Date post: | 19-Jan-2015 |
Category: |
Technology |
Upload: | hp-enterprise |
View: | 2,523 times |
Download: | 1 times |
©2009 HP Confidential template rev. 12.10.091©2009 HP Confidential template rev. 12.10.09
Gary KinghornManager, Security Product Marketing
Aman GargConsulting Sales Engineer, TippingPoint
Date: 24 August, 2010
HPN S-SERIES PRODUCTS
©2009 HP Confidential template rev. 12.10.092
AGENDA
– TippingPoint Overview
– TippingPoint IPS Overview
– Dealing with Data Center Virtualization
– SVF Demo
©2009 HP Confidential template rev. 12.10.093 ©2009 HP Confidential3
TIPPINGPOINTOVERVIEW
©2009 HP Confidential template rev. 12.10.094
INTRODUCING TIPPINGPOINT
History of Innovation
Market Leader
› Leading Network Security Company› Secures 30+% of the Fortune 1000
› Leader in Gartner IPS Magic Quadrant since inception (2005)
› “Listed by the most IPS vendors as their primary competitor”
› TippingPoint “large deployments are easier...” and “require less effort to manage…”
Gartner IPS Magic Quadrant – April 2009
What do Others
Say
› Pioneered the Intrusion Prevention System (IPS) Market› First with App Control (P2P), Spyware, VoIP, & Custom Web App Protection
› DVLabs: Industry Leading Security Research Organization› Co-Founder and Editor of SANS Institute @RISK Newsletter
©2009 HP Confidential template rev. 12.10.095
GARTNER MAGIC QUADRANT FOR NETWORK INTRUSION PREVENTION SYSTEMS – 1H09
5
20% 20%
8% 33%
10% 42%
15% 38%
50% 24%
August 23, 2010
©2009 HP Confidential template rev. 12.10.096
BLUE CHIP CUSTOMER BASESecurity Driven Companies Continually Select TippingPoint
• 7,000+ customers worldwide, across every major industry and geography
Automotive
Telecomm
Technology Transportation Food / LeisureRetail
Education
Financial
Healthcare Energy Biotech Media
August 23, 2010 6
©2009 HP Confidential template rev. 12.10.097 ©2009 HP Confidential7
TIPPINGPOINT'S IPS PLATFORM –POSITIONING / DIFFERENTIATORS
©2009 HP Confidential template rev. 12.10.098
HP TIPPINGPOINT S-SERIES PRODUCTS
TippingPoint S10
20Mbps • 2 Segments
TippingPoint S110
100Mbps • 4 Segments
TippingPoint S330
300Mbps • 4 Segments
TippingPoint S660N
750Mbps • 10 Segments
TippingPoint S1400N
1.5Gbps • 10 Segments
TippingPoint S2500N
3Gbps • 11 Segments
TippingPoint S5100N
5Gbps • 11 Segments
Core Controller
20Gbps • 3x10GbE
Security Management System (SMS)
Manage Multiple Units • Central Dashboard
Digital Vaccine
Broadest Coverage • Evergreen Protection
Web App DV and Scanning
Web Scan• Custom Filters • PCI Report
ThreatLinQ
Real Time Threat Intelligence
IPS Platform Solutions Security Intelligence
Reputation DV
IP Reputation • DNS Reputation
ROBO, Perimeter, Zone isolation, MSPs…
10GE Networks, Core, Data Center, Service
Providers…
Management, Accessories DVLabs Services
SSL Appliance S1500
Transparent SSL Bridging and Off-Loading
vController and VMC
Virtual Data Center Security & Visibility
©2009 HP Confidential template rev. 12.10.099
IPS PlatformDesigned for future security demands and services
IPS PLATFORM INTRODUCTIONAutomated, Scalable Threat Protection
Proactive• In-line reliability
• In-line performance (throughput/latency)
• Filter accuracy
Dirty TrafficGoes In
Clean TrafficComes Out
IPS Platform
Security Management System
Security• Leading security
research
• Fastest coverage
• Broadest coverage
Costs• Quick to deploy
• Automated threat blocking
• Easy to manage
©2009 HP Confidential template rev. 12.10.0910
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Tipping Point Cisco IBM ISS McAfee Sourcefire
8.6%
30.3% 32.5% 34.1% 44.6%
% In
-Ban
d IP
S D
eplo
ymen
tsIn-Band IPS Deployments
Infonetics "IPS Customer Survey"In-Band Out-of-Band
