HP Software EMEA Performance Tour 2013...•Hot-Swappable I/O modules •Stops malicious traffic &...

HP Software EMEA Performance Tour 2013

Zurich, Switzerland September 18

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

ESP Making Network Security Relevant

HP TippingPoint NGIPS

Karl Hertenstein / ESP Solution Architect Switzerland & Austria September 18th, 2013

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 3

Agenda

Landscape



Landscape


Rise of the cyber threat

Enterprises and Governments are experiencing the most AGGRESSIVE THREAT ENVIRONMENT in the history of information


Cyber Attacks are now a global concern


Customers struggle to manage the security challenge

Today, security is a

board-level agenda item



Primary Challenges

Nature & Motivation of Attacks (Fame fortune, market adversary) 1

Research Infiltration Discovery Capture Exfiltration

A new market adversary




Primary Challenges


Transformation of Enterprise IT (Delivery and consumption changes) 2

Traditional DC Private Cloud Managed Cloud Public Cloud

Network Storage Servers

Virtual Desktops Notebooks Tablets Smart phones

Consumption

Delivery




Primary Challenges



Regulatory Pressures (Increasing cost and complexity) 3

Basel III

DoD 8500.1

Policies & Regulations


Attacks & attackers become more sophisticated

Broad Attacks

Advanced Targeted Threats

Stuxnet Duqu Aurora “Only 16% of Firms Have a Security Policy in Place to Protect Against Advanced, Targeted Threats.” *

Recreational Hackers

Organized Crime & Nation States

* Source: Global State of Information Security Survey, PricewaterhouseCoopers, CIO magazine, CSO magazine, September 2011

What Is an Advanced, Targeted Threat?


Discovery

The adversary ecosystem

Research

Our enterprise

Their ecosystem

Infiltration

Capture

Exfiltration

5X 1X


Example of a High-Profile Attack: RSA Data Breach

5:00 AM Finance person receives a spearphishing email

8:31 AM RAT program downloaded utilizing Adobe Flash vulnerability

NEXT DAY / 12:01AM NMAP scan to identify and classify network resources

8:30 AM Opens to see “2012 Recruitment plan.xls” file

11TH DAY / 12:05 AM Encrypt and ftp file to good.mincesur.com

OVER THE NEXT 10 DAYS Collect data over a period of time

12TH DAY Attack hits the headlines

8:32 AM Poison Ivy RAT is initiated

1 2 3 4

5 6 7 8

10

DAY


The Impact is Real…

March 17, 2011

RSA Hit By Advanced Persistent Threat

RSA has been breached and sensitive token key information from more than 40 million end users may have been compromised.

May 31, 2011

Lockheed Martin Suffers Massive Cyberattack

“Significant and tenacious” attack targeted multiple defense contractors and involved hack of RSA SecurID System.

Breaches Are Costly

• RSA announced cost of breach at $66 million

• Negative press. Loss of business and loss of trust.

The Stakes Are High

• Intellectual property loss could compromise national security


And RSA Was Not Alone…

Barracuda Hit By Cyber Attack Attacker grabbed the information using an SQL injection script

Stuxnet Worm Sophisticated worm attacks Siemen’s SCADA industry control systems and Windows.

United Nations Cyber attack on United Nations leads to massive loss of information and posses huge economic threat.

360,000 accounts hacked in cyber attack; $2.7 million stolen.

Sony Online estimates 25 million customer accounts hacked.

Directors Desk application breached, Web-based collaboration and communications tool for senior executives and board members


84% of breaches occur at the application layer

68% increase in mobile application vulnerability disclosures


average time to detect breach 416 days

2012 January February March April May June July August September October November December 2013 January February March April


of breaches are reported by a 3rd party 94%


What are customers missing?

Converged infrastructures require high rates of inspected traffic throughput

Virtualization requires virtual security

Protection from zero-day vulnerabilities




Next Generation Intrusion Prevention System (NGIPS)

What’s Gartner’s Recommended Solution?

Standard First Gen IPS Capabilities

Application Awareness and Visibility

Context Awareness

Content Awareness

Agile Engine


How can we fit the requirements?





