IBM Proventia Desktop Endpoint Security

Overview:

Addressing the threat

Your desktop environment is a prime target for malicious attacks which can result in widespread system outages and data loss. When a breach occurs, not only is your business productivity impacted, but you also face the grim possibility that sensitive business information may be compromised. Like many companies and organizations, your challenge is that your existing security solutions are not able to keep pace with rapidly evolving, profit-driven threats. What you need is an integrated and affordable desktop security solution that will provide preemptive, ahead of the threat protection.

IBM Proventia Desktop Endpoint Security is designed to stop intrusions and attacks before they happen. We can help you prevent downtime and costly data loss, mitigate known and new threats, ensure security compliance, and lower your total cost of ownership. With multilayered protection, we help you fight threats regardless of attack mode. Our solution combines personal firewall, antivirus and anti-spyware with innovative preemptive technologies like vulnerability-centric intrusion prevention and the IBM Internet Security Systems™ (ISS) patented virus prevention system¹—all in a single agent that also supports the Microsoft® Windows Vista™ 32-bit operating system.

A single management console and a broad range of consulting services to help simplify the complexity of deploying and managing security operations, while its modular architecture provides extensible protection to help ensure you’re ready for the next big threat—whenever and wherever it may occur.

Reducing risk from known and unknown attacks

Backed by cutting-edge, continuous security research, IBM Proventia Desktop Endpoint Security is designed to preemptively stop both known and evolving threats. We combine innovative, behavior-based protection technologies with conventional, signature-based technologies to help identify and block new attacks before they happen. And our comprehensive support helps you fight both network-based and application-based threats.

Providing multilayered protection in a single agent

Unlike other security solutions, IBM Proventia Desktop Endpoint Security delivers comprehensive protection in a single product, from a single vendor. Designed for easy integration with your existing infrastructure, we combine a personal firewall, intrusion prevention, buffer overflow exploit prevention, application protection and virus prevention in a single agent. This multilayered protection includes a combination of technologies:

• Virus Prevention System (VPS)
• Buffer-overflow exploit prevention
• Vulnerability-centric intrusion prevention
• Anti-virus and anti-spyware signatures
• Personal firewall
• Application control

Virus Prevention System

IBM Proventia Desktop Endpoint Security’s patented Virus Prevention System (VPS) detects and blocks a variety of malware, including more than 90 percent of new and unknown viruses and worms—without an update. Rather than relying on signatures for detection, VPS uses a behavioral system that analyzes the activities of an executable file and detects families of malicious code. The VPS runs programs in a virtual environment where it safely examines the program’s behavior and evaluates it for malicious content. This process creates a view of what a program does or would do under certain conditions—providing a preemptive look at the intentions of an application. This deep analysis is the key to stopping real threats to your network without affecting legitimate programs or requiring custom application profiling.

Buffer-overflow exploit prevention

Buffer-overflow exploit prevention is a “last line of defense” against zero-hour exploits designed to take advantage of new or unknown vulnerabilities. But, intrusion prevention technology can only block attacks against known exploits. What do you do with the unknown threats? IBM Proventia Desktop Endpoint Security is designed to protect hosts from attackers that attempt to use known or previously unknown buffer-overflow attacks to exploit the system or propagate. Like a circuit breaker, IBM Proventia Desktop Endpoint Security buffer-overflow exploit prevention is tripped to help protect the system as soon as malicious code tries to execute.

Intrusion prevention system

In the last few years, the world of network vulnerabilities has merged with viruses. Malware writers have now taken full advantage of vulnerabilities to increase the penetration of their malicious programs. IBM Proventia Network Intrusion Prevention System is highly effective at preventing the spread of network worms. Coupled with IBM Internet Security Systems (ISS) you have a solution that helps you remain ahead of the threat by blocking network-based attacks and helping prevent the spread of many attacks focused at specific vulnerabilities.

Anti-virus/anti-spyware signature engine

An automated command and control center provides your staff with advanced event correlation and analysis and the capability to implement automatic updates. This scalable and flexible system can easily be integrated with your existing systems to deliver a single view of your enterprise.

Benefits:

The endpoint is the new perimeter. Protect it with IBM's Proventia Desktop, one of the most effective endpoint and data loss prevention solutions on the market.

Business across all industries require preemptive, ahead of the threat protection against malicious attacks that can cause system outages and result in data loss.