91.4%
65.9%67.5%69.7%
55.4%
Infonetics Research IPS Survey – August 2008
PROVEN IN-LINE PROTECTION
Deployed in-line 20-35% more than competition
©2009 HP Confidential template rev. 12.10.0911
IPS PRIORITY #1 - IN-LINE NETWORK UPTIME
– Multiple Redundancy Options• Active-Active, or Active-Passive• No requirement to waste segments/ports
– No IP Address or MAC Address– Transparent to Routing Protocols
• HSRP, VRRP, OSPF, EIGRP, BGP
RedundancyHigh Availability Features
Preserves network availability, performance & security
Internal Security Processing
Normal Operating Mode
Internal Security Processing
Layer 2 Fallback
–Automated Layer 2 Fallback and Recovery• Self monitoring of Security and
Management engines– Performance Protection
• Layer 2 fallback if performance thresholds exceeded
– Dual Hot-Swappable Power Supplies– Hitless TOS Upgrades (no downtime)– Link Down Synchronization
• Links mirrored and brought down together• Prevents Black Hole routing
Built-in High-Availability and Redundancy Features
©2009 HP Confidential template rev. 12.10.0912
Core Controller PlatformIPS Platform
Purpose Built Platform = Maximum Performance
› TippingPoint designed hardware, operating system and IPS filters
› Designed and supported by TippingPoint
High Inspected Throughput› Models with 5Gbps inspected throughput
with <80µs latency› Bi-directional inspection – with all
recommended filters enabled› Not hardware processing or I/O capacity› Not based on a “best efforts” settings
16Gbps Inspected Throughput› Up to 16Gbps inspected throughput with
<110µs latency
Redundancy Options Preserve Performance
› Core Controller redundancy› N+1 IPS redundancy
High inspected throughput with low latency
IPS Platform Hardware
TippingPoint Operating System
IPS Filter Packs New Security Services20Gbps
20Gbps
20Gbps
20Gbps
TippingPoint Core Controller
TippingPoint Core Controller
IPS Platform
IPS Platform
IPS Platform
IPS PRIORITY #2 - IN-LINE PERFORMANCEHardware, O/S and Filters Designed for No Compromise Performance
©2009 HP Confidential template rev. 12.10.0913
IPS PRIORITY #3 - IN-LINE FILTER ACCURACYUnmatched Accuracy from DVLabs and Digital Vaccine
Vulnerability
False Positives(coarse filter)
Standard IPS Exploit Filterfor Exploit A
Exploit AExploit B(missed by Exploit Filter A)
TippingPoint’s vulnerability filter acts like a Virtual Software Patch, eliminating false positives
Term DefinitionVulnerability Security flaw in a software
program
ExploitAttack on a vulnerability to:
• Gain unauthorized access• Create a denial of service
Exploit Filter
Stops a single exploit• Easy to produce• Typically produced due to
IPS engine performance limitations
• Results in missed attacks and false positives
Vulnerability Filter
Stops all exploits attacking the vulnerability
August 23, 2010
©2009 HP Confidential template rev. 12.10.0914
IPS PlatformNew Th reat Suppress ion Engine
REVOLUTIONARY NEW PLATFORM DESIGNScale Security with no Performance Compromise
Vuln
erab
ility
Filt
ers
Wor
ms,
Viru
ses,
Tro
jans
DoS
/ D
DoS
/ S
YN F
lood
P2P
Con
trol
IM C
ontro
l
Spyw
are
/ A
dwar
e
Phis
hing
VoIP
SCA
DA
Web
App
Filt
ers
DLP
Filt
ers
Rep
utat
ion
DV
Cus
tom
er D
V
Dig
ital V
acci
ne
Web
App
DV
IPS Filter Packs New Security Services
Clean TrafficComes Out
Dirty TrafficGoes In
Digital Vaccine provides leading security coverage
Scalable security platform supports new filter packs
and security services
New Threat Suppression Engine allows expanded
security with no performance impact
©2009 HP Confidential template rev. 12.10.0915
HP TIPPINGPOINT’S S-SERIES IPS PLATFORM
S5100NS2500NS1400N
Performance• 3Gbps Inspection• 10M Concurrent
Sessions
