Advanced persistent threat (APT) attacks are in the news because, by using advanced sophisticated techniques, attackers stay stealthy after the initial break-in and usually steal millions of confidential and personal sensitive information. These videos describe the anatomy of APT attacks and where in the attack process XGS can be helpful.
In these videos, you learn about the integration points between IBM XGS and IBM Security QRadar SIEM.
The lab gives an overview of the available APIs that can be used to manage IBM Security Network Protection and send alerts to it.
The Network Protection appliance can quarantine traffic based on the events it generates and receives from external agents. This provides an advanced level of threat protection for your network. In this video, you learn how to use SiteProtector to create and manage quarantine rules.
Application programming interfaces (APIs) can greatly increase the functionality of the IBM Network Protection (XGS) appliance. In this course, you learn about the structure of the XGS appliance and how to use APIs that send management commands and APIs that send alerts to communicate with the appliance. This unit describes general web services commands or methods and how to create them using the cURL utility. You also learn to use the web services API to manage the appliance. Finally, you learn about using APIs to send alerts to third-party advanced threat protection (ATP) agents.
In this course, you learn what type of network captures can be configured on the XGS appliance, and how to use the management and protection interfaces to capture network traffic.
This video defines high availability and describes different HA design configurations such as failover, link propagation, and active bypass.
This video demonstrates the weaknesses of SNORT pattern-matching signatures as compared to the IBM Protocol Analysis Module (PAM) engine when the original exploit is modified. For the purpose of the demonstration, you use the Metasploit Framework and vulnerability described in CVE-2013-0422. In the second video, the same SNORT issues is demonstrated using CVE-2012-0507.
This course demonstrates the use of the SNMP protocol in the IBM Network Protection (XGS) appliance. The appliance can be configured to send SNMP traps or informs, which are notifications, from the appliance to the SNMP trap receiver. You can also query the XGS for statistical information using the snmpwalk application.
This course includes videos that demonstrate the efficiency of IBM Network Protection in protecting against SQL injection and cross-site scripting attacks.
The videos in this course demonstrate the efficiency of IBM Network Protection in protecting against web application attacks across different OWASP Top 10 categories such as brute force attacks, path traversal attacks, remote code execution, cross-site request forgery attacks, and unvalidated forward request attacks.
XGS: Senior Administrator
This roadmap helps you leverage additional features in your XGS appliance, which increases the scope of protection you can manage as an IBM Network Protection Administrator. You learn how to apply protection policies to encrypted traffic, use SNORT signatures as an extra inspection engine to PAM, create policies based on user identity, prevent the unauthorized transmission of sensitive information, and navigate the command line interface for more granular control of the appliance and initial troubleshooting. It is important that an XGS Administrator have a working knowledge of SiteProtector.