Protect private virtualized networks from advanced persistent threats and malware
IBM Security Network Protection Virtual Trial
Try a full-featured no-charge version of XGS
IBM Security Network Protection for VMware is a virtual appliance solution that provides the same protection against attacks that a physical appliance provides in legacy physical networks. It’s the virtual version of the IBM Security Network Protection appliance, which is built on the same time-tested security of the IBM Security intrusion prevention portfolio.
IBM Security Network Protection, whether for physical or virtual networks, offers the following benefits:
- Visibility into the network, including applications used, websites accessed and actions being performed
- Granular control, including actions within particular web and non-web applications
- Protection against threats to web applications, including SQL injection and cross-site scripting attacks
- IBM Ahead of the Threat® protection backed by IBM X-Force® research
- Protection for systems prior to being patched with IBM Virtual Patch® technology
IBM Security Network Protection for VMware includes visibility and control features that significantly increase the ability to mitigate attacks that are focused on users and make it possible to reduce activities that users may not know are putting them at risk.
- Deep packet inspection—Analyze hundreds of protocols and file formats to fully classify network traffic, regardless of address, port or protocol.
- SSL visibility—Identify inbound and outbound traffic threats, even making it possible to detect attacks that are trying to hide within encrypted sessions. This is critical today because most applications are deployed with SSL encryption, and visibility into the encrypted traffic is limited.
- Identity and application awareness—Associate users and groups with their network activity, application usage and actions. Based on this information, policies can be created to reduce risk, such as policies that granularly control access to sites that may provide a potential delivery mechanism for phishing and malware.
These capabilities reflect a fundamental difference between the IBM approach to threat protection and that of other security solution providers. IBM Security Network Protection for VMware protects the vulnerabilities in virtual network traffic, staying ahead of the threat with preemptive protection—rather than waiting until a threat is present and blocking the exploit.
Using a variety of sophisticated technologies, IBM Security Network Protection for VMware blocks a tremendous range of threats on virtual networks, including:
- Traffic-based threats—protocol anomalies, protocol tunneling, RFC noncompliance and obfuscation techniques
- System and service-level attacks—exploits of unpatched vulnerabilities, code injection, buffer overflows and denial-of-service (DoS) tactics
- Web application exploits—cross-site scripting, SQL injection, cross-site request forgery and cross-path injection attacks
- Compromised users—spear phishing, drive-by downloads, malicious attachments and malware links
- Risky applications—social media, file sharing, remote access and audio/video transmission
The IBM solution uses behavior-based detection techniques to block zero-day attacks, mutations and other threats that target previously unknown vulnerabilities. These techniques include:
- Vulnerability decodes—focused algorithms for mutating threats
- Web injection logic—patented protection against web attacks
- Content analysis—file and document inspection and anomaly detection
- Application-layer heuristics—proprietary algorithms to block malicious use
- Shellcode heuristics—behavioral protection to block exploit payloads
- Protocol anomaly detection—protection against misuse, unknown vulnerabilities and tunneling across multiple protocols