Service detail
Scenario... You believe your DMZ is under attack from an extremist who disagrees with your business philosophy. You want to begin to gather an audit trail showing attempted intrusions with the ability to respond in real time but you don’t have the infrastructure to do this. What can you do?
Highlights
 |  | | Provide the extra margin of safety needed for those who conduct transactions or place sensitive information on the Internet |
| | | Alert you to denial-of-service attacks |
| | | Provide immediate response to events for controlled reaction |
Using state-of-the-art intrusion detection tools from Symantec/AXENT, Cisco, and ISS, IBM intrusion detection services monitors your networks around the clock. Our trained professionals at IBM’s Security Operations Center monitor, investigate and alert our security professionals when suspicious activity occurs. We will work closely with your security team to define and coordinate appropriate responses for accurate and efficient handling of any incident.
| Network intrusion detection |
Appropriate precautions, a well-designed security policy and sound network monitoring strategies are the most important ways you can protect against unwanted Internet intrusions. But no technology or plan is absolutely foolproof. That’s why it’s equally important to know that IBM offers network intrusion detection for immediate detection of unauthorised access to your systems.
When network intrusion detection identifies suspicious activity, it immediately alerts IBM security experts who analyze the information and, if necessary, notify you while initiating a response. With network intrusion detection, you can know about potential intrusions as they are happening, instead of finding out about them after the damage to your systems or security has already occurred.
Network intrusion detection centrally monitors network security in real time, allowing IBM to detect and respond to unwanted network intrusions while they are happening. The intrusion detection and monitoring services may be provided using customer-owned hardware or hardware provided by IBM to:
- Provide the extra margin of safety needed for those who conduct transactions or place sensitive information on the Internet
- Alert the location to denial-of-service attacks
- Provide immediate response to events for controlled reaction
When host intrusion detection identifies suspicious activity, it immediately alerts IBM security experts who analyze the information, and, if necessary, notify you while initiating a response. With host intrusion detection, you can know about potential intrusions as they are happening, instead of finding out about them after the damage to your systems or security has already occurred.
Host intrusion detection centrally monitors network security in real time, allowing IBM to detect and respond to unwanted host intrusions while they are happening. The intrusion detection and monitoring services may be provided using customer-owned software or software provided by IBM to:
- Provide the extra margin of safety needed for those who conduct transactions or place sensitive information on the Internet
- Alert the location to denial-of-service attacks
- Provide immediate response to events for controlled reaction
| Wireless intrusion detection |
Wireless networks are becoming more pervasive for several reasons. The physical constraints (i.e. wiring) of traditional networks are removed. The mobility of networked user increases as well as the initial network deployment costs decrease. Traditional methods of designing and securing networks are ineffective in wireless environments. Therefore, a new method of intrusion detection is required.
Wireless networks, access points, devices, and client interfaces are very inexpensive and simple to install as well as use. It is difficult to secure the communication over the wireless network as most security enhancements are not active by default and can still be compromised when enabled. Any employee or admin can bring in an access point and create their own unofficial network. Attackers and war-drivers will scan for wireless network activity and vulnerabilities from cars or neighboring buildings. Improperly configured WLANS from one company will freely communicate with other neighboring WLANS from companies physically close by. Internal attackers can setup rogue wireless access points to listen in on communications and perform man-in-the-middle attacks. As a result it is difficult for Information Technology departments to control and secure Wireless LANs.
IBM can help you with these wireless risks. As part of our Managed Security Services, Wireless Intrusion Detection Offering, IBM will review your WLAN topology as well as the physical layout of your building or office space and assist you with proper deployment of wireless intrusion detection sensors. IBM has the capability to provide this support remotely or at your location. Once the sensors are in place around your wireless environment, IBM will monitor in real time for wireless intrusions 24 hours a day, 7 days a week with personnel skilled in Internet security and Intrusion detection from our Security Operations Centers. We will notify you of intrusion attempts or suspicious activity via an agreed to escalation process. IBM will provide you with a daily report detailing events and alarms and can review report data and events with you on an optional conference call. To provide a comprehensive, end to end solution for our customers IBM also provides ongoing management, administration, updates and tuning of the wireless sensors.
