Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
HP TIPPINGPOINT          IPS AND VIRTUALIZATION SECURITY                FOR THE DATA CENTERSean EnnisSolutions Architect (...
AGENDA– Modern Threat Landscape– IPS Platform– Secure Virtualization Framework– Q&A2
DATA CENTER TRENDSConnect Everyone to Everything                                 Do More With Less    Past                ...
MODERN ATTACK LANDSCAPEAPPLICATIONS ARE THE PRIMARY TARGETS    Network / Server                                           ...
WHAT ABOUT THE FIREWALL?In simplest form….•   Separates distinct security zones•   Designed to block or allow traffic base...
WHAT ABOUT THE FIREWALL?                                                                               …Browser exploits  ...
IPS PLATFORM INTRODUCTION                                                          Security Management                    ...
HP TIPPINGPOINT S-SERIES PRODUCTS                                       IPS Platform Solutions                            ...
TECHNICAL SPECIFICATION - N-PLATFORM   SENSORS                             TippingPoint 660N       TippingPoint 1400N     ...
TSEThreat Suppression Engine                                             Thread           Thread                          ...
HP TIPPINGPOINT 1200NEMBEDDED IPS PLATFORM– TippingPoint IPS module brings  industry leading IPS, including Digital  Vacci...
CORE CONTROLLER FOR 10GBE     Core Controller Model Provides:                • Three 10GbE segments     • High Availabilit...
1500S – SSL INSPECTIONHigh-performance, transparent SSL off-loading and bridging for IPStraffic inspection                ...
LEADING SECURITY RESEARCH – DVLABS  IPS Platform is Only as Good as its Security Intelligence1,400+ Independent Researcher...
PROVEN IN-LINE FILTER ACCURACYUNMATCHED ACCURACY FROM DVLABS AND DIGITAL VACCINE                         Vulnerability    ...
REPUTATION DIGITAL VACCINEKeep the bad guys and the botnets off your networkReputation Database     • IPv4 & IPv6 Address ...
2010: DATA CENTER VIRTUALIZATION REACHES THE TIPPING POINT   Leading in Times of Transition: the 2010 CIO Agenda          ...
BUT WHAT ABOUT SECURITY?                        “60 Percent of Virtualized Servers Will Be Less Secure                    ...
SECURE VIRTUALIZATION FRAMEWORKVIRTUALIZATION VISIBILITY GAPS                APPLICATION VMs       App      App       App ...
SECURE VIRTUALIZATION FRAMEWORK    TIPPINGPOINT VCONTROLLER                         APPLICATION VMs                       ...
WHAT ABOUT VIRTUAL IPS?RESTRICTED SCALABILITY       App                APPLICATION VMs                App     App    App  ...
VISUALIZE YOUR VIRTUALIZATIONTIPPINGPOINT VIRTUALIZATION MANAGEMENT CENTER (VMC)                                      Emp...
TIPPINGPOINT VMC  IT’S ALL ABOUT THE INSPECTION POLICIES Assign policies by VM and/or  zone, not location or network  con...
SUMMARY                                S ecuring T he Next G eneration Data C enter        S top T hreats               P ...
THANK YOU25   ©2009 HP Confidential template rev. 12.10.09
Upcoming SlideShare
Loading in …5
×

