HP Software EMEA Performance Tour 2013...•Hot-Swappable I/O modules •Stops malicious traffic &...
Transcript of HP Software EMEA Performance Tour 2013...•Hot-Swappable I/O modules •Stops malicious traffic &...
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
ESP Making Network Security Relevant
HP TippingPoint NGIPS
Karl Hertenstein / ESP Solution Architect Switzerland & Austria September 18th, 2013
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 3
Agenda
Landscape
HP TippingPoint NGIPS
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Landscape
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 5
Rise of the cyber threat
Enterprises and Governments are experiencing the most AGGRESSIVE THREAT ENVIRONMENT in the history of information
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 6
Cyber Attacks are now a global concern
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 7
Customers struggle to manage the security challenge
Today, security is a
board-level agenda item
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 8
Customers struggle to manage the security challenge
Primary Challenges
Nature & Motivation of Attacks (Fame fortune, market adversary) 1
Research Infiltration Discovery Capture Exfiltration
A new market adversary
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 9
Customers struggle to manage the security challenge
Nature & Motivation of Attacks (Fame fortune, market adversary) 1
Primary Challenges
Nature & Motivation of Attacks (Fame fortune, market adversary) 1
Transformation of Enterprise IT (Delivery and consumption changes) 2
Traditional DC Private Cloud Managed Cloud Public Cloud
Network Storage Servers
Virtual Desktops Notebooks Tablets Smart phones
Consumption
Delivery
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 10
Customers struggle to manage the security challenge
Transformation of Enterprise IT (Delivery and consumption changes) 2
Primary Challenges
Nature & Motivation of Attacks (Fame fortune, market adversary) 1
Transformation of Enterprise IT (Delivery and consumption changes) 2
Regulatory Pressures (Increasing cost and complexity) 3
Basel III
DoD 8500.1
Policies & Regulations
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 11
Attacks & attackers become more sophisticated
Broad Attacks
Advanced Targeted Threats
Stuxnet Duqu Aurora “Only 16% of Firms Have a Security Policy in Place to Protect Against Advanced, Targeted Threats.” *
Recreational Hackers
Organized Crime & Nation States
* Source: Global State of Information Security Survey, PricewaterhouseCoopers, CIO magazine, CSO magazine, September 2011
What Is an Advanced, Targeted Threat?
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 12
Discovery
The adversary ecosystem
Research
Our enterprise
Their ecosystem
Infiltration
Capture
Exfiltration
5X 1X
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 13
Example of a High-Profile Attack: RSA Data Breach
5:00 AM Finance person receives a spearphishing email
8:31 AM RAT program downloaded utilizing Adobe Flash vulnerability
NEXT DAY / 12:01AM NMAP scan to identify and classify network resources
8:30 AM Opens to see “2012 Recruitment plan.xls” file
11TH DAY / 12:05 AM Encrypt and ftp file to good.mincesur.com
OVER THE NEXT 10 DAYS Collect data over a period of time
12TH DAY Attack hits the headlines
8:32 AM Poison Ivy RAT is initiated
1 2 3 4
5 6 7 8
10
DAY
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 14
The Impact is Real…
March 17, 2011
RSA Hit By Advanced Persistent Threat
RSA has been breached and sensitive token key information from more than 40 million end users may have been compromised.
May 31, 2011
Lockheed Martin Suffers Massive Cyberattack
“Significant and tenacious” attack targeted multiple defense contractors and involved hack of RSA SecurID System.
Breaches Are Costly
• RSA announced cost of breach at $66 million
• Negative press. Loss of business and loss of trust.
The Stakes Are High
• Intellectual property loss could compromise national security
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 15
And RSA Was Not Alone…
Barracuda Hit By Cyber Attack Attacker grabbed the information using an SQL injection script
Stuxnet Worm Sophisticated worm attacks Siemen’s SCADA industry control systems and Windows.
United Nations Cyber attack on United Nations leads to massive loss of information and posses huge economic threat.
360,000 accounts hacked in cyber attack; $2.7 million stolen.
Sony Online estimates 25 million customer accounts hacked.
Directors Desk application breached, Web-based collaboration and communications tool for senior executives and board members
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 16
84% of breaches occur at the application layer
68% increase in mobile application vulnerability disclosures
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 17
average time to detect breach 416 days
2012 January February March April May June July August September October November December 2013 January February March April
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 18
of breaches are reported by a 3rd party 94%
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 19
What are customers missing?
Converged infrastructures require high rates of inspected traffic throughput
Virtualization requires virtual security
Protection from zero-day vulnerabilities
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
HP TippingPoint NGIPS
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 21
Next Generation Intrusion Prevention System (NGIPS)
What’s Gartner’s Recommended Solution?
