TippingPoint Deployment Note: Threat Digital Vaccine (ThreatDV)



Similar documents
HP TippingPoint Security Management System User Guide

HP Intelligent Management Center v7.1 Virtualization Monitor Administrator Guide

HP IMC Firewall Manager

Installing Sage ACT! 2013 for New Users

HP A-IMC Firewall Manager

FTP Server Configuration

HP IMC User Behavior Auditor

WHITE PAPER. HP Guide to System Recovery and Restore

Installing Act! for New Users

Contents Notice to Users

Security Analytics Engine 1.0. Help Desk User Guide

Release Notes: Version P.1.8 Software. Related Publications. for HP ProCurve 1810G Switches

Exchange 2003 Standard Journaling Guide

HP Mobile Remote Control (Select Models Only) User Guide

Web Remote Access. User Guide

HP StorageWorks EVA Hardware Providers quick start guide

HP Device Manager 4.6

HP Data Protector Integration with Autonomy LiveVault

HP Mini Remote Control (Select Models Only) User Guide

HP BladeSystem Management Pack version 1.0 for Microsoft System Center Essentials Troubleshooting Assistant

SMTP PROXY SERVER INSTALLATION FOR HP QUICKPAGE

capacity management for StorageWorks NAS servers

By the Citrix Publications Department. Citrix Systems, Inc.

HP Load Balancing Module

Instructions for installing Microsoft Windows Small Business Server 2003 R2 on HP ProLiant servers

Installing Microsoft Windows

DameWare Server. Administrator Guide

HP ProLiant Essentials Vulnerability and Patch Management Pack Release Notes

HP Service Manager. Service Desk help topics for printing. For the supported Windows and UNIX operating systems. Software Version: 9.

AvePoint SearchAll for Microsoft Dynamics CRM

Software Manual. HP SimpleSave. Backup Software User Manual. SimpleSave

Dell InTrust Preparing for Auditing and Monitoring Microsoft IIS

6.9. Administrator Guide

TelePresence Migrating TelePresence Management Suite (TMS) to a New Server

Contents Firewall Monitor Overview Getting Started Setting Up Firewall Monitor Attack Alerts Viewing Firewall Monitor Attack Alerts

DocAve 6 Service Pack 1 Job Monitor

Best Practices for Running Symantec Endpoint Protection 12.1 on Point-of- Sale Devices

AvePoint SearchAll for Microsoft Dynamics CRM

Configuring Security for FTP Traffic

Symantec Virtual Machine Management 7.1 User Guide

Bluetooth Pairing. User Guide

Trend Micro Hosted Security. Best Practice Guide

HP Service Manager. Software Version: 9.34 For the supported Windows and UNIX operating systems. Service Desk help topics for printing

Copy Tool For Dynamics CRM 2013

HP Velocity Live QoS Support

HP OpenView Patch Manager Using Radia

Software Manual. HP SimpleSave. Backup Software User Manual. SimpleSave

Installation Guide Supplement

Integrating HP Insight Management WBEM (WMI) Providers for Windows with HP System Insight Manager

Quick Reference. Administrator Guide

Symantec Database Security and Audit 3100 Series Appliance. Getting Started Guide

HP SiteScope. HP Vertica Solution Template Best Practices. For the Windows, Solaris, and Linux operating systems. Software Version: 11.

Configuration Information

PHD Virtual Backup for Hyper-V

TRITON - Web Security Help

HP Service Manager. Collaboration Guide. For the Supported Windows and UNIX operating systems. Software Version: 9.31

Strong Authentication for Juniper Networks SSL VPN

User Guide Novell iprint 1.1 March 2015

Dell Statistica Document Management System (SDMS) Installation Instructions

Smart Control Center. User Guide. 350 East Plumeria Drive San Jose, CA USA. November v1.0

Altiris IT Analytics Solution 7.1 SP1 from Symantec User Guide

HP PolyServe Software upgrade guide

Portal Administration. Administrator Guide

HP Device Manager 4.6

Dell OpenManage Mobile Version 1.4 User s Guide (Android)

Imaging License Server User Guide

Avalanche Site Edition

HP VMware ESXi 5.0 and Updates Getting Started Guide

Application Note. Intelligent Application Gateway with SA server using AD password and OTP

