IBM Adds Capabilities For Web App Protection And DLP

IBM Thursday announced it has added capabilities for web application protection and data-loss prevention (DLP) to the basic technology platform for its intrusion-system prevention (IPS) product line. The IBM IPS 4.1 platform is a free software upgrade for the vast majority of IBM's network IPS appliances, approximately 16 in all, that range from 800Mbps to 12GBps throughput inspection of traffic.

The IBM IPS can monitor and detect attack traffic, and with the new capability, they will also perform some outbound DLP detection and blocking of sensitive content, in addition to stopping SQL injection and cross-site scripting attacks, functions seen in the variety of equipment known as web application firewalls.

As regards to DLP capability, "in the area of doing more security with less, in the 4.1 platform release, there's a GUI with content analyser that inspects documents for personally identifiable information," says Dave Ostrowski, security product manager for IBM. When this DLP capability is used, this feature will inspect several types of documents, including Microsoft Office, PDFs and ZIP files for sensitive information.

While the DLP functionality in the IBM IPS 4.1 platform does not rival highly sophisticated DLP products with discovery capability, for example, the IBM IPS can be fairly easily set up to identify personal information, such as credit card numbers, and detect and block unauthorised transfers. Some customised DLP configuration is also possible.

In the area of stopping attacks such as SQL injection and cross-site scripting, the IBM IPS 4.1 adds the kind of detection and blocking mechanisms that are found in web application firewalls, Ostrowski says. In addition, "If you're using the Rational AppScan product, we'll take vulnerabilities identified by that and through SiteProtector, adapt the information for the IPS," he adds.

IBM says for the vast majority of its IPS line, the IPS 4.1 platform upgrade would fall under maintenance contracts for current IPS products and thus would not incur additional fees.

print this article

Return to security news headlines
View Security News Archive

Share with: