IBM Security Network Protection (XGS)

IBM Security Network Protection (XGS) provides a web services API that enables third-party applications such as Deep Discovery Director (Consolidated Mode) to directly submit suspicious objects. IBM XGS can perform the following functions:

  • Quarantine hosts infected with malware

  • Block communication to C&C servers

  • Block access to URLs found to be distributing malware

To integrate Deep Discovery Director (Consolidated Mode) with IBM XGS, configure a generic agent to do the following:

  • Accept alerts that adhere to a specific schema

  • Create quarantine rules based on a generic ATP translation policy

The ATP translation policy allows several categories of messages to take different actions on IBM XGS, including blocking and alerting.