1 / 71

HP Enterprise Security

HP Enterprise Security. The Beyond of Network Security. Onuma Sanghoud , CEH Senior Technology Consultant Onuma_s@d1asia.co.th. Customers struggle to manage the security challenge. Today, security is a board-level agenda item. Customers struggle to manage the security challenge.

Download Presentation

HP Enterprise Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. HP Enterprise Security The Beyond of Network Security OnumaSanghoud, CEH Senior Technology Consultant Onuma_s@d1asia.co.th

  2. Customers struggle to manage the security challenge Today, security is a board-levelagenda item

  3. Customers struggle to manage the security challenge Primary Challenges 1 • Nature & Motivation of Attacks • (Fame  fortune, market adversary) A new market adversary Research Infiltration Discovery Capture Exfiltration

  4. Customers struggle to manage the security challenge Primary Challenges 1 1 • Nature & Motivation of Attacks • (Fame  fortune, market adversary) • Nature & Motivation of Attacks • (Fame  fortune, market adversary) Delivery Traditional DC Private Cloud Managed Cloud Public Cloud 2 • Transformation of Enterprise IT • (Delivery and consumption changes) Network Storage Servers Consumption Virtual Desktops Notebooks Tablets Smart phones

  5. Customers struggle to manage the security challenge Primary Challenges 1 • Nature & Motivation of Attacks • (Fame  fortune, market adversary) Policies & Regulations 2 2 • Transformation of Enterprise IT • (Delivery and consumption changes) • Transformation of Enterprise IT • (Delivery and consumption changes) Basel III 3 • Regulatory Pressures • (Increasing cost and complexity) DoD 8500.1

  6. A new approach is needed A risk-based, adversary-centric approach

  7. We need a new way to reduce risk Proactive Risk Reduction • IT SECURITY • User Provisioning • Identity & Access Mgmt • Database Encryption • Anti-Virus, Endpoint • Firewall, Email Security #1 SEE EVERYTHING • #3 Act Appropriately • Proactive • Risk Reduction #2 Provide Context • IT OPERATIONS • User Management • App Lifecycle Mgmt • Information Mgmt • Operations Mgmt • Network Mgmt #1 SEE EVERYTHING

  8. A Security Intelligence and Risk Management platform Security Intelligence and Risk Management Platform HP EnterpriseView Security Intelligence Network Security Application Security &FSRG ThreatResearch

  9. Consolidate Correlate Collect HP Security Intelligence Platform Hybrid Cloud Finance Private Cloud Public Cloud PaaS Division A Division A Division B SaaS $ $ $ $ $ $ $ $ IaaS • Proactive Defense • Vulnerability Awareness • Visibility • Flexible Security-Zone Segmentation • Well-Known- and Zero-Day-Exploit Protection • Adaptive Network Defense • Vulnerability Scanning • Source Code Analysis • Software Security Assurance • Security-Information and Event Management System • Event Correlation • Context-Visibility APP

  10. HP TippingPointOverview

  11. TippingPoint Introduces N-Platform, SSL-Appliance, Secure-Virtualization-Framework Enterprise Security Products Group 8,000th Customer TippingPoint acquired by HP NX Platform Leader – Security ResearchFrost & Sullivan Vulnerability Research Tracker Leader - Gartner NIPS Magic Quadrant Certified - ICSA Labs - NSS Labs - Broadband Testing

  12. TippingPoint NGIPS Platform Automated, Scalable Threat Protection SMS – Security Management System Dirty Traffic Goes In Clean Traffic Comes Out NIGPS Sensors IPS Platform Designed for future security demands and services • Proactive • In-line reliability • In-line performance (throughput/latency) • Filter accuracy • Security • Leading security research • Fastest coverage • Broadest coverage • Costs • Quick to deploy • Automated threat blocking • Easy to manage

  13. Scenario 1 - Perimeter FW FW NGIPS NGIPS Security Zone 1 Security Zone 2 Security Zone 3

  14. Scenario 2 – LAN / MAN / WAN switch router NGIPS NGIPS Security Zone 1 Security Zone 2 Security Zone 3

  15. Scenario 3 – Compliance switch router NGIPS NGIPS Security Zone 1 Security Zone 2 Security Zone 3

  16. TippingPoint NGIPS Platform NGIPS Policy Cyber-Attacks Availability - Reconnaissance - Trojan- Backdoor- Virus- Worm- Spyware- Phishing- Buffer/Heap Overflow- SQL-Injection- Cross-Site-Scripting... - Protocol Anomalies- Denial-Of-Service- (Distributed) Denial-Of-Service ... Corporate-Policy - Security Policy- Access Validation- Tunneling- Rogue Applications- Peer-to-Peer - Streaming Media...

