HP Networking Tech Day: HPN S-Series Products

©2009 HP Confidential template rev. 12.10.091©2009 HP Confidential template rev. 12.10.09

Gary KinghornManager, Security Product Marketing

Aman GargConsulting Sales Engineer, TippingPoint

Date: 24 August, 2010

HPN S-SERIES PRODUCTS

©2009 HP Confidential template rev. 12.10.092

AGENDA

– TippingPoint Overview

– TippingPoint IPS Overview

– Dealing with Data Center Virtualization

– SVF Demo

©2009 HP Confidential template rev. 12.10.093 ©2009 HP Confidential3

TIPPINGPOINTOVERVIEW


INTRODUCING TIPPINGPOINT

History of Innovation

Market Leader

› Leading Network Security Company› Secures 30+% of the Fortune 1000

› Leader in Gartner IPS Magic Quadrant since inception (2005)

› “Listed by the most IPS vendors as their primary competitor”

› TippingPoint “large deployments are easier...” and “require less effort to manage…”

Gartner IPS Magic Quadrant – April 2009

What do Others

Say

› Pioneered the Intrusion Prevention System (IPS) Market› First with App Control (P2P), Spyware, VoIP, & Custom Web App Protection

› DVLabs: Industry Leading Security Research Organization› Co-Founder and Editor of SANS Institute @RISK Newsletter


GARTNER MAGIC QUADRANT FOR NETWORK INTRUSION PREVENTION SYSTEMS – 1H09

5

20% 20%

8% 33%

10% 42%

15% 38%

50% 24%

August 23, 2010


BLUE CHIP CUSTOMER BASESecurity Driven Companies Continually Select TippingPoint

• 7,000+ customers worldwide, across every major industry and geography

Automotive

Telecomm

Technology Transportation Food / LeisureRetail

Education

Financial

Healthcare Energy Biotech Media

August 23, 2010 6

http://www.ing.com/�


TIPPINGPOINT'S IPS PLATFORM –POSITIONING / DIFFERENTIATORS


HP TIPPINGPOINT S-SERIES PRODUCTS

TippingPoint S10

20Mbps • 2 Segments

TippingPoint S110


TippingPoint S330


TippingPoint S660N


TippingPoint S1400N

1.5Gbps • 10 Segments

TippingPoint S2500N

3Gbps • 11 Segments

TippingPoint S5100N

5Gbps • 11 Segments

Core Controller

20Gbps • 3x10GbE

Security Management System (SMS)

Manage Multiple Units • Central Dashboard

Digital Vaccine

Broadest Coverage • Evergreen Protection

Web App DV and Scanning

Web Scan• Custom Filters • PCI Report

ThreatLinQ

Real Time Threat Intelligence

IPS Platform Solutions Security Intelligence

Reputation DV

IP Reputation • DNS Reputation

ROBO, Perimeter, Zone isolation, MSPs…

10GE Networks, Core, Data Center, Service

Providers…

Management, Accessories DVLabs Services

SSL Appliance S1500

Transparent SSL Bridging and Off-Loading

vController and VMC

Virtual Data Center Security & Visibility


IPS PlatformDesigned for future security demands and services

IPS PLATFORM INTRODUCTIONAutomated, Scalable Threat Protection

Proactive• In-line reliability

• In-line performance (throughput/latency)

• Filter accuracy

Dirty TrafficGoes In

Clean TrafficComes Out

IPS Platform

Security Management System

Security• Leading security

research

• Fastest coverage

• Broadest coverage

Costs• Quick to deploy

• Automated threat blocking

• Easy to manage


0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

Tipping Point Cisco IBM ISS McAfee Sourcefire

8.6%

30.3% 32.5% 34.1% 44.6%

% In

-Ban

d IP

S D

eplo

ymen

tsIn-Band IPS Deployments

Infonetics "IPS Customer Survey"In-Band Out-of-Band

91.4%

65.9%67.5%69.7%

55.4%

Infonetics Research IPS Survey – August 2008

PROVEN IN-LINE PROTECTION

Deployed in-line 20-35% more than competition


IPS PRIORITY #1 - IN-LINE NETWORK UPTIME

– Multiple Redundancy Options• Active-Active, or Active-Passive• No requirement to waste segments/ports