Standard First Gen IPS Capabilities
Application Awareness and Visibility
Context Awareness
Content Awareness
Agile Engine
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 22
How can we fit the requirements?
Converged infrastructures require high rates of inspected traffic throughput
Virtualization requires virtual security
Protection from zero-day vulnerabilities
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 23
HP TippingPoint NX Serie
• Highest port density on the market today
• Hot-Swappable I/O modules
• Stops malicious traffic & protects vulnerable applications
• Provides application visibility and control
• Installs ~1 hour for quick in-line threat protection
• Ensures high network performance and availability
• Provides low-latency for real-time applications
• Easy to configure, deploy and manage
Multiple security services: • Reputation Services • Web Application Security • Application awareness, control and
security • Customized Security and Protection • Global Threat Intelligence
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 24
NX Platform
Market Leading 2U Port-Density
with Swappable Modules
Available Models:
2600NX, 3 Gbps
5200NX, 5 Gbps
6200NX, 10 Gbps
7100NX, 15 Gbps
7500NX, 20 Gbps
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 25
Swappable I/O Modules
Non-Bypass-Modules
- 6 segment Gig-T
- 6 segment GbE-SFP
- 4 segment 10GbE-SFP+
- 1 segment 40GbE-QSFP+
Bypass-Modules*
- 4 segment Gig-T
- 2 segment 1GbE-Fiber-SR
- 2 segment 1GbE-Fiber-LR
- 2 segment 10GbE-Fiber-SR
- 2 segment 10GbE-Fiber-LR *Provide connectivity when power fails
Complete range available, including bypass-options
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 26
Flexibility and Performance
NGIPS
Appliance
Inspection
Thrgp. [Mbps]
Inline IPS
Segments
Ports
10 20 2
110 100 4
330 300 4
660 N 750 10
1400 N 1.500 10
2500 N 3.000 ≤11
2600 NX 3.000 ≤24
5100 N 5.000 ≤11
5200 NX 5.000 ≤24
6100 N 8.000 ≤11
6200 NX 10.000 ≤24
7100 NX 15.000 ≤24
7500 NX 20.000 ≤24
1Gbps Ethernet Copper
1Gbps Ethernet Fiber
10Gbps Ethernet Fiber 40Gbps Ethernet Fiber
Network
Thrgp. [Mbps]
20
100
300
750
1.500
15.000
40.000
15.000
40.000
15.000
40.000
100.000
100.000
Connections
per Second
Concurrent
Sessions
3.600 1.000.000
9.700 1.000.000
18.500 1.000.000
115.000 6.500.000
115.000 6.500.000
230.000 10.000.000
300.000 30.000.000
230.000 10.000.000
300.000 30.000.000
230.000 10.000.000
300.000 30.000.000
450.000 60.000.000
450.000 60.000.000
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 27
The HP TippingPoint Security Management System (SMS) provides unified management to HP TippingPoint products, acts as a connecting point for strategic integration, and adds value to security solutions.
Features:
• Centralized • Multi-tenancy • Best of Breed Management • Easy Installation • 3rd Party Integration • Security Services Aggregation • Graphing and Reporting • Active Updates
HP TippingPoint Security Management System
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 28
HP TippingPoint protects from data center to edge
• Blocks threats attacking applications and operating systems
• Network-embedded and standalone devices
• Endpoint management
• Protection for physical, virtual, and cloud environments
• Best-of-Breed Management
and Reporting
Unified network security policy console
Campus LAN
Edge
Wireless LAN Core
Data center
Remote offices and branches
Tele-workers, partners, and customers
Virtual machines (VMs)
WAN
Internet
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 29
How can we fit the requirements?
Converged infrastructures require high rates of inspected traffic throughput
Virtualization requires virtual security
Protection from zero-day vulnerabilities
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 30
CorporateDMZPCI
DMZPCI Corporate
HP TippingPoint vController + Firewall
VMware vCenter
VMware vSphere
Server Admin Domain
Security Domain
Secure VMware Virtualisation with HP TippingPoint
CloudArmour: purpose-built for virtualization network security
Extending Security to Virtual Environments
– IPS protection for virtual zones and perimeters
– Enforce network zones/segmentation in virtual network layer
– Extend compliance zones into virtual environment
– Maintain separation of duties
– Address virtualisation specific challenges: • VM Sprawl
• VM Mobility
• VM Patch Management (Rollback and Templates)
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 31
How can we fit the requirements?