Some examples of business benefits provided by Proventia Desktop include:

• Improved Risk Management
  Threats and hackers have evolved and are now, more than ever, financially motivated. Proventia Desktop helps enterprises protect their systems and the data they house from profit motivated attacks.
• Increased Protection
  As changes in the threat landscape occur, businesses must be able to protect themselves. Proventia Desktop protects against the latest threats and allows enterprises to respond quickly.
• Decreased Cost of Ownership / Increased ROI
  Damage to reputation after an attack has cost businesses millions in lost revenue over the last several years. The loss of trust resulting from a breach between customers and providers, as well as between partners, can cause irreparable damage. Proventia Desktop provides behavioral based security that can provide data protection befor an attack occurs.
• Simplified Consolidation
  The time and effort involved with managing multiple security vendors can be a drain on your resources. Proventia Desktop consolidates agents in a single protection tool allowing for easier control and improved manageability via a single management console.

Features:

Proventia Desktop is a single agent that combines a personal firewall, intrusion prevention, buffer overflow exploit prevention, application protection and virus prevention. It helps to ensure that your desktops are protected and adhere to corporate standards.

Network Threat Prevention Features
Proventia Desktop stops Internet threats from advancing beyond the network onto your desktops.

• Spyware Prevention
  Proventia Desktop prevents the installation of spyware by analyzing network downloads, and blocks existing spyware from running by stopping unauthorized application communication outside the desktop.
• Powerful Intrusion Prevention
  Proventia Desktop's built-in intrusion prevention technology provides out-of-the-box protection against threats like worms, viruses and hacker attacks. More than 160 built-in rules are included.
• Inbound Blocking
  Proventia Desktop monitors all inbound traffic and blocks attacks through intelligent analysis of trusted applications. Good traffic is allowed while malicious or suspicious traffic is not.
• Memory Protection
  Proventia Desktop's Buffer Overflow Exploitation Prevention (BOEP), also known as memory protection, protects hosts from buffer overflow attacks against known and unknown memory buffer vulnerabilities.
• Corporate Network Access Control
  The Proventia Desktop Access Control platform ensures that computer systems connecting to the corporate network through a Virtual Private Network, wireless access point, or from another network segment are protected by an up-to-date ISS desktop agent.
• Cisco Network Admission Control (NAC) Certified
  Proventia Desktop interfaces with the Cisco Trust Agent (CTA) software to deliver compliance and configuration information about Proventia Desktop. The security posture information provided aids in determining if the system should be allowed to access the corporate network.
• Reduced Attack Surface
  Proventia Desktop reduces and eliminates a desktop's visibility to network attackers through a simple and configurable firewall.
• Location-based Protection
  Proventia Desktop can be configured to automatically enable additional security features based on location. For example, attempts to use a laptop in an unknown network, such as a wireless connection in an airport, activate additional security features to protect the laptop and your network from malicious traffic.

Application Threat Prevention Features
Proventia Desktop protects desktops from exploits at the application level.

• Virus Prevention System
  Proventia Desktop's Virus Prevention System (VPS) uses a patent-pending behavioral analysis method to stop known and new viruses, Trojans, worms and spyware. Complementary to traditional, signature-based antivirus technology, VPS identifies viral and unhealthy application behavior to detect and block malicious code without time-sensitive signature updates.
• Application Protection
  Proventia Desktop's advanced application protection capabilities allow administrators to build customized lists of authorized and unauthorized applications, ensuring that your desktop environment stays protected from unauthorized use and access.
• Antivirus Awareness
  Proventia Desktop ensures that clients have updated antivirus software.
• Virtual Patch Protection
  Internet Security Systems (ISS)' virtual patch protection automatically updates and applies security policies to newly discovered vulnerabilities that could affect your desktop systems. This technology allows you to protect your desktops before an attack is 'in the wild,' avoiding emergency patch rollouts so you can apply updates when your organization is ready.

Management Features
Manage Proventia Desktop agents with the IBM Proventia Management SiteProtector system for enterprise-level centralized desktop protection.

• Centralized Management System
  The SiteProtector centralized security management system allows you to control, monitor and analyze events with minimum staff and operational costs. SiteProtector scales easily from small organizations to large global enterprises, allowing administrators to control 100,000 Proventia Desktop agents from a single console.
• Advanced Event Correlation and Analysis
  The IBM SiteProtector Security Fusion module instantly correlates security data from multiple sources to determine whether incidents are attacks or false positives.
• Automatic Updates
  Automatic security updates to Proventia Desktop are delivered through the X-Press Update package which eliminates both manual updates and downtime. X-Press Updates are developed by ISS' X-Force, the most respected security research group in the industry.
• Easy Integration
  Proventia Desktop fits seamlessly within your existing corporate infrastructure and supports Active Directory, most e-mail and Web clients, as well as popular antivirus and Virtual Private Network (VPN) software.
• Flexible Deployment
  Proventia Desktop offers flexible configuration options for deployment, response and notification. Administrators can choose how much control to allow individual users, specify port and IP restrictions, and even how to report important security events.

Technical Specifications:

¹ Gigabit Ethernet hardware supported, but not 1 Gbps throughput

Documentation:

Download the IBM Proventia Desktop Endpoint Security Datasheet (PDF).