IBM MSS f/ UTM MGD-DC1 Manuale Utente
Codici prodotto
MGD-DC1
INTC-7816-01 02/2008
Page 2 of 18
Gateway antivirus systems scan many kinds of file transfers such as Web pages, e-mail traffic, and
file transfer protocol (“FTP”) exchanges for worms, viruses, and other forms of malware.
file transfer protocol (“FTP”) exchanges for worms, viruses, and other forms of malware.
IBM will provide the following services in support of the product features listed above, as applicable:
h.
project kickoff, assessment, and implementation
During deployment and initiation of MSS for UTM, IBM will work with the Customer to help define
appropriate security policies, assist with installation and configuration of the Agent(s), and verify
proper device operation prior to transition of the firewall(s) to the SOC.
appropriate security policies, assist with installation and configuration of the Agent(s), and verify
proper device operation prior to transition of the firewall(s) to the SOC.
i.
policy management
Firewalls only protect Hosts when configured correctly for their network environment. IBM provides
policy management services to help the Customer keep firewalls configured with a valid security
policy, and IBM retains records of all changes.
policy management services to help the Customer keep firewalls configured with a valid security
policy, and IBM retains records of all changes.
j.
device management
IBM will maintain the firewall by monitoring its system health and availability and applying vendor
updates to the firewall.
updates to the firewall.
k.
security event monitoring
Unified threat management devices (called “UTMs”) are capable of generating a high volume of
alerts in response to the security conditions for which they are configured. The actual security risk
corresponding to a particular condition detected by a firewall is not always clear, and it is not
practical to block all data that may be harmful, as the default. Additional monitoring and analysis
provided by IBM security analysts on a 24 hours/day by 7 days/week basis helps cover this security
gap by maintaining a focus on alerts which may be significant, validating these alerts as probable
Security Incidents and escalating the probable Security Incidents to the Customer.
alerts in response to the security conditions for which they are configured. The actual security risk
corresponding to a particular condition detected by a firewall is not always clear, and it is not
practical to block all data that may be harmful, as the default. Additional monitoring and analysis
provided by IBM security analysts on a 24 hours/day by 7 days/week basis helps cover this security
gap by maintaining a focus on alerts which may be significant, validating these alerts as probable
Security Incidents and escalating the probable Security Incidents to the Customer.
l.
vulnerability management
Vulnerabilities are weaknesses in Hosts in the Customer’s environment, and IBM will provide
vulnerability management services to help identify and remediate these vulnerabilities.
vulnerability management services to help identify and remediate these vulnerabilities.
m.
X-Force Threat Analysis Service
IBM will provide security intelligence to the Customer based on such things as original research
completed by the IBM X-Force® research and development team, worldwide threat activity as
identified by the IBM Global Threat Operations Center, and secondary research from other public
and private resources.
completed by the IBM X-Force® research and development team, worldwide threat activity as
identified by the IBM Global Threat Operations Center, and secondary research from other public
and private resources.
n.
Virtual-SOC
The Virtual-SOC is a Web interface which serves as the Customer’s interface to management of the
firewall, alerts, logs, reports, policy change requests, and other types of service tickets.
firewall, alerts, logs, reports, policy change requests, and other types of service tickets.
The following table provides an overview of the MSS for UTM product features for the Protection and
Content packages.
Content packages.
Table 1 - MSS for UTM Packages
Product Features
Included as part of
Protection package?
(Yes or No)
Included as part of
Content package?
(Yes or No)
Included if Customer
subscribes to both
packages?
(Yes or No)
Intrusion Prevention
management
management
Yes
No
Yes
Firewall and VPN
management
management
Yes
No
Yes
Web filter management
No
Yes
Yes
Antispam management
No
Yes
Yes
Antivirus management
No
Yes
Yes