1 / 29

HP Enterprise Security Products HP TippingPoint

HP Enterprise Security Products HP TippingPoint. Miroslav Knapovsky CISSP, CEH HP ESP; Central Europe knapovsky@hp.com Mobile: +420 603 200 258. Agenda. What we do Why we do How we do. Security Performance Suite. HP Enterprise Security. HP ESP – What we do.

ewan
Download Presentation

HP Enterprise Security Products HP TippingPoint

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. HP Enterprise Security Products HP TippingPoint Miroslav Knapovsky CISSP, CEH HP ESP; Central Europe knapovsky@hp.com Mobile: +420 603 200 258

  2. Agenda What we do Why we do How we do

  3. Security Performance Suite HP Enterprise Security HP ESP – What we do HP Security Performance Suite Pillars Application Security SecurityIntelligence Network Security

  4. HP Security Research HP ESP – What we do Innovative Research Actionable Security Intelligence Publication On Critical Topics Today Driving ESP Security Strategy • Experts in vulnerability, malware, threat actor, and software security research • ZDI and other communities • Globally-distributed team from top universities • Content powers ArcSight, Fortify, and TippingPoint • Intelligence delivered direct to end-users and the public • Bi-weekly threat briefings on the web and iTunes • Publications on research spanning the ESP portfolio • Speaking at top security conferences / tradeshows • Trusted-source for advice on enterprise security

  5. Security Research – is the KEY • SANS, CERT, NIST, OSVDB, software, and reputation vendors • ~3000 researchers • 2000+ customers sharing data • 7000+ managed networks globally Ecosystem partners Actionable security intelligence ~3,000+ independent researchers DVLabs Research & QA • Automatically integrated into HP products • HP finds more vulnerabilities than the rest of the market combined • For IPS/FW: DV, RepDV, AuxDV,… HP Security Research 2,000+ customers participating Note: All figures are rounded. The base year is 2012. Source: Frost & Sullivan

  6. Integration in examples WebInspect

  7. HP Security Research applied examples Digital Vaccine & Custom filters & Snort Import Malware Vaccine Reputation Digital Vaccine Advanced Threat Analysis Sand-boxing Geo-location Anti - DoS/DDoS Application Visibility

  8. DV update Example – Your weekly work 37 new filters (5 enabled by default, 9 ZDI) 9 modified filters 2 removed filters 13484: ZDI-CAN-2110: Zero Day Initiative Vulnerability (Microsoft)Category: VulnerabilitiesDescription: This filter provides protection against exploitation of a zero-day vulnerability affecting one or more Microsoft products.Availability: This filter is only available on 3.2.0 and above. Use of RECOMMEND action as category setting will cause this filter to be: Disabled in default deployments. Enabled with the "block+notify" action set in aggressive deployments.

  9. Let’s make it simple – New DV - task for 10minutes

  10. Create Your own filter – GAMUT in 10 minutes

  11. Heartbleed vulnerability protection on Day 1 • Every second matters! • OpenSSL Vulnerability affecting 2/3 of the world’s web servers • HP TippingPoint customers are protected on Day 1 via Digital Vaccine • Virtual patch stops attack and theft of critical customer information

  12. Anti-Malware Digital Vaccine Feed • What is it? – aka stream antivirus malware detection • A separate DV package containing 2000+ filters • Delivered through the weekly DV subscription • Customer Value • The filters are designed to alert on post-infection malware traffic e.g. CnC Botnet traffic. • How it works • Anti-Malware DV will be similar to regular DV in terms of packaging and distribution • Best Practice – Use these filters in IDS mode. Filters will be more chatty and might have higher false positive rate than regular DV filters. • Filters will include general description of the event, detailed information, reliability factor, CVE/OSVDB/Metasploit/Public references when available.

  13. Customer attack leads to unexpected intel • Neverquest trojan • Targeted attack against large retailer • Traffic capture analysis uncovers previously unknown exfiltration sites • Take action before the bad guys know they are exposed!

  14. Bot and Fraud Detection: Reputation DV • 3rd Party Malware Research • Malware research and analysis • Identify devices participating in malware activity • 3rd Party Web & Email Research • Providers of web/email security • Analysis of malicious traffic Reputation Database • Internal, Original Research • Global threat event DB, >12M events/d • Partnerships with platinum customers • SANS Institute • Global Community participation • Correlates Firewall Security Events • Open Source Community • Various malware/ phishing/ botnet communities • Unallocated (Bogon) Lists • DVLabs validated • DVLabs Honeypots • Real-time attack sensors • Globally deployed • Detailed data collection • HPLabs • Proprietary algorithms and analysis • Detailed data collection

