HP Next-Generation Network Security Solutions Radoslav Georgiev Technical Consultant HP Networking rgeorgiev@hp.com
The Network Infrastructure Has Revolutionized Mainframe Client/Server Web Computing Mobile & Cloud Computing 2
The Network Security Industry Is Falling Short Mainframe Client/Server Web Computing Mobile & Cloud Computing 3
Your User Is the Biggest Risk for Infiltration 4
Historically, TippingPoint Has Protected your Apps and Data in your Data Center in your Campus Network in your Branch Office 5
Now, TippingPoint Protects Users, Apps and Data 6
What is a NGFW?
Evolution of the Firewall Why HP TippingPoint NGFW Stateful Firewalls NGFW UTM HP TippingPoint NGIPS NGIPS & NGFW 2001 Today 8
What is Next-Generation Firewall? Next Gen IPS Enterprise Firewall Integrated Policy DVLabs research and feeds 9 User and app policy
Why the HP TippingPoint Next-Generation Firewall?
The Value HP TippingPoint Provides Simple Effective Reliable Easy-to-use, configure and install with centralized management Industry leading security intelligence with weekly DVLabs updates NGIPS with 99.99999% network uptime track record 11
Simplicity Matters Deploys in minutes Easy-to-manage graphical user interface Single enterprise management solution for NGIPS and NGFW devices Set and forget security 60% of customers deploy with recommended settings. Frost & Sullivan 12
Effectiveness Matters Over 8,100 filters of network protection right out of the box Over 3,000 security researchers focused on emerging threats ~3,000+ independent researchers Proven accuracy with no false positives Optimize network performance and protect business critical applications2,000+ customers participating DVLabs Research & QA 13 0 false positives since being enabled 15 months ago. Sr. Network Security Engineer from Financial Services Note: All figures are rounded. The base year is 2012. Source: Frost & Sullivan
Exploit of Vulnerable Application HP TippingPoint Vulnerability Filter Term Definition Vulnerability Exploit B (missed by Exploit Filter A) HP TippingPoint Vulnerability Filter Exploit A False Positives Standard IPS Exploit Filter for Exploit A Vulnerability Exploit Exploit Filter Vulnerability Filter Security flaw in a software program Attack on a vulnerability to: Gain unauthorized access Create a denial of service Stops a single exploit Easy to produce Typically produced due to IPS engine performance limitations Results in missed attacks and false positives Stops all exploits attacking the vulnerability 14
Our Zero-day Coverage Compared to Competition Compiled from publicly verifiable data at http://www.microsoft.com/technet/security/current.aspx 15
Reliability Matters 99.99999% highly reliable NGIPS engine Inline deployment without affecting network performance 2 reliable modes of deployment Routing Active-Passive high availability Transparent with bypass Resilient hardware 16
Thank you