Converged infrastructures require high rates of inspected traffic throughput
Virtualization requires virtual security
Protection from zero-day vulnerabilities
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 32
Proactive Prevention
Vulnerability Is found
t1
Exploit-Code is „In-The-Wild“
t2
Software Vendor releases Patch
t3 t4
Patch Rollout
Proactive IPS Protection
Vulnerability is discovered first, exploits are released later Ratio of (Vulnerability : Exploits) is always (1:n), where n>1
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 33
HP TippingPoint Vulnerability Filter
Exploit of Vulnerable Application
33
Vulnerability False Positives
Standard IPS Exploit Filter for Exploit A
Exploit A Exploit B (missed by Exploit Filter A)
Term Definition
Vulnerability Security flaw in a software program
Exploit Attack on a vulnerability to: • Gain unauthorized access • Create a denial of service
Exploit Filter Stops a single exploit • Easy to produce • Typically produced due to IPS engine
performance limitations • Results in missed attacks and false
positives
Vulnerability Filter Stops all exploits attacking the vulnerability
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 34
Proactive Security with HP TippingPoint DVLabs
• Leading security research organization
• The leader in zero day vulnerability discovery
• Delivers earliest filter protection
• Staffed by 30+ dedicated researchers
DVLabs Research
Partners
SANS, CERT, NIST, OSVDB etc. Software & reputation vendors
2,000+ customers participating
1,650+ independent researchers
Industry Leading Security Research Industry Leading Threat Protection
DVLabs Security Services
Protects against 1000’s of exploits
Reputation Blocks Millions of Known Bad Hosts
Application Granular App Control and Rate Limiting
DV Toolkit Custom Filter Tool with SNORT support
Web Application Inspect and Protect Web Apps
Monitor the Global Threat Landscape
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 35
HP TippingPoint DVLabs Digital Vaccine Service
And Provides Earliest Protection Against Zero Day Threats DVLabs Discovers More Vulnerabilities
DVLabs: Leading the Industry in Vulnerability Discovery AND Filter Delivery
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 36
Recognized security research leader
Frost & Sullivan Market Share Leadership Award for Vulnerability Research
3 years in a row! At any time, 200 to 300 zero day vulnerabilities only HP knows about
Analysis of vulnerabilities by severity (continued) Key takeaway: HP TippingPoint continues to lead in critical0severity vulnerability disclosures.
Note: All figures are rounded. The base year is CY 2011. Source: Frost & Sullivan analysis
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 37
Protection Against Advanced Targeted Attacks
5:00 AM Finance person receives a spearphishing email
8:31 AM RAT program downloaded utilizing Adobe Flash vulnerability
NEXT DAY / 12:01AM NMAP scan to identify and classify network resources
8:30 AM Opens to see 2012 Recruitment plan with .xls file
11TH DAY / 12:05 AM Encrypt and ftp file to good.mincesur.com
OVER THE NEXT 10 DAYS Collect data over a period of time
12TH DAY Attack hits the headlines
8:32 AM Poison Ivy RAT is initiated
1 2 3 4
5 6 7 8
10
DAY
Spearphishing Attack
Detects mail traffic containing phishing attack techniques
RepDV blocks mail traffic from known sources of phishing emails
Content Awareness
Context Awareness
Malicious Email Attachment
Leverages 200 content filters from DV Labs to prevent download of emails with malicious attachments
Content Awareness
Exploit of Vulnerable Application
DVLabs Filter Service offers over 100 filters to protect against Adobe exploit
Content filters detect download of Poison Ivy RAT
RepDV detects downloads from known sources of Malware and Spyware
Vulnerability Protection
Content Awareness
Context Awareness
Reconnaissance and Mapping
• NGIPS detects the scan, quarantines the host, determines USER ID correlated with that host, then alerts end user and admin
• GEOLOCATION information included in each event shows a shift in this attack from external to internal
Context Awareness
External Use of Compromised Host
NGIPS detects and takes action on Poison Ivy command and control TRAFFIC
NGIPS detects and takes action on COMMUNICATIONS with known malicious hosts
Content Awareness
Context Awareness
Data Leakage
RepDV Service detects and blocks communications with known bad hosts, domains, and unapproved geographies
Context Awareness
HP TP Next Gen IPS Delivers
TEN Countermeasures
Ongoing Scanning and Data Collection
HP ArcSight ESM identifies anomalous internal activities by analyzing and correlating every event, then provides real time dashboards, notifications or reports to the security administrator
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 38
Comprehensive network, application and cloud data center protection
HP TippingPoint Confidently Secures Your Network
HP TippingPoint Other network security vendors
Pre-zero-day attack coverage —
Precise filters that minimize false positives —
1,600 global security researchers —
Industry leader in vulnerability discovery —
Global threat intelligence portal (ThreatLinQ) —
Leading virtualization security solution —
Installs in-line in less than 2 hours —