– No IP Address or MAC Address– Transparent to Routing Protocols

• HSRP, VRRP, OSPF, EIGRP, BGP

RedundancyHigh Availability Features

Preserves network availability, performance & security

Internal Security Processing

Normal Operating Mode

Internal Security Processing

Layer 2 Fallback

–Automated Layer 2 Fallback and Recovery• Self monitoring of Security and

Management engines– Performance Protection

• Layer 2 fallback if performance thresholds exceeded

– Dual Hot-Swappable Power Supplies– Hitless TOS Upgrades (no downtime)– Link Down Synchronization

• Links mirrored and brought down together• Prevents Black Hole routing

Built-in High-Availability and Redundancy Features


Core Controller PlatformIPS Platform

Purpose Built Platform = Maximum Performance

› TippingPoint designed hardware, operating system and IPS filters

› Designed and supported by TippingPoint

High Inspected Throughput› Models with 5Gbps inspected throughput

with <80µs latency› Bi-directional inspection – with all

recommended filters enabled› Not hardware processing or I/O capacity› Not based on a “best efforts” settings

16Gbps Inspected Throughput› Up to 16Gbps inspected throughput with

<110µs latency

Redundancy Options Preserve Performance

› Core Controller redundancy› N+1 IPS redundancy

High inspected throughput with low latency

IPS Platform Hardware

TippingPoint Operating System

IPS Filter Packs New Security Services20Gbps

20Gbps

20Gbps

20Gbps

TippingPoint Core Controller

TippingPoint Core Controller

IPS Platform

IPS Platform

IPS Platform

IPS PRIORITY #2 - IN-LINE PERFORMANCEHardware, O/S and Filters Designed for No Compromise Performance


IPS PRIORITY #3 - IN-LINE FILTER ACCURACYUnmatched Accuracy from DVLabs and Digital Vaccine

Vulnerability

False Positives(coarse filter)

Standard IPS Exploit Filterfor Exploit A

Exploit AExploit B(missed by Exploit Filter A)

TippingPoint’s vulnerability filter acts like a Virtual Software Patch, eliminating false positives

Term DefinitionVulnerability Security flaw in a software

program

ExploitAttack on a vulnerability to:

• Gain unauthorized access• Create a denial of service

Exploit Filter

Stops a single exploit• Easy to produce• Typically produced due to

IPS engine performance limitations

• Results in missed attacks and false positives

Vulnerability Filter

Stops all exploits attacking the vulnerability

August 23, 2010


IPS PlatformNew Th reat Suppress ion Engine

REVOLUTIONARY NEW PLATFORM DESIGNScale Security with no Performance Compromise

Vuln

erab

ility

Filt

ers

Wor

ms,

Viru

ses,

Tro

jans

DoS

/ D

DoS

/ S

YN F

lood

P2P

Con

trol

IM C

ontro

l

Spyw

are

/ A

dwar

e

Phis

hing

VoIP

SCA

DA

Web

App

Filt

ers

DLP

Filt

ers

Rep

utat

ion

DV

Cus

tom

er D

V

Dig

ital V

acci

ne

Web

App

DV

IPS Filter Packs New Security Services

Clean TrafficComes Out

Dirty TrafficGoes In

Digital Vaccine provides leading security coverage

Scalable security platform supports new filter packs

and security services

New Threat Suppression Engine allows expanded

security with no performance impact


HP TIPPINGPOINT’S S-SERIES IPS PLATFORM

S5100NS2500NS1400N

Performance• 3Gbps Inspection• 10M Concurrent

Sessions

Interfaces• 2x 10Gbe XFP

(1 segment)• 10x 1Gbe SFP

(5 segments)• 10x 1GBe Copper

(5 segments)

Power• AC or DC

Performance• 1.5Gbps Inspection• 6.5M Concurrent

Sessions

Interfaces• 10x 1Gbe SFP


(5 segments)

