HACK is the term when spoken by anyone, people get afraid of, as it relates to some terror attack. To answer, YES it is a kind of terror attack, a Cybercrime which happens everywhere in the world and the impact of it one cannot imagine in worst of his/her nightmares. If someone says you that your device (PC, Laptop, Smartphones,etc.) has been hacked, people get panic and a question crops up in their mind about every data and application they use and stored on the device, whether it has get compromised ? May be or may be not. Not everything. Compromising any number of devices connected to network and again interconnecting them forms a BOTNET, which is regulated by a group of Black Hat Hackers. A botnet is a collection of compromised computers/hand-held devices connected to the Internet (each compromised device is known as a 'bot'). When a device such as computer is compromised by an attacker, there is often code within the malware that commands it to become part of a botnet. The "botmaster" or "bot herder" controls these compromised computers via standards based network protocols such as IRC and http.
Everyday multiple breaches happens and hundreds of vulnerabilities are reported and some are exploited in wild causing serious repercussions to infrastructure, operations and services due to which sectors such as telecom, banking, government, transportation and many other
industries coming to halt and breakdown, and eventually may shutdown your business. This happens for multiple purposes such as monetary gain, revenge, political matters, nationwide social security, curiosity and many others. An attacker can be a disgruntled employee,
teenagers/students, business competitors, black hat hackers, biased geeks and many more to add on.
In present scenario, more sophisticated attacks have been there which are very complicated to identify. To be secure, defense cannot be the only workout option which every corporation follows in, if you are not aware of or identified the risk associated with your business, making it more vulnerable to both internal and external attacks, thus making your business down at GROUND ZERO level. Every organization utilizes multiple vendor's and third-party software which exposes the surface of attack to such a large number of attacks, out of which a few number of attacks are sufficient enough to bring the whole infrastructure down. Top product vendors like Microsoft, Sony, Oracle, Adobe, Mozilla, Apple, etc. are not only the ones where most of the vulnerabilities are found to be critical enough to open a big window for breach. The third-party and open-source applications share a big amount of bugs which was around 78% in year 2011, reported by top security research teams, includes X-Force having world's largest threats and vulnerabilities research database.
X-Force Research and Development Team's Annual Report for 2011 based on the trend analysis of vulnerabilities cropped up shows the visibility of high number of flaws in software doubled up when compared with those in year 2010, out of which more than half of were highly critical for any kind of attacks to be considered. X-Force Threat Analysis Service study shows that more than half of softwares utilized are vulnerable for any organization and half that are not vulnerable last year may become vulnerable this year. A Billion Dollar Question may come up to every CEO/CTO/CISO mind about creating a Security framework for their business that safeguards and monitors the Network/User/Application activities where each and every application, employee, confidential data and business infrastructure are very well-coupled, interconnected and integrated with each other.
The answer is IBM's ISS.
ISS created a security framework when implemented takes care of every aspect from people to endpoints, which helps an enterprise's business flourish. Products such as Enterprise Scanner, Network Intrusion Prevention System and QRadar provides a Security Intelligence approach which does preemptive protection to ensure the availability of your revenue-producing services and to protect your corporate data by identifying where risk exists, prioritizing and assigning protection activities and reporting on results. So overall, it provides Risk, Log and Event Analytics essential for an enterprise that helps in reducing the surface window for any attack to happen.
For organizations that prefer to manage security operations in-house,
IBM offers vulnerability management scanners that conduct automated and
continuous scanning to identify potentially damaging vulnerabilities in
your network infrastructure.Vulnerabilities evolve and will continue to evolve as long as the old legacy applications having security loopholes have not been taken care and people creating new software applications doesn't have awareness on securing coding practices. Vulnerability management is an on-going process that protects your
valuable data, customer information, critical network assets and
intellectual property. Scanners from IBM are designed to identify
vulnerabilities quickly and accurately, as well as provide remediation
steps and blocking techniques. IBM vulnerability management solutions track and communicate risk
reduction efforts from initial identification through remediation.
Vulnerability management is a key component of an effective information
security strategy, which provides comprehensive, preemptive protection
against threats to your enterprise security In today's scenario, Effective Vulnerability Management is a cyclic practice for any Enterprise to identify, classify, remediate and mitigate vulnerabilities. Enterprise Scanner manages both known (vulnerabilities reported by security community already fixed by relevant vendors) and unknown (Zero-Day) vulnerabilities. The IBM X-Force research and development team designed the IBM Common Assessment Module (CAM) and provides the content updates that maintain Ahead of the threat protection along with following features:
2. Asset classification - Hierarchical group structure that mirrors your organizational structure, providing context for both scanning and reporting.
3. Vulnerability assessment - Discovery-based assessment, Scripted assessment, Allows for new content without updating product binaries, Provides smaller content updates (IBM X-Press Update product enhancements) powered by X-Force, Supports faster time to market with security content, Automated security intelligence updates on the newest electronic threats.
4. Attack emulation – Performs specific tests in a non-impacting manner (posing no danger to your network) to analyze the effects of a real attack. Renowned vulnerability database by the ISS X-Force Research and Development team recognizes vulnerabilities and programmatic errors that could compromise an asset. Automatically detects new vulnerabilities based on X-Force expert recommendations.
5. Scan windows - Automated scanning during open scan windows, Auto-pause/auto-resume—automatic scan suspension upon closure of scan windows; resumes when the scan window reopens. Configurable refresh period refreshes data automatically during open scan window, helping to ensure up-to-date vulnerability information, Emergency scans—providing quick results such as adhoc scans of your network on request.
6. Reporting - Reports that illustrate information in the context of your organization such as Group and report on risk in applicable business context, by geography, network layout, business system or any other useful grouping of assets, Flexible event analysis, Enterprise-level multiscan and provides multiscanner reports, Preconfigured report templates, Exportable reports to PDF, CSV, HTML formats.
7. Easy-to-install, configure and manage - Integrated with SiteProtector (centralized command, reporting and analysis for ES and IPS) management system designed to unify the protection of network, server and desktop assets. ES also has its own Local Management Interface with Proventia Manager.
Organizations need to stay ahead of the latest threats and keep business critical applications secure. In today’s environment, companies are required to do more with fewer resources all while maintaining a secure environment. Organizations need improved protection against issues facing businesses today. Proventia Network IPS helps stop malicious Internet attacks before they impact your organization, the only effective way to preserve network availability, reduce the burden on your IT resources and prevent security breaches. Deployed in-line on your network, Proventia Network IPS helps stop threats before they impact your business and delivers easy-to-use data security and Web application protection policies to help businesses prevent data loss and attacks targeting Web applications. Core Capabilities of IPS are:
2. Client side application protection—Protects end users againstattacks targeting applications used everyday such as MicrosoftOffice files, AdobePDF files, multimedia files and web browsers.
3. Advanced network protection—Advanced intrusion prevention including DNS protection
4. Data security—Monitoring and identification of unencrypted personally identifiable information (PII) and other confidentialdata.
5. Web application security—Protection for web apps, Web 2.0 and databases (same protection as web application firewall).
6. Application control—Reclaim bandwidth and block peer-to-peer networks and tunneling.