  17. What makes a good NGIPS? Hardware Filters / Intelligence Deployment

  18. TSE Threat-Suppression-Engine Tier 3,4 Tier 2 Tier 1

  19. TippingPoint S7500NX 20Gbps TippingPoint 7100NX 15Gbps TippingPoint 2600NX, 5200NX, 6200NX 3Gbps, 5Gbps, 10Gbps TippingPoint 2500N, 5100N, 6100N 3Gbps, 5Gbps, 8Gbps Inspection Throughput [bps] TippingPoint 660N, 1400N 750Mbps, 1,5Gbps TippingPoint 110, 330 100Mbps , 300Mbps TippingPoint 10 20Mbps 2 4 10/11 24 24 IPS Segments [Port-Pairs]

  20. N-Platform • 1x 10Gbps Segment • 1x 10/100/1000Mbps Management Port • 1x 10Gbps ZPHA • 1x Serial Console Port • 5x Modular 1Gbps Segments • 1x LCD Front-Control-Panel • 5x Copper 1Gbps Segments • 1x External Flash RAM 11x IPS Segments Serial Console Port, RJ45 LCD External Flash RAM 10/100/1000Mbps Copper, Management Port

  21. NX Platform (New) • Market Leading 2U Port-Density • with Swappable Modules • 6x 1GbE 10/100/1000 (Copper) Segments • 6x 1GbE SFP (Copper or Fiber) Segments • 4x 10GbE SFP+ Segments • 1x 40GbE QSFP+ Segements

  22. NX PlatformModules

  23. SMS – Security Management Server HP Security Management System (JC528A) • HP DL320 based server • 1U device • 1x146Gb hard drive HP Security Management System XL (JC679A) • HP DL380 based server • 2U device • 6x600Gb hard drive • Fault Tolerant (RAID 1+0) Multiple ConsolesPer SMS Simple to Use Management Appliance vSMS (JC561A) • VmwareESX/ESXiv4.0 or greater Requires vCenter • Requirements: • 73/146GB avail disk space • 1/2 virtual CPU • 2/6GB available memory • 1/2 virtual network adapters vSMS Manage Multiple Units … IPS IPS ESX(i)

  24. What makes a good NGIPS? Hardware Filters / Intelligence Deployment

  25. Leading Security Research – DVLabsNetwork defense is Only as Good as it’s Security Intelligence 1,600+ Independent Researchers TippingPoint NGIPS Platform DV Labs Research & QA Leading security research and filter development http://dvlabs.tippingpoint.com/ 2,000+ Customers Participating DVLabs Services: • Digital Vaccine • App DV • ThreatLinQ • Web App DV • Reputation DV • Custom DV • Lighthouse Program Partners SANS, CERT, NIST, OSVDB, etc. Software & Reputation Vendors

  26. Bot and Fraud Detection: Cyber Reputation Reputation HP TP Next Gen IPS Countermeasures • DVLabs Reputation Database • Millions of entries • Reputation Score 0-100 • IPv4 & IPv6 Address • DNS Name • Meta data Detects mail traffic containing phishing attack techniques Content Awareness RepDV blocks mail traffic from known sources of phishing emails Context Awareness Corp. LAN Internet TippingPoint NGIPS • Botnet Trojan downloads • Malware, spyware & worm downloads • Access to botnetCnC sites • Access to phishing sites • Spam and phishing emails • DDoS attacks from botnet hosts • Web App attacks from botnet hosts Block Outbound Traffic Block Inbound Traffic

  27. ThreatLinq RepDV

  28. Bot and Fraud Detection: Cyber Reputation Reputation Source: IT-Harvest Next Generation IPS and Reputation Services

  29. What makes a good NGIPS? Hardware Filters / Intelligence Deployment

  30. Automated Security Reduces Security Operating Expenses SECURITY COSTS

  31. HP Next Generation IPS Operations Applications Purposed-Built with 40ms latency Advanced DDoS Protection Network Policy/Control Web Application Firewall Fastest 0-day protection Botnet Remediation and Protection Defense Custom Filter Toolkit Application Classification and Filtering Web Application Scanning User-Identity and Geo-Location Reputation Services Layer 2-7 Protection Quarantine and Rate Limiting

  32. HP TippingPointUse Case

  33. Use Case #1 : Event Monitoring of TippingPointIPS by SMS

  34. Searching by Filter Name

  35. Searching by Taxonomy Criteria

  36. Searching by Network Criteria

  37. Searching by Network Criteria (Con’t)

  38. Searching by Device, Segment, Rule Criteria

  39. Search Result

  40. Event Details

  41. Event Details

  42. Use Case #2 : Application Layer 7 Visibility and Control in TippingPointIPS

  43. Filter Youtube Application

  44. Modify Youtube Application Action

  45. Modify Youtube Application Action

  46. Modify Youtube Application Action (Con’t)

  47. Block Youtube Application

  48. Use Case #3 : OS Visibility in TippingPointIPS

  49. Why need the OS visibility in NG-IPS • Filter tuning based the OS information is more convincible to customers • The OS visibility is not available in our key competitive products • Customer now shows more interests in risk/vulnerability/visibility than security intelligence during the IPS POC

  50. NR script • NR is a simple bash script which allows us to extract OS information and IP address from the output of NMAP scanner which is available on any Linux • The latest nmap has more accuracy on OS detection • NR also can convert its output into the format which Named Resources in SMS can understand in order to show OS information in IPS or NGFW SMS evens

More Related