HP TippingPoint NX Serie

• Highest port density on the market today

• Hot-Swappable I/O modules

• Stops malicious traffic & protects vulnerable applications

• Provides application visibility and control

• Installs ~1 hour for quick in-line threat protection

• Ensures high network performance and availability

• Provides low-latency for real-time applications

• Easy to configure, deploy and manage

Multiple security services: • Reputation Services • Web Application Security • Application awareness, control and

security • Customized Security and Protection • Global Threat Intelligence


NX Platform

Market Leading 2U Port-Density

with Swappable Modules

Available Models:

2600NX, 3 Gbps

5200NX, 5 Gbps

6200NX, 10 Gbps

7100NX, 15 Gbps

7500NX, 20 Gbps


Swappable I/O Modules

Non-Bypass-Modules

- 6 segment Gig-T

- 6 segment GbE-SFP

- 4 segment 10GbE-SFP+

- 1 segment 40GbE-QSFP+

Bypass-Modules*

- 4 segment Gig-T

- 2 segment 1GbE-Fiber-SR

- 2 segment 1GbE-Fiber-LR

- 2 segment 10GbE-Fiber-SR

- 2 segment 10GbE-Fiber-LR *Provide connectivity when power fails

Complete range available, including bypass-options


Flexibility and Performance

NGIPS

Appliance

Inspection

Thrgp. [Mbps]

Inline IPS

Segments

Ports

10 20 2

110 100 4

330 300 4

660 N 750 10

1400 N 1.500 10

2500 N 3.000 ≤11

2600 NX 3.000 ≤24

5100 N 5.000 ≤11

5200 NX 5.000 ≤24

6100 N 8.000 ≤11

6200 NX 10.000 ≤24

7100 NX 15.000 ≤24

7500 NX 20.000 ≤24

1Gbps Ethernet Copper

1Gbps Ethernet Fiber

10Gbps Ethernet Fiber 40Gbps Ethernet Fiber

Network

Thrgp. [Mbps]

20

100

300

750

1.500

15.000

40.000

15.000

40.000

15.000

40.000

100.000

100.000

Connections

per Second

Concurrent

Sessions

3.600 1.000.000

9.700 1.000.000

18.500 1.000.000

115.000 6.500.000

115.000 6.500.000

230.000 10.000.000

300.000 30.000.000

230.000 10.000.000

300.000 30.000.000

230.000 10.000.000

300.000 30.000.000

450.000 60.000.000

450.000 60.000.000


The HP TippingPoint Security Management System (SMS) provides unified management to HP TippingPoint products, acts as a connecting point for strategic integration, and adds value to security solutions.

Features:

• Centralized • Multi-tenancy • Best of Breed Management • Easy Installation • 3rd Party Integration • Security Services Aggregation • Graphing and Reporting • Active Updates

HP TippingPoint Security Management System


HP TippingPoint protects from data center to edge

• Blocks threats attacking applications and operating systems

• Network-embedded and standalone devices

• Endpoint management

• Protection for physical, virtual, and cloud environments

• Best-of-Breed Management

and Reporting

Unified network security policy console

Campus LAN

Edge

Wireless LAN Core

Data center

Remote offices and branches

Tele-workers, partners, and customers

Virtual machines (VMs)

WAN

Internet







CorporateDMZPCI

DMZPCI Corporate

HP TippingPoint vController + Firewall

VMware vCenter

VMware vSphere

Server Admin Domain

Security Domain

Secure VMware Virtualisation with HP TippingPoint

CloudArmour: purpose-built for virtualization network security

Extending Security to Virtual Environments

– IPS protection for virtual zones and perimeters

– Enforce network zones/segmentation in virtual network layer

– Extend compliance zones into virtual environment

– Maintain separation of duties

– Address virtualisation specific challenges: • VM Sprawl

• VM Mobility

• VM Patch Management (Rollback and Templates)







Proactive Prevention

Vulnerability Is found

t1

Exploit-Code is „In-The-Wild“

t2

Software Vendor releases Patch

t3 t4

Patch Rollout

Proactive IPS Protection

Vulnerability is discovered first, exploits are released later Ratio of (Vulnerability : Exploits) is always (1:n), where n>1


HP TippingPoint Vulnerability Filter

Exploit of Vulnerable Application

33

Vulnerability False Positives

Standard IPS Exploit Filter for Exploit A

Exploit A Exploit B (missed by Exploit Filter A)

Term Definition

Vulnerability Security flaw in a software program

Exploit Attack on a vulnerability to: • Gain unauthorized access • Create a denial of service

