Вы находитесь на странице: 1из 4

IBM Software Data Sheet

IBM Security Solutions

IBM Security Network

Intrusion Prevention
System Virtual Appliance

Combining security with efficiency for your

Highlights traditional and virtual environments
Although security has always been a top priority for your organization,
● Addresses consolidation efforts and
costly appliance sprawl with a virtual the growing complexity and volume of security incidents and compli-
platform for security convergence ance regulations has dramatically reinforced the need for sophisticated
network protection. Yet economic reality presents an equally com-
● Extends the same robust intrusion pre-
vention for virtual networks that you pelling need to find ways to reduce hardware requirements through
expect from traditional networks consolidation and virtualization. The challenge is reconciling these pri-
● Designed to ease security and compli-
orities without jeopardizing either the security of your organization or
ance efforts by helping to detect and your consolidation efforts.
block network attacks and unauthorized
network access
IBM Security Network Intrusion Prevention System Virtual Appliance
● Enables cloud computing service offers advanced preemptive protection in a virtual security appliance to
providers to deliver segmented help you achieve maximum business continuity using minimal
security services in multitenant virtual
resources. Powered by the IBM X-Force® research and development
team, IBM Security Network Intrusion Prevention System Virtual
● Integrates virtualized security with Appliance operates on virtual platforms to help protect both your
traditional network protection for
overall reduced complexity of security physical and virtual networks with the same high level of security.
operations As a virtual appliance, IBM Security Network Intrusion Prevention
System Virtual Appliance provides the ideal solution for managed
cloud service providers by enabling flexible deployments in multitenant
virtual environments. A single management console and a broad range
of consulting services to help simplify the complexity of deploying and
managing security operations, while its modular architecture provides
extensible protection to help ensure you’re ready for the next big
threat—whenever and wherever it may occur.

Boosting consolidation efforts through a virtual

security appliance
Network security for traditional and virtual platforms often requires
appliances that can increase data center requirements, adding to their
size and cost. IBM Security Network Intrusion Prevention System
IBM Software Data Sheet
IBM Security Solutions

Virtual Appliance offers the best of both worlds: the power ● Advanced network protection – Advanced intrusion preven-
and protection of advanced network intrusion prevention in a tion including DNS protection.
virtual security appliance. Sophisticated detection technology ● Data security – Monitoring and identification of unen-
and virtual form can help keep appliance sprawl to a mini- crypted personally identifiable information (PII) and other
mum and your consolidation plans on track, without jeopard- confidential data.
izing the security of network operations. High throughput ● Web application security – Protection for Web apps,
and low latency help maintain traffic flow and ensure efficient Web 2.0 and databases (same protection as Web application
network operations. firewall).
● Application control – Reclaim bandwidth and block Skype,
Extending and simplifying security peer-to-peer networks and tunneling.
IBM Security Network Intrusion Prevention System Virtual By consolidating security demands, such as threat detection
Appliance extends the same high level of preemptive protec- and prevention, data security, Web application protection and
tion to your virtual operations, helping you block threats to application control, IBM Security Network Intrusion
these environments. At the same time, our solution helps ease Prevention System Virtual Appliance helps reduce the cost of
complexity by enabling you to manage virtual security, tradi- deploying and maintaining point solutions. This modular
tional enterprise security and vulnerability management from technology can help safeguard your networks from attack cat-
a single management interface. In addition to minimizing the egories and threats, including:
need for multiple point solutions and resources, the ability to
share network policies and best practices between your virtual
● Worms and spyware
and physical network security operations can help ensure
● Denial-of-service (DoS) and distributed denial-of-service
consistency. (DDoS)
● Botnets
● Targeted attacks against Web applications
Staying ahead of evolving threats and ● Proprietary or sensitive data leaving the network
compliance measures
IBM Security Network Intrusion Prevention System Virtual
Enabling security services in cloud
Appliance relies on the IBM Protocol Analysis Module
(PAM), which is designed by the IBM X-Force team, to offer computing
a robust extensible protection engine that adds new areas of IBM Security Network Intrusion Prevention System Virtual
protection as threats evolve. With the full power of PAM Appliance provides the virtual appliance that enables man-
technology, IBM Security Network Intrusion Prevention aged cloud service providers to protect specific virtual net-
System Virtual Appliance is a comprehensive network protec- work segments with the option of customized security
tion solution that includes: policies or “trust X-Force” default configurations. With the
ability to deliver new revenue-generating services powered by
● IBM Virtual Patch® technology – Shielding vulnerabilities the security of X-Force, cloud service providers can gain a
from exploitation, independent of a software patch. significant competitive differentiator while delivering the reli-
● Client side application protection – Protects end users ability their clients demand.
against attacks targeting applications used everyday such as
Microsoft Office files, Adobe PDF files, Multimedia files
and Web browsers.