  15. Find Trojan GAMUT in RepDV and use it - in 3 min.

  16. Malware threat from anonymous proxies • Chewbacca malware example • Bad guys targeting POS/financial systems • Launched from TOR network • Operates by installing TOR client on infected devices for exfiltration purposes • Set policy on your network for unpublished, unknown anonymous proxy exit nodes

  17. Research matters! • Over 8,700 DV filters • 1/3 enabled out of box • Over 3,000 security researchers • Proven accuracy with minimal false positives • Optimize network performance and protect business critical applications ~3,000+ independent researchers DVLabs Research & QA 2,000+ customers participating

  18. More information on HP Security Research • HP Enterprise Security: hp.com/go/SIRM • HP Security Research: hp.com/go/HPSRblog • HP Security Products: hp.com/go/SecurityProductsBlog • HP Threat Briefings: hp.com/go/ThreatBriefings

  19. Threat LandscapeWhy we do

  20. TippingPoint NGIPS Platform Automated, Scalable Threat Protection HP ESP – How we do SMS – Security Management System Dirty Traffic Goes In Clean Traffic Comes Out NGIPS Sensors IPS Platform Designed for future security demands and services • Proactive • In-line reliability • In-line performance • Filter accuracy • Security • Leading security research • Fastest coverage • Broadest coverage • Costs • Quick to deploy • Automated threat blocking • Easy to manage

  21. Current NGIPS HP TippingPoint Models 20.000 TippingPoint 7100NX, 7500NX 15 Gbps, 20 Gbps TippingPoint 6200NX 10 Gbps 2600NX, 5200NX Inspection Throughput[Mbps] 3 Gbps, 5 Gbps TippingPoint 660N, 1400N 750 Mbps, 1,5Gbps TippingPoint 110, 330 100 Mbps , 300 Mbps 20 TippingPoint 10 20 Mbps 2 4 10 up to24 up to24 IPS Segments [Port-Pairs]

  22. NX Platform 3-20Gbps • Bypass Modules • - 4x 1GbE 10/100/1000 (Copper) • - 2x 1GbE SFP (Fiber) • - 2x 10GbE SFP+ • Market Leading • 2U Port-Density • with Swappable Modules

  23. Why HP TippingPoint NGFW? Stateful Firewalls NGFW NGIPS & NGFW UTM HP TippingPoint NGIPS 2001 Today

  24. Current NGFW HP TippingPoint Models TippingPoint S8010F 10.000 5.000 NGFW: 10.000 Mbps NGFW+NGIPS: 5.000 Mbps TippingPoint S8005F NGFW: 5.000 Mbps NGFW+NGIPS: 2.500 Mbps TippingPoint S3020F IPS InspectionThroughput [Mbps] NGFW Throughput [Mbps] NGFW: 2.000 Mbps NGFW+NGIPS: 1.000 Mbps TippingPoint S3010F NGFW: 1.000 Mbps NGFW+NGIPS: 500 Mbps TippingPoint S1050F 500 250 NGFW: 500 Mbps NGFW+NGIPS: 250 Mbps 8 16 18 20 20 Firewall/IPS Ports

  25. Easy to Deploy in the Network Bridge 1 e.g. Zone 3 Zone 1 • Transparent • Routed Segment 1 Zone 4 etc… Zone 2 Segment In/out port Bump-in-the-wire (no IP address) Reliability through L2FB and HA modes Routed One or more IP addresses One Armed Single port in/out VLAN tagged Bridge Multiple ports Broadcast domain IP address No L2FB

  26. HP TippingPoint’s flow-based, policy-driven architecture 3 4 2 1 Traffic Classification Firewall Rules Inspection Profiles Action Sets Block Security Zone Rule 1 Network Traffic IPS Policy 1 Permit IP Address Rule 2 100100100000110101001010010010000011010100101001001000001101010010100100100000110101001010010010000011010100101001001000001101010010100100100000110101001010010010000011010100101001001000001101010010100100100000110101001010010010000011010100101001001000001101010010100100100000110101001010010010000011010100101001001000001101010010110100101 IPS Policy n Trust Service … Rep Policy 1 Rate Limit Application Rule n Rep Policy n Quarantine User DefaultRule

  27. Typical deployment of HP TippingPoint network security Physical and Virtual Servers Remote offices and branches • HP TippingPoint protects from data center to edge  Data center WAN WLAN Core CampusLAN Edge Internet Tele-workers, partners, and customers IPS Security Zone

  28. Why HP TippingPoint? Reliable NGIPS with 99.99999% network uptime track record Simple Easy-to-use, configure and install with centralized management Effective Industry leading security intelligence by DVLabsupdates Next Gen IPS IntegratedPolicy Next GenFirewall Security ResearchDVLabs, Reputation and feeds User and Apppolicy

  29. Thank you stay in touch: knapovsky@hp.com

More Related