HP eprint Enterprise. Installation Checklist. Release 4.2

AvePoint Tags 1.1 for Microsoft Dynamics CRM. Installation and Configuration Guide

Cyberoam Virtual Security Appliance - Installation Guide for VMware ESX/ESXi. Version 10

P4000 SAN/iQ software upgrade user guide

HP OpenView AssetCenter

HP Service Manager. Software Version: 9.40 For the supported Windows and Linux operating systems. Collaboration Guide

Spotlight Management Pack for SCOM

Citrix Receiver. Configuration and User Guide. For Macintosh Users

GFI Product Manual. Administration and Configuration Manual

ArcMail Technology Defender Mail Server Configuration Guide for Microsoft Exchange Server 2003 / 2000

Spotlight Management Pack for SCOM

ESET Mobile Security Windows Mobile

HP Business Service Management

January 23, 2010 McAfee SaaS Continuity User Guide

STRM Log Manager Administration Guide

HP ProLiant DL380 G5 High Availability Storage Server

HP Quality Center. Software Version: Microsoft Word Add-in Guide

HP Server Management Packs for Microsoft System Center Essentials User Guide

Dell Spotlight on Active Directory Server Health Wizard Configuration Guide

HP Data Protector Integration with Autonomy IDOL Server

AvePoint Record Rollback for Microsoft Dynamics CRM

Quick Start to Evaluating. HP t5630w, HP t5730w, HP gt7720

Symantec Protection Center Enterprise 3.0. Release Notes

Lab - Using Wireshark to View Network Traffic

Dell InTrust Preparing for Auditing Microsoft SQL Server

How To Install A Citrix Netscaler On A Pc Or Mac Or Ipad (For A Web Browser) With A Certificate Certificate (For An Ipad) On A Netscaler (For Windows) With An Ipro (For

HP Service Manager. Software Version: 9.40 For the supported Windows and Linux operating systems. Application Setup help topics for printing

Transcription:

TippingPoint Deployment Note: Threat Digital Vaccine (ThreatDV) Reputation Digital Vaccine (RepDV) is now the Threat Digital Vaccine (ThreatDV), a premium subscription service that includes both the reputation database from Reputation Digital Vaccine (RepDV) plus the new Malware Filter Package. Important: If you already subscribe to RepDV, your subscription will automatically switch to a ThreatDV subscription. See Deploy the Malware Filter Package on page 3 for information on downloading and deploying the Malware Filter Package. Reputation Feed Previously known as Reputation DV, Reputation Feed enables organizations to monitor and block inbound and outbound communications with known malicious and undesirable hosts. It is a robust security intelligence feed powered by advanced analytics and a global reputation database of IPv4, IPv6, and Domain Name System (DNS) names. Reputation feed is updated multiple times a day to stay ahead of emerging threats and reduce customer security risks. Malware Filter Package The Malware Filter Package is new set of lters that uses a different technology than the Reputation Feed to provide targeted malware protection. These lters alert on a wide range of currently active malware families. These lters are designed to detect post-infection traffic such as: Bot activity Phone-home Command-and-control Data ex ltration The Malware Filter Package is updated at least weekly to provide malware protection for your network. HP TippingPoint Deployment Note: Threat Digital Vaccine (ThreatDV) Page 1