Power• AC Only

Performance• 750Mbps Inspection• 6.5M Concurrent

Sessions

Interfaces• 10x 1Gbe SFP


(5 segments)

Power• AC Only

S660N

Performance• 5Gbps Inspection• 10M Concurrent

Sessions

Interfaces• 2x 10Gbe XFP

(1 segment)• 10x 1Gbe SFP


(5 segments)

Power• AC or DC

August 23, 2010


THE HP NETWORK-EMBEDDED IPS PLATFORM– TippingPoint IPS module in A7500:

Full TippingPoint IPS Solution with Reputation Service and Digital Vaccine

– Flexible Deployment Scenarios to secure traffic between network segments directly from the chassis

– A unified network and security management framework based on TippingPoint’s Security Management System (SMS) integrated and HP’s Intelligent Management Center (IMC)

– 1.3 Gbps Inspected per blade

– Multiple blades per chassis (up to 10) for scalability and HA

HP A7500 Switch Series

HP TippingPoint 1200N IPSModule


TIPPINGPOINT'SDV LABS


DV LABS BRAIN TRUST

David EndlerSenior Director

• VOIPSA chairman, author of “Hacking VoIP Exposed”

Rohit DhamankarDirector

• SANS Top 20 Chief Editor, frequent presenter at Black Hat and RSA

Pedram AminiManager of Security Research

• Founder of OpenRCE.org, expert on reverse engineering, author of “Fuzzing” book

Rob King• speaker at Black Hat Briefings, Mac OS X

Reversing

Cameron Hotchkies• Web application security expert, author of

Absinthe Web security scanner

Mike Dausin• Web Application and Database security

research expert, speaker at Black Hat

Alex WheelerManager of DVLabs

• Expert in reverse engineering, anti-virus vulnerability research, and Black Hat frequent presenter

Cody Pierce• Responsible for ActiveX fuzzing research,

discoverer of numerous vulnerabilities

Ganesh Devarajan• SCADA security expert, quoted frequently in the

press

Terri Forslof• Formerly program manager at Microsoft Security

Response Center, presents frequently on underground hacking activities

• http://dvlabs.tippingpoint.com/team• Comprised of industry leaders, here is just a sampling:

http://dvlabs.tippingpoint.com/team�

http://dvlabs.tippingpoint.com/team/pamini�

http://dvlabs.tippingpoint.com/team/gdevarajan�

http://dvlabs.tippingpoint.com/team/dendler�

http://dvlabs.tippingpoint.com/team/chotchkies�

http://dvlabs.tippingpoint.com/team/cpierce�


TippingPoint IPS Platform

DVLabs Services:› Digital Vaccine› Web App DV & Scanning› Reputation DV› Custom DV› ThreatLinQ › Lighthouse Program

DVLabsLeading security research

and filter development

Partners

SANS, CERT, NIST, etc.Software & Reputation Vendors

ThreatLinQ Monitoring

2,000+ Customers Participating

DVLabs Research & QA

30+ Dedicated Researchers

Zero-Day Initiative

1,000+ Independent Researchers

LEADING SECURITY RESEARCH – DVLABSIPS Platform is Only as Good as its Security Intelligence


LEADING SECURITY RESEARCH – DVLABSDiscovers 8-10 Times More Software Vulnerabilities

0

50

100

150

200

250

300

350

400

TippingPoint ISS Xforce McAfee Avert Labs

Juniper Sourcefire

Vuln

erab

ility

Dis

cove

ries

Cumulative Vulnerability Discoveries(Sep 2005 to Dec 2009)