Interfaces• 2x 10Gbe XFP
(1 segment)• 10x 1Gbe SFP
(5 segments)• 10x 1GBe Copper
(5 segments)
Power• AC or DC
Performance• 1.5Gbps Inspection• 6.5M Concurrent
Sessions
Interfaces• 10x 1Gbe SFP
(5 segments)• 10x 1GBe Copper
(5 segments)
Power• AC Only
Performance• 750Mbps Inspection• 6.5M Concurrent
Sessions
Interfaces• 10x 1Gbe SFP
(5 segments)• 10x 1GBe Copper
(5 segments)
Power• AC Only
S660N
Performance• 5Gbps Inspection• 10M Concurrent
Sessions
Interfaces• 2x 10Gbe XFP
(1 segment)• 10x 1Gbe SFP
(5 segments)• 10x 1GBe Copper
(5 segments)
Power• AC or DC
August 23, 2010
©2009 HP Confidential template rev. 12.10.091616
THE HP NETWORK-EMBEDDED IPS PLATFORM– TippingPoint IPS module in A7500:
Full TippingPoint IPS Solution with Reputation Service and Digital Vaccine
– Flexible Deployment Scenarios to secure traffic between network segments directly from the chassis
– A unified network and security management framework based on TippingPoint’s Security Management System (SMS) integrated and HP’s Intelligent Management Center (IMC)
– 1.3 Gbps Inspected per blade
– Multiple blades per chassis (up to 10) for scalability and HA
HP A7500 Switch Series
HP TippingPoint 1200N IPSModule
©2009 HP Confidential template rev. 12.10.0917 ©2009 HP Confidential17
TIPPINGPOINT'SDV LABS
©2009 HP Confidential template rev. 12.10.0918
DV LABS BRAIN TRUST
David EndlerSenior Director
• VOIPSA chairman, author of “Hacking VoIP Exposed”
Rohit DhamankarDirector
• SANS Top 20 Chief Editor, frequent presenter at Black Hat and RSA
Pedram AminiManager of Security Research
• Founder of OpenRCE.org, expert on reverse engineering, author of “Fuzzing” book
Rob King• speaker at Black Hat Briefings, Mac OS X
Reversing
Cameron Hotchkies• Web application security expert, author of
Absinthe Web security scanner
Mike Dausin• Web Application and Database security
research expert, speaker at Black Hat
Alex WheelerManager of DVLabs
• Expert in reverse engineering, anti-virus vulnerability research, and Black Hat frequent presenter
Cody Pierce• Responsible for ActiveX fuzzing research,
discoverer of numerous vulnerabilities
Ganesh Devarajan• SCADA security expert, quoted frequently in the
press
Terri Forslof• Formerly program manager at Microsoft Security
Response Center, presents frequently on underground hacking activities
• http://dvlabs.tippingpoint.com/team• Comprised of industry leaders, here is just a sampling:
©2009 HP Confidential template rev. 12.10.0919
TippingPoint IPS Platform
DVLabs Services:› Digital Vaccine› Web App DV & Scanning› Reputation DV› Custom DV› ThreatLinQ › Lighthouse Program
DVLabsLeading security research
and filter development
Partners
SANS, CERT, NIST, etc.Software & Reputation Vendors
ThreatLinQ Monitoring
2,000+ Customers Participating
DVLabs Research & QA
30+ Dedicated Researchers
Zero-Day Initiative
1,000+ Independent Researchers
LEADING SECURITY RESEARCH – DVLABSIPS Platform is Only as Good as its Security Intelligence
©2009 HP Confidential template rev. 12.10.0920
LEADING SECURITY RESEARCH – DVLABSDiscovers 8-10 Times More Software Vulnerabilities
0
50
100
150
200
250
300
350
400
TippingPoint ISS Xforce McAfee Avert Labs
Juniper Sourcefire
Vuln
erab
ility
Dis
cove
ries
Cumulative Vulnerability Discoveries(Sep 2005 to Dec 2009)
391
46 438 4
0
20
40
60
80
100
120
TippingPoint ISS Xforce McAfee Avert Labs
Juniper Sourcefire
Vuln
erab
ility
Dis
cove
ries
2009 Vulnerability Discoveries
116
100 0 2
©2009 HP Confidential template rev. 12.10.0921
-26 days
0 days
+1 day
+2 days
+3 days
+1 day
90%
88%
80%
36%
24%
72%
DVLABS: 2009 MICROSOFT VULNERABILITIES
Breadth of Coverage Speed of Coverage
146/163 Covered -26 days; 146/163 Covered
