Intrusion Prevention Intrusion Prevention for for Service ...


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Intrusion Prevention Intrusion Prevention for for Service ...

  1. 1. Intrusion Prevention for Service Providers Secure IP Infrastructure is Critical for VoIP
  2. 2. TippingPoint – The Company The Proven Leader in Intrusion Prevention (NASDAQ: TPTI) – Launched industry’s first intrusion prevention solution, January 2002 – Only Vendor Awarded NSS Gold for Intrusion Prevention, January 2004 Deep Domain Expertise and Experienced Management – Networking, security and software knowledge from industry-leading companies such as Cisco, SANS, NetSpeed, Alcatel, IBM, Efficient, Motive Best-of-breed Technology and Execution – Tens of millions of dollars invested in core technology R&D – Highly parallel, custom packet-processing ASIC technology – Patent-pending technologies that deliver unmatched performance CONFIDENTIAL
  3. 3. Select TippingPoint Customers and Awards Awards CONFIDENTIAL
  4. 4. The Security Risk Gap is Growing Exponentially New security demands exceed IT capacity – Increasing rate of new vulnerabilities Security – Decreasing time to patch them Risk Gap – Walk-in worms, e-mail attacks – Rogue applications “stealing” IT resources ds m an Traditional tools can’t fully mitigate y De today’s security challenge it c ur – Perimeter firewalls are porous Se (e.g. allow port 80) and can’t handle the core – Comprehensive patching is impossible IT Security Capacity – Not all end-points under IT control Time, Business Growth Line speed Intrusion Prevention closes the gap CONFIDENTIAL
  5. 5. UnityOne Closes the Security Risk Gap Network Performance is Accelerated Perf System Up-time is Maximized ime Emergency Patching Triage is Up-t Eliminated ds m an No T riag e y De Plug-and-Play Operation it c ur Play Se g and – No tuning required Plu IT Security Capacity Time, Business Growth Business Continuity is assured and the cost of security operations is reduced CONFIDENTIAL
  6. 6. UnityOne IP Service Control Ultra-High Intrusion Prevention Performance Custom Hardware 5 Gbps Throughput IP Service Bandwidth Management Switch-Like Latency 2M Sessions Control Total Flow Inspection 10K Parallel Filters Content-based QOS Service providers demand uncompromising performance, reliability, and protection CONFIDENTIAL
  7. 7. Intrusion Prevention Protect: Applications and Intrusion Prevention Operating Systems Subscriber Desktops Broadband Network Elements Bandwidth Management IP Service Email, News, DNS Servers Control Real time VoIP Security Content-based QOS ROI Components: Reclaimed Infrastructure Capacity (Router, Server) Performs Total Inspection at Layers 2-7 Eliminate Emergency Patching Protects Subscriber Desktop Vulnerabilities Fewer Help Desk Calls – Quarantine Infected Subscribers to a Walled-Garden Fewer Truck Rolls Protects Network Equipment Vulnerabilities Reduced Subscriber Churn Protects Server Vulnerabilities Protects Against Anomalous Traffic Behavior CONFIDENTIAL
  8. 8. Bandwidth Management Intrusion Prevention Protect: Bandwidth Server Capacity Mission-Critical Traffic Bandwidth Management IP Service ROI Components: Control Reclaimed Infrastructure Capacity Content-based QOS Reduced Bandwidth Expense Increases Network Performance Even When Not Under Attack Rate Limits Non-Mission Critical Applications – Controls Peer-to-Peer Traffic – Controls unauthorized Instant Messaging – Controls Rogue Applications – Eliminates Misuse and Abuse CONFIDENTIAL
  9. 9. Content-based QOS Identify: Intrusion Prevention Specific Applications Premium Subscribers Content Partners ROI Components: Bandwidth Management IP Service Incremental Revenue Control from Subscribers Incremental Revenue Content-based QOS from Application and Content Partners Identify specific sessions – Based on Application, Subscriber, Content, existing QOS markings Notify Service Control Elements – Eliminate dependence on Client knowledge of network rules Add or modify marking for appropriate QOS priority in the network – Set DSCP/TOS, 802.1P/Q VLAN, MPLS tags Enforce QOS by prioritizing queues using CBR and VBR CONFIDENTIAL
  10. 10. Secure Cable HSD Networks CONFIDENTIAL
  11. 11. Secure DSL Networks CONFIDENTIAL
  12. 12. Network-Based Model: Managed Secure Service Service with Network-Based Managed Secure Service UnityOne-2000 provided via UnityOne Solutions Business Customer #1 UnityOne-2000 Internet Business Customer #2 UnityOne-2400 Security Management System (SMS) Business Centralized Network Customer #3 Management for Managed Redundant Network Secure Service Links CONFIDENTIAL