391

46 438 4

0

20

40

60

80

100

120

TippingPoint ISS Xforce McAfee Avert Labs

Juniper Sourcefire

Vuln

erab

ility

Dis

cove

ries

2009 Vulnerability Discoveries

116

100 0 2


-26 days

0 days

+1 day

+2 days

+3 days

+1 day

90%

88%

80%

36%

24%

72%

DVLABS: 2009 MICROSOFT VULNERABILITIES

Breadth of Coverage Speed of Coverage

146/163 Covered -26 days; 146/163 Covered


-15 days

+1 day

+1 day

+5 days

+17 days

+3 days

94%

39%

35%

12%

8%

29%

DVLABS: 2009 ZDI PROGRAM VULNERABILITIES

Breadth of Coverage Speed of Coverage

84/89 Covered -15 days; 84/89 Covered


EASY INSTALLATION AND CONFIGURATIONEnterprises Rate TippingPoint Easiest to Install & Configure

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

Tipping Point Cisco McAfee Sourcefire IBM ISS

42%

10%4% 0% 6%

34%

27%35%

33%11%

% o

f Res

pond

ents

2 Hr. IPS Install< 30 min 30 min - 2 hrs

76%

38%

17%

38% 33%


76%

38%

17%

38% 33%


0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

Tipping PointIBM ISS McAfee Cisco Sourcefire

% o

f Res

pond

ents

Ease of Configuring IPS FiltersLight Effort

66%

22%13%15% 14%



DEALING WITH DATA CENTER VIRTUALIZATION


THE VIRTUAL NETWORK VISIBILITY GAP

Virtualized Host

VM

App

OS

3VM

App

OS

Virtualized Host

VM

App

OSVM

App

OS

Virtualized Host

VM

App

OSVM

App

OS1

2

4 VMs moved to separate site

Top of Rack Switch

IPS PlatformCore Switch• Hypervisor Security

• Are mission critical• Can’t be secured with virtual IPS• Patches must be immediate

• Host to Host Threats• Can’t deploy an IPS in front of every

server• Also Need VM to Host security

• VM to VM Threats• Virtual trust zones• Traffic does not enter the physical

network for inspection• One victim VM can attack other VMs

• VM Mobility• VMs can be launched in a separate site

for DR or other purposes (vMotion)• Physical IPS options are cost

prohibitive for these uses

2

1

3

4


PROTECT THE HIGH VALUE DATA CENTER

– Start with DC Perimeter Protection• Inspect ingress / egress traffic

– Protect DC Attack Surface• Virtualization tools / hypervisor• Network infrastructure• Host servers and operating systems• Enterprise and Web applications• Virtual desktop infrastructure (VDI)

– Virtual Patching• Protects rolled-back VMs• Protects VMs with out-of-date patching

due to server/VM shut-downs

– Single Set of Security Policies across Physical and Virtual DC

Top of Rack Switch

TippingPoint IPS

Virtualized Hosts Physical Hosts

Core Switch


Management Network

Core Switch

VISUALIZE THE DC AND DEPLOY VCONTROLLER

– Simple VMC Installation• VMware vCenter integration

TippingPoint IPSVMC

Virtualized Hosts Physical Hosts

– VMC Auto-Discovery of Virtualized Hosts and VMs• Real time visibility of virtual DC• Topology mapping of network paths

– VMC Auto-Deployment of vControllers to Virtualized Hosts• User initiated, auto-deployment

– Control VM Sprawl

Top of Rack Switch

VMware vCenter


VMC

Management Network

VMware vCenter

Core Switch

Hypervisor

VMsafe Kernel Module

APPLY SECURITY POLICIES BETWEEN DC TRUST ZONES

– Enforce Security Policies• Incoming DC traffic• Outgoing DC traffic• Physical host to physical host traffic• Physical host to VM traffic• VM to VM traffic

– Security Policies Follow VMs• Policies apply to mobile VMs

– Default Security Policies• Apply to all new VMs or copied VMs• Untrusted VMs or zones

– Single Set of Security Policies for Entire DC Protection

vSwitch

TippingPoint IPS

Redirect Policy

App App AppApp

Application VMs

OS OS OSOS

Virtualized Host

vController

Service VM

Top of Rack Switch

©2009 HP Confidential template rev. 12.10.092929 ©2009 HP Confidential

Q&A

Date post:	19-Jan-2015
Category:	Technology
Upload:	hp-enterprise
View:	2,523 times
Download:	1 times