S series presentation

3,306 views

Published on

  • Be the first to comment

S series presentation

  1. 1. HP TIPPINGPOINT IPS AND VIRTUALIZATION SECURITY FOR THE DATA CENTERSean EnnisSolutions Architect (HP TippingPoint) – Canada1©2009 HP Confidential template rev. 12.10.09 ©2009 HP Confidential template rev. 12.10.09
  2. 2. AGENDA– Modern Threat Landscape– IPS Platform– Secure Virtualization Framework– Q&A2
  3. 3. DATA CENTER TRENDSConnect Everyone to Everything Do More With Less Past Present & Future Efficiency Drives Virtualization, Blades, Dispersed, Physical, Consolidation Increased Bandwidth New Apps, Legacy, Client Server, Legacy + Web, IPv4 + IPv6, Protocols & IPv4, Data Data + Voice + Video Traffic Threat Worms, Viruses, Sophisticated Targeted Landscape Trojans, DDoS Attacks, Re-Perimeterization3 Change
  4. 4. MODERN ATTACK LANDSCAPEAPPLICATIONS ARE THE PRIMARY TARGETS Network / Server Social Enterprise and Web Downtime Engineering Application Attacks Attacks Attacks 2002-2004 2004-2007 2007-2010+ WormVirus Trojan Social Media PHP File Include Botnet Malware Spyware Application Exploits P2PDDoS O/S Specific Attacks SQL Injection XSS Whaling Phishing Individual Online Credit Corporate Corporate Email Customer Account Click Card Confidential4 Ransom ©2009 HP Confidential template rev. 12.10.09 Spamming DetailsCredentials Fraud Database Information
  5. 5. WHAT ABOUT THE FIREWALL?In simplest form….• Separates distinct security zones• Designed to block or allow traffic based on a set of rules• Rejects all unauthorized ports/protocols at the edge of a security zone• Very good at ensuring network resources (servers, clients, etc.) only see required traffic• Can also be generally responsible for VPN,NAT, redirection, proxying, etc. 5
  6. 6. WHAT ABOUT THE FIREWALL? …Browser exploits …Drive-by DL …Adobe exploits SQL Injection … DDoS Spyware PHP File Include XSS …In simplest form….• Separates distinct security zones• Designed to block or allow traffic based on a set of rules• Rejects all unauthorized ports/protocols at the edge of a security zone• Very good at ensuring network resources (servers, clients, etc.) only see required traffic• Can also be generally responsible for VPN,NAT, redirection, proxying, etc. 6
  7. 7. IPS PLATFORM INTRODUCTION Security Management System Unknown Traffic Clean Traffic Goes In Comes Out IPS Platform IPS Platform Designed for future security demands and services Proactive Security Costs • In-line reliability • Leading security • Quick to deploy research • In-line performance • Automated threat (throughput/latency) • Fastest coverage blocking • Filter accuracy • Broadest coverage • Easy to manage7
  8. 8. HP TIPPINGPOINT S-SERIES PRODUCTS IPS Platform Solutions Security Intelligence 10GE Networks, Core,ROBO, Perimeter, Zone Management, Data Center, Service DVLabs Services isolation, MSPs… Accessories Providers… TippingPoint S10 TippingPoint S660N Core Controller Digital Vaccine 20Mbps • 2 Segments 750Mbps • 10 Segments 20Gbps • 3x10GbE Broadest Coverage • Evergreen Protection TippingPoint S110 TippingPoint S1400N Security Management System (SMS) Web App DV and Scanning 100Mbps • 4 Segments 1.5Gbps • 10 Segments Manage Multiple Units • Central Dashboard Web Scan• Custom Filters • PCI Report TippingPoint S330 TippingPoint S2500N SSL Appliance S1500 ThreatLinQ 300Mbps • 4 Segments 3Gbps • 11 Segments Transparent SSL Bridging and Off-Loading Real Time Threat Intelligence TippingPoint S5100N vController and VMC Reputation DV VIRTUAL CONTROLLER8 ©2009 HP Confidential template rev. 12.10.09 5Gbps • 11 Segments Virtual Data Center Security & Visibility IP Reputation • DNS Reputation
