HP TIPPINGPOINT ADAPTIVE REAL-WORLD SECURITY. Stefan Schmid Sales Manager Central & Eastern Europe & Middle East s.schmid@hp.com

Transcription

1 HP TIPPINGPOINT ADAPTIVE REAL-WORLD SECURITY Stefan Schmid Sales Manager Central & Eastern Europe & Middle East Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice

2 TippingPoint History TippingPoint Introduces N-Platform, SSL-liance, Secure-Virtualization-Framework 8,000th Customer TippingPoint acquired by HP Leader Security Research Frost & Sullivan Vulnerability Research Tracker Leader - Gartner NIPS Magic Quadrant Certified - ICSA Labs - Broadband Testing Secure Virtual Data Center Testing 2

3 HP Enterprise Security NIPS Network based Intrusion Prevention System SSA Software Security Assurance NBAD Endpoint Security NAC WLAN IDS/IPS AAA SIEM Security, Information and Event Management 3

4 IPS Platform Solutions Security Intelligence S 10 S 1400N Core Controller Digital Vaccine 20Mbps 2 Segments 1.5Gbps 10 Segments 20Gbps 3x10GbE Broadest Coverage Evergreen Protection S 110 S 2500N Security Management System (SMS) Web DV and Scanning 100Mbps 4 Segments 3Gbps 11 Segments Manage Multiple Units Central Dashboard Web Scan Custom Filters PCI Report S 330 S 5100N SSL liance S 1500S Reputation DV 300Mbps 4 Segments 5Gbps 11 Segments Transparent SSL Bridging and Off-Loading IP Reputation DNS Reputation S 660N S 6100N Secure Virtualization Framework ThreatLinQ 750Mbps 10 Segments 8Gbps 11 Segments vcontroller & vips Real Time Threat Intelligence HP TippingPoint S5100N Bundle HP TippingPoint S6100N Bundle 1x CoreController 1x CoreController HP TP S1200N IPS A7500 Module 2x S 5100N 2x S6100N 4 10Gbps 3x10GbE Segments 16Gbps 3x10GbE Segments 1.3Gbps 4 Segments

5 TippingPoint NIPS Platform Automated, Scalable Threat Protection SMS Security Management System Dirty Traffic Goes In Clean Traffic Comes Out NIPS Sensoren IPS Platform Designed for future security demands and services Proactive In-line reliability In-line performance (throughput/latency) Filter accuracy Security Leading security research Fastest coverage Broadest coverage Costs Quick to deploy Automated threat blocking Easy to manage 5

6 Leading Security Research DVLabs Network defense is Only as Good as it s Security Intelligence 1,600+ Independent Researchers DV Labs Research & QA TippingPoint IPS Platform 2,000+ Customers Participating Leading security research and filter development with 35+ Dedicated Researchers Partners SANS, CERT, NIST, VDB, etc. Software & Reputation Vendors DVLabs Services: Digital Vaccine Web DV Reputation DV Custom DV DV ThreatLinQ Lighthouse Program

7 HP security research: You don t know what you don t know Collect network and security data from around the globesecurity Specific Research within TippingPoint, Fortify, and ArcSight 1,600+ researchers registered Typical profile: male, teen to mid twenties, hobbyist day vulnerabilities submitted by these researchers day vulnerabilities purchased (30+%) 7

8 Vulnerabilities People write software People make mistakes More software is developed every day Over the last 5 years on average, roughly 8k vulnerabilities are disclosed each year That is well over 40k vulnerabilities since 2006 About half of those are Web lication related 8

9 HP TippingPoint DVLABS leads the industry Discovers 8-10 times more software vulnerabilities Vulnerability leadership award Cumulative vulnerability discoveries (September 2005 to December 2010) 2010 vulnerability discoveries Focused on security research with real-world application 9

10 Microsoft Vulnerability Discovery Total Microsoft Credited Advisories HP TippingPoint Fortinet IBM/ISS Palo Alto McAfee CheckPoint SourceFire Cisco Juniper Stonesoft Acknowledgements provided in Microsoft Security Bulletins ( ) HP TippingPoint was acknowledged 119 times on 20% (83/359) of all MS Bulletins With advance knowledge of vulnerabilities, HP TippingPoint provides coverage faster than the competition Data Compiled from published Microsoft Security Bulletins 10

11 Leading Security Research DVLabs Microsoft Security Bulletin Example: 11

12 Firewalls = a false sense of security

13 Your firewall can be your worst enemy! (Both traditional and NGFW) Attackers EXPECT you to have a firewall (Traditional or NGFW) NGFW features Leak packets until the app/content is recognized Automatically white-lists flows to protect performance Easily creates a False Sense of Security DECREASES your security posture without warning! Unpredictable performance! Limited to perimeter deployments 13

