Datasheet
INTC-7816-01 02/2008 Page 8 of 18
Features of the vulnerability management service include:
a. External vulnerability management - IBM will provide external vulnerability management for each
Agent under full management. This includes one quarterly scan of the Host’s Internet accessible IP
addresses, for the duration of the contract.
b. Vulnerability discovery - IBM scanners are designed to detect a large set of vulnerabilities on a wide
variety of Hosts.
c. Prioritization - IBM catalogs each scanned device (asset) and allows Customers to assign business
criticality ratings and system owners to specific assets. This allows IBM to notify asset owners
when vulnerabilities are identified, and facilitates establishment of a personalized view into overall
program impacts on security posture.
d. Remediation - identified vulnerabilities can be assigned to designated asset owners for review and
remediation. The individual asset owners are provided with access to use the Virtual-SOC as a tool
for learning about a specific vulnerability, and tracking its remediation within the enterprise.
e. Dynamic protection - vulnerability management capabilities can integrate with a Customer’s existing
IBM Managed Security Services to dynamically request the update of server and network IPS
policies with appropriate blocking responses.
f. Verification – after an asset owner indicates a vulnerable application or system has been effectively
patched, the assignment is designed to remain active until the scanning system verifies known
attack vectors for a given vulnerability have been successfully eliminated.
g. Customized reporting - IBM provides reports of service performance and security posture, either in
a stand-alone presentation, or combined with data from multiple IBM Managed Security Services.
2.2.4 High Availability
High availability (“HA”) increases the reliability of MSS for UTM by supporting the implementation of
redundant Agents into your managed environment. Adding HA to the service may require changes to the
Agent, software licensing, IP addressing requirements, or managed services fees. MSS for UTM does
not support non-integrated, third party HA solutions.
Active/Passive Implementations
Active/passive implementations improve reliability of the Agent gateway solution through redundancy. In
this configuration, a second Agent is configured as a hot-standby, ready to begin serving the network if
the primary Agent experiences a critical hardware or software failure. In such a scenario, failover is
designed to be automatic and nearly instantaneous. Active/passive configurations are recommended for
mission critical environments with low to medium traffic loads.
Active/Active Implementations
Active/active clusters improve reliability and performance of the managed Agents by using both Agents to
handle the network traffic simultaneously. In this configuration, each Agent handles a share of the
network packets, determined by a load-balancing algorithm. If one Agent fails, the other Agent is
designed to automatically handle all of the traffic until the failed Agent has been restored. Active/active
configurations are recommended for mission critical environments with high traffic volumes and/or large
fluctuations in network utilization.
2.2.5 X-Force Threat Analysis Service
X-Force Threat Analysis Service provides proactive security management through comprehensive
evaluation of global online threat conditions and detailed analyses.
The service provides threat information collected from the SOCs, trusted security intelligence from the
IBM X-Force® research and development team and from the IBM Global Threat Operations Center, and
secondary research from other public and private resources. This combination helps to identify the
nature and severity of external Internet threats. In addition to alerts and X-Force intelligence, each
registered security contact will receive detailed information regarding real-time Internet port metrics, Web
defacements, worms and virus activity, as well as daily analysis of Internet threat conditions.
For each Agent purchased, the Customer will receive one seat for the X-Force Threat Analysis Service for
the duration of the contract.