  13. 13. Automatic Digital Vaccine • SANS • CERT Raw Intelligence • Vendor Advisories • Bugtraq Feeds • VulnWatch • PacketStorm • Securiteam @RISK Digital Vaccine Vulnerability Analysis Weekly Report Automatically Delivered to Customers Vaccine Creation Scalable distribution network using Akamai’s 9,700 servers in 56 countries CONFIDENTIAL
  14. 14. Performance Protection – Rogue Application Control Example 200 180 160 Mbps (Average per Hour) 140 Oracle 120 E-mail HTTP 100 P2P Rate Limit Kazaa 80 eDonkey WinMX 60 40 20 0 13:00 19:00 1:00 7:00 13:00 19:00 1:00 7:00 13:00 19:00 1:00 7:00 13:00 19:00 1:00 7:00 13:00 19:00 1:00 7:00 13:00 19:00 1:00 7:00 13:00 19:00 1:00 7:00 13:00 19:00 Protects mission-critical application Generates report graphs for each bandwidth virtual pipe Controls misuse and abuse Unlimited number of virtual pipes CONFIDENTIAL
  15. 15. Security and Bandwidth Management for Improved Cash Flow Without With TippingPoint TippingPoint Reduced Bandwidth Expense Lost Revenue – P2P rate-limiting can reduce - HSD Churn egress bandwidth by 20% - VoIP Churn Reduced Capital Investment Positive Cash Flow – Reduced upstream bandwidth Positive reclaims 10-30% of equipment Cash Flow investment – Virus and worm mitigation can save up to 20% of edge device Bandwidth Bandwidth CPU utilization Expense Expense Reduced Support Costs – Fewer help desk calls Capital Capital Investment – Fewer truck rolls Investment Incremental Revenue Support Costs – Enables VoIP rollout – Reduces subscriber and VoIP Support Costs Investment in churn TippingPoint CONFIDENTIAL
  16. 16. UnityOne Security Management System (SMS) CONFIDENTIAL
  17. 17. UnityOne Product Line Intrusion Prevention Systems 2.0 Gbps 1.2 Gbps 400 Mbps 200 Mbps 4x10/100/1000 4x10/100/1000 4x10/100/1000 2x10/100 Copper/Fiber Copper/Fiber Copper/Fiber Copper 50 Mbps 2.0 Gbps 5.0 Gbps 1x10/100 20x10/100/1000 4x10/100/1000 Copper Copper/Fiber Copper/Fiber 3Q04 Security Management System CONFIDENTIAL
  18. 18. UnityOne Features and Benefits Summary Feature Benefit Intrusion Prevention Block Worms, Viruses, Trojans, A) Ensure System Uptime DDos attacks, and other Threats B) Reduce Call Center Costs C) Avoid Damages from Attacks D) Protect Infrastructure and Uncontrollable End Points Digital Vaccine Updates A) Virtual Patches Protect Unpatched Vulnerable Hosts B) Zero-Day Protection against Unknown Attacks and DOS C) Maintain Evergreen Protection Multiple Deployment Options A) Offer Customers a Premium Managed Service B) Internal Deployments Protect Internal Network and Subscribers Bandwidth Management Shape Traffic A) Reclaim Bandwidth B) Eliminate Bandwidth Hijacking (P2P and IM) C) Network Optimization for Subscribers Prioritize Premium Applications Allocate Bandwidth for Premium Applications like VoIP Flexible and Scalable Platform Offer Premium Application Services, such as VoIP, Games, etc.. High Performance Gigabit throughput A) Fundamental Requirement for Service Provider Deployments B) Economies of Scale CONFIDENTIAL
  19. 19. TippingPoint NSS Gold Award Details NSS Gold Standard • Achieved 100% score on every test • Ease of use, management capabilities • Significant unique selling points • Outstanding value for money • Near perfect user experience CONFIDENTIAL
  20. 20. What’s New Intrusion Prevention for Service Providers – Service providers use UnityOne for: • Internal Protection and Bandwidth Management • Subscriber Protection and Network Optimization • IPS as a Managed Service VoIP Security – Protecting Vulnerabilities: • SIP • H.323 VoIP Bandwidth Protection to Prioritize VoIP Traffic TippingPoint Forms VoIP Security Research Lab – Discover and Analyze VoIP Security Threats – Develop security tools for VoIP – Education CONFIDENTIAL
  21. 21. What’s New TippingPoint's S-VoIP (Secure VoIP) Initiative – July-August launch with multiple partners • Joint marketing agreement / PR agreed to ahead of time – Focus on • Security Infrastructure Eco-system: partner’s product portfolio protection • Leading-edge H.323 & SIP protocol / vulnerability protection • On-going forum for security discussion between participants • Possible output to community via SANS, CERT, etc. – Targeting quarterly meetings CONFIDENTIAL