IBM Software Data Sheet
IBM Security Solutions

Requirements and technical specifications

GV1000 GV200

Processor 2x Quad Core Intel®

Xeon® E5440 @
2.83 GHz

Operating system VMware ESX VMware ESX

Infrastructure 3 Infrastructure 3
Version 3.5 Version 3.5,
VMware ESXi 3.5.
VMware Server 2.0

VM guest operating system support N/A N/A

Memory 1 GB RAM 1 GB RAM

Network connection Any VMware Any VMware

supported NIC supported NIC

Disk space 10 GB hard drive 10 GB hard drive

Performance characteristics* ESX 3.5 ESXi 3.5 VMware Server 2.0

Throughput Up to 700 Mbps Up to 200 Mbps Up to 150 Mbps Up to 50 Mbps
Connections per second 19,000 19,000 19,000 12,000
Concurrent sessions (max rate) 500,000 500,000 500,000 400,000

Operating modes GV 1000 GV 200

Active protection Yes Yes
Passive detection Yes Yes
Inline simulation Yes Yes pres
Protected network segments 1 1

*Performance achieved with the IBM BladeCenter® IBM BladeCenter

following configuration HT Chassis, Blade HT Chassis, Blade
IBM eServer™ IBM eServer
HS21 - 8853AC1, HS21 - 8853AC1,
NICs NetXtreme NICs NetXtreme
Broadcom5704S, Broadcom5704S,
Processor 2x Quad Processor 2x Quad
Core Intel Xeon E5440 Core Intel Xeon E5440
@ 2.83 GHz, OS @ 2.83 GHz
Version ESX 3.5.0
Build 123630 Update 3

Offering simplified implementation and virtual appliance and self-contained solution, the solution can
maintenance deliver security without altering server images, virtual servers,
Designed for easy installation, configuration and manage- applications or the virtual infrastructure. You can select from
ment, IBM Security Network Intrusion Prevention System several operating modes, including:
Virtual Appliance can help you juggle the conflicting priori-
ties of staffing requirements and network security. As a
● Active – intrusion prevention for blocking
● Inline simulation – displays what would be blocked
● Passive – intrusion detection for alerting without blocking

If you prefer to transfer the burden of protecting your net-
work to a trusted security partner, IBM offers established
consulting and managed services through skilled service
solution teams for assessment, design, deployment and
© Copyright IBM Corporation 2010

Why IBM? IBM Corporation

Software Group
IBM Security Network Intrusion Prevention System Virtual
Route 100
Appliance brings world-class vulnerability-based security Somers, NY 10589 U.S.A.
technology in a virtual form to help protect your virtual and
Produced in the United States of America
physical network environments and support your consolida- May 2010
tion goals. In addition to offering preemptive protection All Rights Reserved
across every layer of your network and simple deployment IBM, the IBM logo, ibm.com and X-Force are trademarks or registered
and integrated management, this comprehensive security trademarks of International Business Machines Corporation in the
platform is backed by the industry-leading IBM X-Force United States, other countries, or both. If these and other
IBM trademarked terms are marked on their first occurrence in this
research and development team. information with a trademark symbol (® or ™), these symbols indicate
U.S. registered or common law trademarks owned by IBM at the time
this information was published. Such trademarks may also be registered
For more information or common law trademarks in other countries. A current list of
To learn more about the IBM Security Network Intrusion IBM trademarks is available on the Web at “Copyright and trademark
Prevention System Virtual Appliance , please contact your information” at ibm.com/legal/copytrade.shtml
IBM representative or IBM Business Partner, or visit Intel and Intel Xeon are trademarks or registered trademarks of Intel
ibm.com/tivoli/solutions/threat-mitigation Corporation or its subsidiaries in the United States and other countries.

Other company, product or service names may be trademarks or service

marks of others.

References in this publication to IBM products and services do not imply

that IBM intends to make them available in all countries in which
IBM operates.

Product data has been reviewed for accuracy as of the date of initial
publication. Product data is subject to change without notice.
Any statements regarding IBM’s future direction and intent are
subject to change or withdrawal without notice, and represent goals and
objectives only.


IBM products are warranted according to the terms and conditions of
the agreements (e.g. IBM Customer Agreement, Statement of Limited
Warranty, International Program License Agreement, etc.) under which
they are provided.

The customer is responsible for ensuring compliance with legal

requirements. It is the customer’s sole responsibility to obtain advice of
competent legal counsel as to the identification and interpretation of any
relevant laws and regulatory requirements that may affect the customer’s
business and any actions the customer may need to take to comply with
such laws. IBM does not provide legal advice or represent or warrant that
its services or products will ensure that the customer is in compliance
with any law or regulation.

Please Recycle