XGS Advanced

Understanding APT Attacks
NEW

Advanced persistent threat (APT) attacks are in the news because, by using advanced sophisticated techniques, attackers stay stealthy after the initial break-in and usually steal millions of confidential and personal sensitive information. These videos describe the anatomy of APT attacks and where in the attack process XGS can be helpful.

Integration with QRadar

In these videos, you learn about the integration points between IBM XGS and IBM Security QRadar SIEM.

Managing IBM Security Network Protection and Sending Custom Alerts with API

The lab gives an overview of the available APIs that can be used to manage IBM Security Network Protection and send alerts to it.

Working with Quarantine Rules and the ATP Policy

The Network Protection appliance can quarantine traffic based on the events it generates and receives from external agents. This provides an advanced level of threat protection for your network. In this video, you learn how to use SiteProtector to create and manage quarantine rules.

How to use the XGS API

Application programming interfaces (APIs) can greatly increase the functionality of the IBM Network Protection (XGS) appliance. In this course, you learn about the structure of the XGS appliance and how to use APIs that send management commands and APIs that send alerts to communicate with the appliance. This unit describes general web services commands or methods and how to create them using the cURL utility. You also learn to use the web services API to manage the appliance. Finally, you learn about using APIs to send alerts to third-party advanced threat protection (ATP) agents.

Capturing Packets

In this course, you learn what type of network captures can be configured on the XGS appliance, and how to use the management and protection interfaces to capture network traffic.

Troubleshooting

This course is a collection of the videos that talk about common problems customers experience when configuring the appliance. It also walks through the tools can help in detecting these problems. 

HA Design

This video defines high availability and describes different HA design configurations such as failover, link propagation, and active bypass.

Combating Mutated Attacks Using IBM Security Network Protection

This video demonstrates the weaknesses of SNORT pattern-matching signatures as compared to the IBM Protocol Analysis Module (PAM) engine when the original exploit is modified. For the purpose of the demonstration, you use the Metasploit Framework and vulnerability described in CVE-2013-0422. In the second video, the same SNORT issues is demonstrated using CVE-2012-0507.

Implementing SNMP

This course demonstrates the use of the SNMP protocol in the IBM Network Protection (XGS) appliance. The appliance can be configured to send SNMP traps or informs, which are notifications, from the appliance to the SNMP trap receiver. You can also query the XGS for statistical information using the snmpwalk application.

Protection from SQL Injections and Cross-site Scripting

This course includes videos that demonstrate the efficiency of IBM Network Protection in protecting against SQL injection and cross-site scripting attacks.

Protection from different OWASP Top 10 classes of attacks

The videos in this course demonstrate the efficiency of IBM Network Protection in protecting against web application attacks across different OWASP Top 10 categories such as brute force attacks, path traversal attacks, remote code execution, cross-site request forgery attacks, and unvalidated forward request attacks.

Click roadmap title to expand/collapse roadmap

XGS: Senior Administrator

This roadmap helps you leverage additional features in your XGS appliance, which increases the scope of protection you can manage as an IBM Network Protection Administrator. You learn how to apply protection policies to encrypted traffic, use SNORT signatures as an extra inspection engine to PAM, create policies based on user identity, prevent the unauthorized transmission of sensitive information, and navigate the command line interface for more granular control of the appliance and initial troubleshooting. It is important that an XGS Administrator have a working knowledge of SiteProtector.


Administration

These courses deal with advanced administeration topics such as high availability, ...

Security Policy Management

These courses teach how to tune Security Policies, understand how PAM works, and define the classes of X-Force signatures and attack vectors.

Troubleshooting

These courses teach you how to perform basic troubleshooting tasks in your XGS environment.

Integration

These courses teach you how to integrate XGS with other IBM and non-IBM products. Look for the various implementation use cases and understand how you can implement them in your environment.