14 Next Generation Security Platform Purpose-built for In-line performance Transparent (no MAC or IP Address) Performs like a switch NO forwarding tables (unlike a router/switch/firewall) Inspects ALL packets at the APPLICATION layer No noticeable latency (<84 us) special mode for bounded latency Performs cross packet reassembly stateful tracking flows/sessions (2.6 Million sessions) Does NOT drop traffic when flow limit is reached Will NOT drop traffic if packet enters mid-flow Provides PREDICTABLE and RELIABLE performance Can be installed anywhere in the network core, edge, perimeter, service providers Completely effective in both Asymmetric and Symmetric networks out of the box Blocks attacks in REAL-TIME Will ADAPT to the ever changing attack landscape

15 Real-Time Attack Mitigation Blocking Actions Blocks Flows to stop exploits of vulnerabilities Default blocking technique Won t stop your legal applications (just block the bad flows) Syn Proxy Server Farm protection at high rates of speed Simple Blocking at L3/L4 (TMF) Order the rules just like a firewall Can implement policy to remove ip-frags Protocol Anomalies (Per Packet Blocking) Quarantine IPs and Thresholds Per Filter Block application layer DD Block spiders, web crawlers from bringing down you network Quarantine (flexible deployment scenarios) If someone is infected, redirect their browser to a remediation server IP Rep Block malicious IP and DNS using a database that is updated every 2 hours! Block communications to botnet command and control domains Responder action set (allows custom actions when a filter is matched) Shut down the access port of an infected user Move infected users to a quarantine VLAN Do anything you can script

16 The Inverse FW & More Than IPS We block attempts to exploit vulnerabilities across the network Remote Code Execution attempts, worms, viruses, malicious mail bot installs, phishing, malicious web links, spyware, brute force attempts, SQL Injections, PHP vulnerabilities, etc Control lications on the Network Rate-Limit the less important traffic Gaming, P2P, MySpace, YouTube, etc Quarantine / Custom Actions (Responder) Help users understand when they are infected and how to clean the infection Stop DD Attacks We also block the noise just like a firewall (Traffic Management Filters) Threatlinq Understand which attacks you should be blocking with a global view Custom Web Filters DLP Filters, IP Rep, BotDV, FileDV DV Toolkit

17 Flexible Deployment Core to Edge TippingPoint Digital Vaccine Service Centralized Policy and Configuration Management PROTECTS AGAINST INTERNAL ATTACKS SEGMENTS THE NETWORK TO PROTECT AGAINST BOTH INTERNAL/EXTERNAL ATTACKS PROTECTS AGAINST EXTERNAL ATTACKS

18 TippingPoint Rep DV Service Reputation Database Millions of entries Reputation Score IPv4 & IPv6 Address DNS Name Meta data 2 hour updates Security Management System Set Policy Based Upon Reputation Score Country/Geography Device Type - exploit source, malware host, Botnet CnC, spam source Access Switch IPS Platform Internet Block Outbound Traffic to Prevent Block Inbound Traffic to Prevent Botnet Trojan downloads Malware, spyware, & worm downloads Access to botnet CnC sites Access to phishing sites Spam and phishing s DDoS attacks from botnet hosts Web attacks from botnet hosts

19 lication Control and Visibility What is your companies policy? Yahoo IM Access allowed with file/photo and plug-in download denied Plugin Download Photo Transfer Direct File Transfer Yahoo IM Access

20 WebDV 2.0 Web Vulnerability Report Web Scan Service 1. Comprehensive Scan 2. Vulnerability report Input to DVLabs filter creation Web DV Filter Service 3. DVLabs creates custom Web filters 4. Web DV package deployed to IPS Virtual Patch 5. Rescan through IPS to confirm no vulnerabilities Compliance Reporting PCI-DSS, Internal mandates XXX Vulnerability Page and Parameter XXX XXX XXX XXX

21 Virtualization creates even more challenges #1 technology priority in Displaces Business Intelligence which held top position for the last 5 years 60% of virtualized servers will be less secure than the physical servers they replace 2 80% of workloads by Today 16% of workloads run in VMs 80% 50% 16% 1 Gartner EXPO, January 2010 survey of 1586 CIOs 2 Gartner: October 2010 Key Trends Facing Data Center Infrastructure 3 Gartner: March 2011 Virtual Machines Will Slow in the Enterprise, Grow in the Cloud

22 One security model for physical and virtual data center Secure Virtualization Framework (SVF) N-Platform IPS Top-of-rack switch Physical R&D servers Distributed vswitch Physical Finance servers vcontroller R&D zone vcontroller DMZ zone vcontroller Finance zone Virtualized servers cluster Security Virtualization Framework 22

23 23 THANK YOU