  22. 22. Voice-Data Convergence Multiplies Threats VoIP inherits IP data network threat models in addition to new, VoIP- specific threats – Reconnaissance, DoS / DDoS, host vulnerability exploits, protocol vulnerability exploits, surveillance, hijacking, identity theft, misuse, monitoring / eavesdropping, inserting/deleting/modifying audio streams – Theft of service • Long distance service theft estimated at more than $10B annually without VoIP • The threat of session hijacking and data security is more important AND more difficult VoIP QoS requirements mean DoS attacks get easier – Service Disruption possible due to delay, jitter, packet loss, available bandwidth – DoS / DDoS attacks have far more targets in VoIP deployments: • IP phones, broadband modems • Routers, switches, firewalls, soft switches • Signaling gateways, media gateways, SIP proxies, location servers CONFIDENTIAL
  23. 23. Where are the VoIP Security Vulnerabilities? Voice transport protocols – Real Time Protocol (RTP), RTCP, SCTP Signaling protocols and architecture – H.323, MEGACO, Media Gateway Control Protocol (MGCP), Signaling Connection Control Part (SCCP), and Session Initiation Protocol (SIP) Multi-vendor component environment – A variety of software / stack implementations across a heterogeneous infrastructure makes it difficult to assure security What’s at Risk? – Success of service – Brand • Vendor and Service Provider risk brand damage if attacks succeed – End-user identity and other information – Compromise of infrastructure CONFIDENTIAL
  24. 24. Thank You
  25. 25. Backup Slides CONFIDENTIAL
  26. 26. Patching and Downtime Financial Impact Cost to patch 5000 desktops exceeds $1 Million – $234 average per patch Yankee Group Enterprise Security survey, 2004 $1.2 Billion in lost productivity in first five days of Slammer Worldwide annual costs to businesses of all malicious code attacks were $1.8 billion in 1996; soared to $13.2 billion in 2001 Security Threats Typical Impact per Incident – Horison Information Virus $24,000 Denial of Service $122,000 Strategies, 2003 Physical Theft or Destruction $15,000 Data Destruction $350,000 Theft of Proprietary Information $4.5 million Illegal system access - outsider $225,000 Unauthorized insider access $60,000 Installation/Use of Unauthorized $250,000 Software or Hardware Insider Abuse of Net Access / E-mail $360,000 Financial Fraud $4.4 million Estimated security impacts per incident for various internal and external security issues – Source: Alinean – 2003 CONFIDENTIAL
  27. 27. UnityOne Threat Suppression Engine Programmable Filters 1 2 3 … n 7-Layer Packet Flow Traffic Inspection Normalization • Parallel Processing Shaping • Regular Expression Matching • Protocol Decoding Flow IP Fragment Flow Packet State Re-assembly Classification Discard & Table & Marking Redirection TCP Flow Re-assembly Multi-flow Analysis Alert & • Baseline Notification • Anomaly Detection Hardware Solution Based on Specialized Custom ASICs 10,000 Parallel Filters Microsecond Latencies 10 Patents Pending CONFIDENTIAL
  28. 28. Peer-to-Peer Coverage Top 10 P2P Applications Kazaa (48%) Morpheus (22%) Imesh (10%) AudioGalaxy (6%) BearShare (4%) LimeWire (3%) Grokster (2%) WinMX (1%) Blubster (<1%) eDonkey (<1%) Other (2%) Source: AssetMetrix Research Labs UnityOne rate limits and blocks over 98% of P2P traffic Coverage evolves as new dominant P2P applications emerge CONFIDENTIAL
  29. 29. High Availability and Stateful Network Redundancy Intrinsic High Availability Stateful Network Redundancy Dual Hot-Swappable Power Stateful Redundancy Supplies – Active-Active – Active-Passive Self-Monitoring Watchdog Timers No IP Address or MAC Address – Security and Management Engines Transparent to Router Protocols – L2 switch fallback – HSRP, VRRP, OSPF 99.999% Network Reliability CONFIDENTIAL
  30. 30. Application Protection – A Virtual Software Patch Exploit A Vulnerability “Fingerprint” “Fingerprint” Exploit B False “Fingerprint” Positive (Missed by Virtual (coarse signature) Coarse Exploit A Software signature) Patch Simple Exploit A Filter A vulnerability is a security flaw in a software program. An exploit is a program that takes advantage of a security flaw to gain unauthorized access to a vulnerable system. Simple Exploit Filters are written only to a specific exploit. – Filter developers are forced to basic implementations because of engine performance limitations. – Result: missed attacks, false positives and continued vulnerability risk. TippingPoint’s Vulnerability Filters act as a Virtual Software Patch and cover the entire vulnerability. CONFIDENTIAL