Exploit Filter Stops a single exploit • Easy to produce • Typically produced due to IPS engine

performance limitations • Results in missed attacks and false

positives

Vulnerability Filter Stops all exploits attacking the vulnerability


Proactive Security with HP TippingPoint DVLabs

• Leading security research organization

• The leader in zero day vulnerability discovery

• Delivers earliest filter protection

• Staffed by 30+ dedicated researchers

DVLabs Research

Partners

SANS, CERT, NIST, OSVDB etc. Software & reputation vendors

2,000+ customers participating

1,650+ independent researchers

Industry Leading Security Research Industry Leading Threat Protection

DVLabs Security Services

Protects against 1000’s of exploits

Reputation Blocks Millions of Known Bad Hosts

Application Granular App Control and Rate Limiting

DV Toolkit Custom Filter Tool with SNORT support

Web Application Inspect and Protect Web Apps

Monitor the Global Threat Landscape


HP TippingPoint DVLabs Digital Vaccine Service

And Provides Earliest Protection Against Zero Day Threats DVLabs Discovers More Vulnerabilities

DVLabs: Leading the Industry in Vulnerability Discovery AND Filter Delivery


Recognized security research leader

Frost & Sullivan Market Share Leadership Award for Vulnerability Research

3 years in a row! At any time, 200 to 300 zero day vulnerabilities only HP knows about

Analysis of vulnerabilities by severity (continued) Key takeaway: HP TippingPoint continues to lead in critical0severity vulnerability disclosures.

Note: All figures are rounded. The base year is CY 2011. Source: Frost & Sullivan analysis


Protection Against Advanced Targeted Attacks

5:00 AM Finance person receives a spearphishing email

8:31 AM RAT program downloaded utilizing Adobe Flash vulnerability

NEXT DAY / 12:01AM NMAP scan to identify and classify network resources

8:30 AM Opens to see 2012 Recruitment plan with .xls file

11TH DAY / 12:05 AM Encrypt and ftp file to good.mincesur.com

OVER THE NEXT 10 DAYS Collect data over a period of time

12TH DAY Attack hits the headlines

8:32 AM Poison Ivy RAT is initiated

1 2 3 4

5 6 7 8

10

DAY

Spearphishing Attack

Detects mail traffic containing phishing attack techniques

RepDV blocks mail traffic from known sources of phishing emails

Content Awareness

Context Awareness

Malicious Email Attachment

Leverages 200 content filters from DV Labs to prevent download of emails with malicious attachments

Content Awareness

Exploit of Vulnerable Application

DVLabs Filter Service offers over 100 filters to protect against Adobe exploit

Content filters detect download of Poison Ivy RAT

RepDV detects downloads from known sources of Malware and Spyware

Vulnerability Protection

Content Awareness

Context Awareness

Reconnaissance and Mapping

• NGIPS detects the scan, quarantines the host, determines USER ID correlated with that host, then alerts end user and admin

• GEOLOCATION information included in each event shows a shift in this attack from external to internal

Context Awareness

External Use of Compromised Host

NGIPS detects and takes action on Poison Ivy command and control TRAFFIC

NGIPS detects and takes action on COMMUNICATIONS with known malicious hosts

Content Awareness

Context Awareness

Data Leakage

RepDV Service detects and blocks communications with known bad hosts, domains, and unapproved geographies

Context Awareness

HP TP Next Gen IPS Delivers

TEN Countermeasures

Ongoing Scanning and Data Collection

HP ArcSight ESM identifies anomalous internal activities by analyzing and correlating every event, then provides real time dashboards, notifications or reports to the security administrator


Comprehensive network, application and cloud data center protection

HP TippingPoint Confidently Secures Your Network

HP TippingPoint Other network security vendors

Pre-zero-day attack coverage —

Precise filters that minimize false positives —

1,600 global security researchers —

Industry leader in vulnerability discovery —

Global threat intelligence portal (ThreatLinQ) —

Leading virtualization security solution —

Installs in-line in less than 2 hours —


Thank you

Date post:	26-Feb-2020
Category:	Documents
Upload:	others
View:	13 times
Download:	0 times

HP Software EMEA Performance Tour 2013...•Hot-Swappable I/O modules •Stops malicious traffic &...

Documents