HP ESP 2013 Solution Roadmap C. K. Lin ( 林 傳 凱 ) Senior Channel Solution Manager, North Asia ck.lin@hp.com March 8, 2013
資 安 要 聞
議 程 HP ESP 簡 介 HP ESP 解 決 方 案 HP ESP 2013 Solution Roadmap Q&A
HP ESP 簡 介
HP Enterprise Security Products 1,500 由 ArcSight, Fortify, TippingPoint and Atalla 團 隊 來 的 資 安 專 家 1,500 在 HP Enterprise Security Services 的 資 安 專 家 唯 一 的 一 家 資 安 公 司 所 有 的 指 標 性 的 產 品 都 居 於 領 導 者 的 地 位 (Gartner s leaders quadrant) One Team, One Vision Magic Quadrant Leadership Unparalleled Customer Base Unrivaled Industry Awards ATALLA DATA SECURITY
Gartner report 2013: ArcSight should be on the list of every large organization building a SOC
HP ESP 解 決 方 案
HP ArcSight 解 决 方 案 最 高 可 達 100,000 EPS 的 效 能 ArcSight 讓 電 信 客 戶 每 天 接 獲 的 安 全 事 件 通 報 從 4000 萬 降 低 到 只 有 45 件 重 大 事 件 改 善 率 達 百 萬 倍! 事 件 關 聯 日 誌 整 合 Controls Monitoring HP ArcSight Express Identity Monitoring HP ArcSight ESM Application Monitoring Controls Reporting HP ArcSight Logger 支 援 350+ 種 資 料 來 源 及 格 式, 業 界 第 一 資 料 蒐 集 HP ArcSight Connector 日 誌 源
HP Software Security Center( 安 全 管 理 中 心 ) 9 HP Fortify 完 整 軟 體 開 發 生 命 週 期 的 解 决 方 案 Coding Integration QA Deploy Maintenance HP Fortify SCA ( 静 態 程 式 碼 分 析 ) HP Fortify SCA Develop HP WebInspect & Security Scope ( 動 態 應 用 檢 測 ) HP Fortify SS Dynamic Test HP WI Penetration Test HP Fortify RTA ( 軟 體 防 火 牆 ) HP Fortify RTA Deploy Static Code Analyzer SecurityScope WebInspect Real-Time Analyzer 方 案 最 完 整 性 價 比 最 高 HP Fortify Software Security Center Correlation Data Integration Tool Integration
TippingPoint 解 决 方 案 IPS Platform Solutions ROBO, Perim eter, Zone isolation, MSPs S 10 網 路 延 遲 最 低, 網 路 埠 數 業 界 最 多 10GE Netw ork s, Core, Data Center, Service Providers S 2500N Managem ent, Accessories, Virtualization Core Controller Security Intelligence Reputation DB 引 領 業 界 風 潮 DVLabs Services Digital Vaccine 20Mbps 2 Segments 3Gbps 11 Segments S 110 S 5100N 20Gbps 3x10GbE Broadest Coverage Evergreen Protection Security Management System (SMS) Web App DV and Scanning 100Mbps 4 Segments 5Gbps 11 Segments S 330 S 6100N Manage Multiple Units Central Dashboard Web Scan Custom Filters PCI Report 300Mbps 4 Segments 8Gbps 11 Segments SSL Appliance S 1500S Reputation DV S 660N 5200NX 750Mbps 10 Segments S 1400N 5Gbps Segments on Demand 7100NX Transparent SSL Bridging and Off-Loading Secure Virtualization Framework IP Reputation DNS Reputation ThreatLinQ 1.5Gbps 10 Segments 13Gbps 10 Segments on Demand vcontroller & vips Real Time Threat Intelligence
Atalla 解 決 方 案 Network Security Processor (banking/retail) Also Secure Configuration Assistant, Boxcar, premium/custom commands ASPs $15-35K/unit, typical customer investment $100K-$1M 90% attach rate to NonStop FSI customers, but 60% attached to other hosts Competitors: Thales, Futurex, SafeNet Enterprise Secure Key Manager (all verticals) Also Client Licenses for each enrolled encryption device ASP $20-25K/unit, typical customer investment $100K-$1M 100% attach rate to HP NonStop volume encryption, HP Storage enterprise tape library encryption, HP Storage SAN encryption, HP Cloud Services, HP ES Backup/Restore Competitors: RSA, IBM, Thales, SafeNet
HP ESP 2013 Solution Roadmap
什 麼 是 ESM 6.0c? Our performance-oriented enterprise SIEM solution ESM 5.x and earlier Relies on Oracle database technology RDBMS like Oracle is not optimized for today s SIEM requirements Complex to Deploy Hard to maintain requires DBAs to maintain it ESM 6.0c Embeds our own CORRE technology is optimized for today s SIEM requirements Simpler, faster and easier Management console makes life much easier eliminates DBAs. ESM 5.x Manager ESM 6.0c Manager Oracle Database CORRE
效 能 大 大 超 越 5.2 25 20 15 10 20 15 Oracle CORR Detect More Incidents Up to 3x the current performance using the same hardware Faster Query up to15x Address More Data Up to 20x the current capacity for correlated events using the same disk space 5 0 1 1 1 Storage EPS Query 3 Operate More Efficiently Frees up security analyst cycles for proactive monitoring No DBA needed
Fortify 3.80 & WebInspect 10 Nov. 2012 (3.7) -> Feb. 2013 (3.8) 1. Programming Environments Visual Studio 2012 &.NET 4.5. 2. Batch Bug Management Selection Criteria, Grouping Strategy, State Management. (Integrated with Quality Center) 3. Moderate improvements Search syntax AND and ORs. Speed. 4. Competitive Heads-up 5. WebInspect 10 (Integrated with WAF & TippingPoint)
Reputation-based threat intelligence HP Reputation Security Monitor (RepSM 1.5) Bad IPs/ DNS names What is it? RepSM actively manages reputation-based security policies to detect and prevent communication with known bad actors. Reputation Data Detect additional threats including peer-to-peer network use and potential spear phishing Accumulate and analyze suspicious connections, including internal, over time further Integration with HP TippingPoint IPS to automatically block attacks and exfiltration Integration with HP ThreatDetector to detect and verify zero day attack and APT spread patterns Events App Apps Devices HP SIEM Responses Servers HP threat research Database Network s
HP ESP 於 RSA Conference 2013 公 佈 的 新 產 品 1. ArcSIght & Hadoop ( 處 理 與 保 存 大 量 資 料 的 雲 端 運 算 平 台 ) 2. ArcSight & Autonomy (HP Big Data 解 決 方 案 非 結 構 化 ) 3. ArcSight & Vertica (HP Big Data 解 決 方 案 結 構 化 ) 4. ArcSight Express 4.0 5. ArcSight cloud connector 6. ArcSight Reputation Security Monitor 1.5
THANK YOU