsintheUnitedStates,othercountries, or both.
MicrosoftandWindowsaretrademarksofMicrosoftCorporationintheUnitedStates,other countries, or both.
Othercompany,productandservicenamesmaybetrademarksorservicemarksofothers.
ReferencesinthispublicationtoIBMproductsorservicesdonotimplythatIBMintendstomakethemavailableinallcountries in which IBM operates.
Allperformancedatacontainedinthispublication was obtained in the specific operatingenvironmentandundertheconditions described above and is presentedasanillustration.Performanceobtainedinotheroperatingenvironmentsmayvaryandcustomersshouldconducttheir own testing.
* U.S.PatentNo.7,093,239
GTD01130-USEN-01