©2009 HP Confidential template rev. 12.10.0922
-15 days
+1 day
+1 day
+5 days
+17 days
+3 days
94%
39%
35%
12%
8%
29%
DVLABS: 2009 ZDI PROGRAM VULNERABILITIES
Breadth of Coverage Speed of Coverage
84/89 Covered -15 days; 84/89 Covered
©2009 HP Confidential template rev. 12.10.0923
EASY INSTALLATION AND CONFIGURATIONEnterprises Rate TippingPoint Easiest to Install & Configure
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Tipping Point Cisco McAfee Sourcefire IBM ISS
42%
10%4% 0% 6%
34%
27%35%
33%11%
% o
f Res
pond
ents
2 Hr. IPS Install< 30 min 30 min - 2 hrs
76%
38%
17%
38% 33%
Infonetics Research IPS Survey – August 2008
76%
38%
17%
38% 33%
Infonetics Research IPS Survey – August 2008
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Tipping PointIBM ISS McAfee Cisco Sourcefire
% o
f Res
pond
ents
Ease of Configuring IPS FiltersLight Effort
66%
22%13%15% 14%
Infonetics Research IPS Survey – August 2008
©2009 HP Confidential template rev. 12.10.0924 ©2009 HP Confidential24
DEALING WITH DATA CENTER VIRTUALIZATION
©2009 HP Confidential template rev. 12.10.0925
THE VIRTUAL NETWORK VISIBILITY GAP
Virtualized Host
VM
App
OS
3VM
App
OS
Virtualized Host
VM
App
OSVM
App
OS
Virtualized Host
VM
App
OSVM
App
OS1
2
4 VMs moved to separate site
Top of Rack Switch
IPS PlatformCore Switch• Hypervisor Security
• Are mission critical• Can’t be secured with virtual IPS• Patches must be immediate
• Host to Host Threats• Can’t deploy an IPS in front of every
server• Also Need VM to Host security
• VM to VM Threats• Virtual trust zones• Traffic does not enter the physical
network for inspection• One victim VM can attack other VMs
• VM Mobility• VMs can be launched in a separate site
for DR or other purposes (vMotion)• Physical IPS options are cost
prohibitive for these uses
2
1
3
4
©2009 HP Confidential template rev. 12.10.0926
PROTECT THE HIGH VALUE DATA CENTER
– Start with DC Perimeter Protection• Inspect ingress / egress traffic
– Protect DC Attack Surface• Virtualization tools / hypervisor• Network infrastructure• Host servers and operating systems• Enterprise and Web applications• Virtual desktop infrastructure (VDI)
– Virtual Patching• Protects rolled-back VMs• Protects VMs with out-of-date patching
due to server/VM shut-downs
– Single Set of Security Policies across Physical and Virtual DC
Top of Rack Switch
TippingPoint IPS
Virtualized Hosts Physical Hosts
Core Switch
©2009 HP Confidential template rev. 12.10.0927
Management Network
Core Switch
VISUALIZE THE DC AND DEPLOY VCONTROLLER
– Simple VMC Installation• VMware vCenter integration
TippingPoint IPSVMC
Virtualized Hosts Physical Hosts
– VMC Auto-Discovery of Virtualized Hosts and VMs• Real time visibility of virtual DC• Topology mapping of network paths
– VMC Auto-Deployment of vControllers to Virtualized Hosts• User initiated, auto-deployment
– Control VM Sprawl
Top of Rack Switch
VMware vCenter
©2009 HP Confidential template rev. 12.10.0928
VMC
Management Network
VMware vCenter
Core Switch
Hypervisor
VMsafe Kernel Module
APPLY SECURITY POLICIES BETWEEN DC TRUST ZONES
– Enforce Security Policies• Incoming DC traffic• Outgoing DC traffic• Physical host to physical host traffic• Physical host to VM traffic• VM to VM traffic
– Security Policies Follow VMs• Policies apply to mobile VMs
– Default Security Policies• Apply to all new VMs or copied VMs• Untrusted VMs or zones
– Single Set of Security Policies for Entire DC Protection
vSwitch
TippingPoint IPS
Redirect Policy
App App AppApp
Application VMs
OS OS OSOS
Virtualized Host
vController
Service VM
Top of Rack Switch
©2009 HP Confidential template rev. 12.10.092929 ©2009 HP Confidential
Q&A