28 Network Intrusion Prevention Design Guide: Using IBM Security Network IPS
IBM is constantly attempting to look one step ahead and blend research
experience with leading-edge technology and services with developed intelligence.
Figure 1-5 illustrates this blended attempt.
Figure 1-5 IBM Security Systems: Blended approach of research, technology, solutions, and services
IBM provides a powerful portfolio of products and services focused on threat
mitigation in the network, on the host, and at endpoint levels.
1.4.3 Vulnerability management
Besides threat management, vulnerability management is another vital
component in the security operations portfolio of an organization. Vulnerability
management consists of the following major functional areas:
Vulnerabilities in a system can be the results of an array of reasons. Computer
users might use weak passwords that can be discovered by
guessing. Alternatively, they might use the same password in many applications
where the exposure of one of these applications can lead to a potential
compromise of many systems.
Vulnerabilities can also be caused by fundamental operating system design flaws
where designers choose to enforce suboptimal policies on user or application
management. For example, operating systems with a
default permit policy grant
Chapter 1. Business context for threat and vulnerability management 29
every program and every user full access to the entire computer. Such an
operating system flaw can allow malware to run commands at an administrator
When talking about vulnerabilities, most people immediately think about a
programming bug that might get used. The software bug might allow an attacker
to misuse an application by bypassing access control checks or running
privileged commands on the system that is hosting the application. Another
common programming error is the failure to check the size of data buffers. This
error can lead to a buffer overflow, causing corruption of the stack, or heap areas
of memory. In turn, they can cause the computer to run malicious code injected
by the attacker.
One more type of vulnerability exists when an application falsely assumes that all
user input is safe and fails to perform adequate
. Programs that do
not check user input can allow unintended direct execution of injected malicious
code. A few of the most well-known forms of injecting malicious statements are
targeting databases and
, where a malicious
client-side script gets inserted in the code of a trusted web application.
These vulnerabilities have in common that they can pose a risk to the
organization. As the administrator for your organization, you want to reduce this
risk by mitigating the threat they pose.
A need for vulnerability management
New vulnerabilities are discovered every day in all sorts of operating systems,
software, and web applications. Databases can be compromised, networking
devices can be attacked, and web applications can have vulnerabilities coded in
them. In a world where exploit code for the latest vulnerabilities is sold on the
black market and conveniently packaged in malware toolkits, the amount of
threats continues to increase.
You can significantly reduce the number of vulnerabilities that can creep into
applications that you create yourself. For example, you can use source code
checking tools, such as IBM Rational® AppScan® Source Edition, and use IBM
experts to analyze your preproduction web applications with Rational AppScan
Reference information: For more information about the Rational AppScan
family of products, see the IBM Redguide™ publication Improving Your Web
Application Software Development Life Cycle's Security Posture with IBM
Rational AppScan, REDP-4530. See also the Rational AppScan Product line