Malware Filter Package ThreatDV: Malware Filter Package delivers an additional layer of malware protection through advanced threat protection lters. The use of the malware lters with the Reputation Feed provides the most comprehensive security coverage for enterprise environments. The Malware Filter Package is available now on the Threat Management Center (TMC) to current subscribers of the ThreatDV service, formerly known as Reputation Digital Vaccine (RepDV). Note: To align with the new ThreatDV bundling of these security offerings, the RepDV service has been renamed to Reputation Feed. The combination of Reputation Feed and Malware Filter Package is referred to as ThreatDV. System requirements The ThreatDV Malware lters are supported on the following platforms: IPS running TOS 3.7 or later Security Management System (SMS) running version 4.1 or later ThreatDV license enabled for your HP TippingPoint system Note: The Malware Filter Package is not supported on the Next Generation Firewall (NGFW) appliances. Malware Filter Package best practices The Malware Filter Package is disabled by default when activated. HP DVLabs does not recommend turning on all lters in the Malware Filter Package installed on your device, except to establish a baseline. For best results, activate the Malware Filter Package and review the lters contained in the package to determine which lters you need to apply immediately to address a speci c threat. After you learn the behavior of the lters in your network environment, you can determine which actions (block, disable, or permit) to apply based on your analysis. When you create a pro le, it will inherit the default pro le settings regarding how to treat speci c categories of lters. Malware lters are included in the Virus category. The recommended default action set for Virus category lters is not a Block action. Update the malware pro le to override and change the action for the malware lters. For more information about the lter categories, refer to your product documentation. HP TippingPoint Deployment Note: Threat Digital Vaccine (ThreatDV) Page 2

View lters The Malware Filter Package is delivered within the Auxiliary DV framework on a weekly basis. Use the SMS search function or the Local Security Manager (LSM) to search the lters: On the SMS, expand Pro les > Inspection Pro les and select Global Search. In the Search Criteria screen, expand the Source Criteria section to reveal the Package Source options. Select Auxiliary DV (Malware). You can also search a pro le for lters that are included in the pro le. On the LSM, use the lter search facility and enter keyword "malware lter package" to display the malware lters Note: For more information about searching for lters, see the SMS or LSM documentation. For more information about Auxiliary DV packages, see What is an Auxiliary DV on page 3. What is Auxiliary DV? Auxiliary DV is the architectural framework that allows you to manage lter package updates apart from Digital Vaccine packages on the SMS and IPS security devices. The Malware lter Package is delivered through the Auxiliary DV framework. Auxiliary lter packages work in conjunction with the regular Digital Vaccine by augmenting the protection provided by the regular DV. Auxiliary lter packages do not duplicate any lters in the regular or any other lter package. The Auxiliary framework supports multiple types of concurrently active lter packages on a device, which means you can install or distribute an active Malware Filter Package without a con ict with the installed Digital Vaccine package. You can manage the Malware Filter Packages using the Auxiliary DV features on the SMS and IPS devices during the initial launch period of the ThreatDV. Deploy the Malware Filter Package Customers who have the Reputation Feed (RepDV) service enabled can download the Malware Filter Package from the TMC to begin receiving regular updates. The Malware Filter Package updates are delivered on a weekly basis, but on a schedule independent from the regular Digital Vaccines. HP TippingPoint Deployment Note: Threat Digital Vaccine (ThreatDV) Page 3

HP DVLabs recommends proceeding with caution when implementing the Malware lters, which are disabled by default. Because of the breadth of these lters, there is a potential impact on performance and a higher rate of false positives. In general, when you deploy the Malware Filters: Consider your initial deployment a trial run to detect potential problem areas. To establish an initial baseline, enable all malware lters by using the recommended Permit+Notify action set. If you suspect an imminent threat, enable the lter that addresses the threat with a Block or Block+Notify action. Monitor noti cations and evaluate the lters that are triggering to determine if they constitute a true threat or a false-positive. Adjust the lter settings accordingly to ensure the appropriate response. For example, change the action from Permit to Block or Block+Notify where needed. Continue monitoring, evaluating, and adjusting to mitigate any threats. Any gaps in your protection should be addressed through this process. SMS Filter Package Deployment The following topics are speci c to deployment tasks. For additional information, such as searching lters in installed lter packages and monitoring events and noti cations, see Related documentation on page 8. Manually download and install the Malware Filter Package Use the following steps to download the Malware Filter Package from the Threat Management Center (TMC) and import it to the SMS. 1. In a web browser, open https://tmc.tippingpoint.com/tmc/. If you have not already done so, create a TMC account. See the Read Me First document that accompanied your product for the instructions. 2. On the TMC menu, select Releases > ThreatDV > Auxiliary DV (Malware). The Auxiliary DV (Malware) Packages page will open with the most recent version at the top of the list. 3. Click the Download button next to the appropriate package in the list. 4. Review the End User License Agreement (EULA), then click Accept to continue (to cancel, click Decline). 5. On the File Download screen, click Save. Note: To avoid unexpected behavior on the SMS, do not change the le name. HP TippingPoint Deployment Note: Threat Digital Vaccine (ThreatDV) Page 4

6. In the SMS, select Pro les > Auxiliary DV to display the Auto Auxiliary DV Activation screen. 7. In the Auxiliary DV Inventory section, click Import. 8. Select the Malware Filter Package, and then click OK. The le imports and displays in the DV Inventory section. To verify that the Malware Filter Package is installed, navigate to the Pro les section on your SMS and click Auxiliary DVs. The package information is displayed in the Auxiliary DV Inventory section. Make sure that the Auxiliary DV Malware Filter Package is listed. Set up automatic updates on the SMS Use the following steps to con gure the SMS to automatically update Auxiliary DV packages. 1. In the SMS, select Pro les > Auxiliary DV to display the Auto Auxiliary DV Activation screen. 2. In the Auto Auxiliary DV Activation screen, click Edit. 3. In the Auto DV Settings, select the automatic options to apply, and then click OK. Automatic Download Automatically get latest Auxiliary DV updates on the SMS when available. Automatic Activation Activate the Auxiliary DV on download to the SMS. Automatic Distribution Distribute the Auxiliary DV package updates when downloaded to SMS. Note: When all three options are selected, the installed Malware Filter Package on devices managed by the SMS will be updated with each refresh provided on the TMC. Activate a Malware Filter Package on the SMS Use the following procedure to activate packages that have been deactivated or are not automatically activated. 1. In the SMS, select Pro les > Auxiliary DV to display the Auto Auxiliary DV Activation screen. 2. On the Auto Auxiliary DV Activation screen inventory listing, select the Auxiliary package to activate, and then click Activate. If you choose to deactivate an Auxiliary DV package, select the package and then click Deactivate. Note: You cannot delete a package that is active on a device until it has been deactivated. HP TippingPoint Deployment Note: Threat Digital Vaccine (ThreatDV) Page 5

Deployment tasks without an SMS You can manually download the Malware Filter Package from the TMC if: You are not using the SMS to manage your IPS device(s) Your device(s) are registered for the ThreatDV service Note: Before you can use the Malware Filter Package, you must enable the lters in a pro le. Verify Reputation Feed is enabled Use the following method to verify that a ReputationDV license is enabled on an IPS device: On the LSM System Summary page, select License and verify that the Reputation Permit status is Allow. To view the currently installed version of the license package, navigate to System > Update > Update Summary and view the Currently Installed Versions listed. If no version number or N/A is listed, then the ReputationDV service is not enabled for the device. Install the Malware Filter Package on an IPS Device Use the following steps to download and install the Malware Filter Package to the local device. 1. In the LSM navigation menu, expand System > Update, and then click Install Package. 2. On the Install Package screen, follow the steps provided to access the TMC, select the package from the Releases menu, and then download the package to the local device. Note the download location. 3. After verifying available disk space if you need to free disk space to meet the requirements, delete older versions of DV packages that are no longer used select the options you want to apply: Enable High Priority Preferences Give the DV update process highest priority. Note: The system does not give priority to updates over attacks. Enable Layer-2 Fallback Place the device in Layer-2 Fallback mode during the DV update process. 4. Select the package you downloaded to the device and click Install. HP TippingPoint Deployment Note: Threat Digital Vaccine (ThreatDV) Page 6

View currently installed versions Use these steps to verify the Malware Filter Package installed successfully. 1. In the LSM navigation pane, expand System > Update. 2. Click Update Summary and scroll to the Auxiliary DV Packages section. The currently installed Auxiliary DVs by type, version description, and function displays. Verify the Malware Filter Package is on the list. Get Malware Filter Package updates on the device Standalone IPS devices do not support automatic updates for the Malware Filter Package. To update the Malware Filter Package, use Manually download and install the Malware Filter Package on page 4. Note: Auto update can be enabled using the Auto Auxiliary DV Activation feature on the SMS. 1. In the LSM, expand System > Update. 2. Select the Auxiliary Malware Filter Package and click Update Now. The latest update is downloaded from the TMC and installed on the device. Note: Enable Auto Update using the Auto Auxiliary DV Activation feature on the SMS. Troubleshooting tips The following tips will help you address errors you may encounter during deployment of the Malware Filter Package. For additional information about known issues with the Malware Filter Package feature in the SMS or the IPS, review the release notes for the respective product on the TMC. Importing Malware Filter Packages on SMS If a Package not found error is displayed when you use Import to import a Malware Filter Package on the SMS, this typically indicates that the SMS client is out of sync with the server data. To re-synchronize the data: 1. Log out of the session, and then log back in. 2. Try to import the package again. HP TippingPoint Deployment Note: Threat Digital Vaccine (ThreatDV) Page 7

If you are unsuccessful, contact a support representative. See Support Information on page 8. Setting up Auto Update noti cation SMS 4.1 does not fully support DV Noti cation popups for the Malware Filter Package updates when DV Noti cation Popups is enabled in the Auto Auxiliary DV Activation screen. As a workaround, auto updates can be enabled. HP recommends that you set up automatic updates of the Malware Filter Package by enabling the following options in the Auto Auxiliary DV Activation screen: Auto Download Auto Activation Auto Distribution Backing up the Malware Filter Package The SMS may fail to display the Malware Filter Package information properly when using the system backup features on the SMS. For example, only the activated packages might appear on the System Backup page for the Malware Filter Package after a restore procedure, even though a complete restore was successful. Adaptive Filter Control If you enable Adaptive Filter Con guration (AFC), there is the potential that the behavior of a ThreatDV Malware Filter may be altered according to the AFC mode enabled for the device. Related documentation For information about how to work with the malware lters in the SMS or in the device LSM or CLI, see the product documentation available on the Threat Management Center (TMC) at https://tmc.tippingpoint.com/tmc. Support Information HP TippingPoint is committed to providing quality customer support for all of our products. If you need customer support, contact the HP support center for your product. You can nd the customer support contact information for your product in the HP TippingPoint Deployment Note: Threat Digital Vaccine (ThreatDV) Page 8

Read Me First document that is in your product shipment. The Read Me First document is also available on the HP TippingPoint Threat Management Center (TMC), https:// tmc.tippingpoint.com/tmc/. If this is your rst purchase of an HP TippingPoint product, contact customer support to register your product and access online support. Self-Service Portal HP provides an online self-service portal for HP TippingPoint customers. The Self- Service Portal provides a tool for customers to manage their support cases. After registering for an account, you can submit new technical support cases and manage existing ones. For more information about accessing the online Self-Service Portal, refer to the Read Me First document. Contacting support To expedite your support request, please take a moment to gather some basic information from your records and from your system before contacting customer support. For example, your support representative may need your device serial number and the versions of your product software to assist you. For additional details about contacting support and gathering needed information before contacting support, refer to the Read Me First document. Legal and notice information Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company makes no warranty of any kind with regard to this material, including, but not limited to, the implied warranties of merchantability and tness for a particular purpose. Hewlett-Packard shall not be liable for errors contained herein or for incidental or consequential damages in connection with the furnishing, performance, or use of this material. This document contains proprietary information, which is protected by copyright. No part of this document may be photocopied, reproduced, or translated into another language without the prior written consent of Hewlett-Packard. The information is provided as is without warranty of any kind and is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein. TippingPoint, the TippingPoint logo, and Digital Vaccine are registered trademarks of Hewlett-Packard All other company and product names may be trademarks of HP TippingPoint Deployment Note: Threat Digital Vaccine (ThreatDV) Page 9

their respective holders. All rights reserved. This document contains con dential information, trade secrets or both, which are the property of Hewlett-Packard No part of this documentation may be reproduced in any form or by any means or used to make any derivative work (such as translation, transformation, or adaptation) without written permission from Hewlett-Packard or one of its subsidiaries. Adobe and Acrobat are trademarks of Adobe Systems Incorporated. Microsoft, Windows, Windows NT, and Windows XP are U.S. registered trademarks of Microsoft Corporation. Printed in the United States. HP TippingPoint Deployment Note: Threat Digital Vaccine (ThreatDV) Page 10

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information