  9. 9. TECHNICAL SPECIFICATION - N-PLATFORM SENSORS TippingPoint 660N TippingPoint 1400N TippingPoint 2500N TippingPoint 5100NPerformanceNetwork Throughput • 750 Mbps • 1.5 Gbps • 15 Gbps • 15 GbpsInspection Throughput • 750 Mbps • 1.5 Gbps • 3 Gbps • 5 GbpsTypical Latency • < 80 microseconds • < 80 microseconds • < 80 microseconds • < 80 microsecondsConcurrent Network • 6,500,000 • 6,500,000 • 10,000,000 • 10,000,000 SessionsSecurity Contexts • 1,200,000 • 1,200,000 • 2,600,000 • 2,600,000Connections/Sec • 115,000 • 115,000 • 230,000 • 230,000Interfaces • 10 x 1GbE Copper • 10 x 1GbE Copper • 1 x 10GbE XFP • 1 x 10GbE XFP • 10 x 1GbE SFP • 10 x 1GbE SFP • Internal ZPHA (10GbE) • Internal ZPHA (10GbE) • 10 Total Segments • 10 Total Segments • 10 x 1GbE Copper • 10 x 1GbE Copper • External ZPHA • External ZPHA • 10 x 1GbE SFP • 10 x 1GbE SFP • 10 Total Segments • 10 Total Segments • External ZPHA • External ZPHAPower • AC only • AC only • AC or DC • AC or DC 9
  10. 10. TSEThreat Suppression Engine Thread Thread Thread Tier 3,4 Tier 2 Load Balancer, Traffic Management (FW), Bypass Tier 110 ©2009 HP Confidential template rev. 12.10.0910
  11. 11. HP TIPPINGPOINT 1200NEMBEDDED IPS PLATFORM– TippingPoint IPS module brings industry leading IPS, including Digital Vaccine and Reputation DV service to any A7500 series switch– 1.3 Gbps aggregate inspection throughput across 2 x 1Gb copper or 1 HP A7500 Switch Series x 10Gb backplane interface– A unified network and security management framework based on TippingPoint’s Security Management System (SMS) integrated and HP’s Intelligent Management Center (IMC) HP TippingPoint 1200N IPS11
  12. 12. CORE CONTROLLER FOR 10GBE Core Controller Model Provides: • Three 10GbE segments • High Availability – Reliability and Redundancy • High Performance with Low Latency – 10Gbps inspection across IPS’s • 20Gbps aggregate inspection throughput • Ease of Management and Low TCO – Low cost of entry and pay-as-you-grow design • Scalability – Expand IPS capacity to meet high bandwidth demands • 24x iLink segments - Interconnects to IPSs - 48 1Gbps ports • Smart ZPHA modules (Optional) • Zero Power High Availability – bypass • Dual hot-swappable power supplies • System health and status panel12 ©2009 HP Confidential template rev. 12.10.0912
  13. 13. 1500S – SSL INSPECTIONHigh-performance, transparent SSL off-loading and bridging for IPStraffic inspection SSL Appliance 000100101010011110100100101 010101010110101010101010001 11010101010110101010101010101010101010101010100100000110 1001010011010 v c Clean Encrypted Traffic c v OR Dirty Encrypted JOHNSONAMY>TEL21251>NU Traffic MBER0338-2934-051 QUE€2532.90>DOB09/19/ IPS Platform Clean Un-Encrypted Traffic› Key Benefits • Increased Web server and application security • Virtually no traffic bottlenecks or application performance penalty • Carrier-class reliability delivers high-availability / up-time • Contributes to regulatory compliance efforts • Reduced server utilization in off-loading configuration 13
  14. 14. LEADING SECURITY RESEARCH – DVLABS IPS Platform is Only as Good as its Security Intelligence1,400+ Independent Researchers DV Labs Research & QA TippingPoint IPS Platform Leading security research and filter development with 30+ Dedicated Researchers2,000+ Customers Participating DVLabs Services: › Digital Vaccine › App DVPartners › Web App DV › ThreatLinQ › Reputation DV › Lighthouse Program › Custom DVSANS, CERT, NIST, etc.Software & Reputation Vendors 14 14 ©2009 HP Confidential template rev. 12.10.09
  15. 15. PROVEN IN-LINE FILTER ACCURACYUNMATCHED ACCURACY FROM DVLABS AND DIGITAL VACCINE Vulnerability Term Definition Security flaw in a software Vulnerability program False Positives Attack on a vulnerability to: (coarse filter) Exploit • Gain unauthorized access • Create a denial of service Stops a single exploit • Easy to produce • Typically produced due to Exploit Filter IPS engine performance limitations Exploit B • Results in missed attacks (missed by Exploit Filter A) Exploit A and false positives Vulnerability Stops all exploits attacking Standard IPS Exploit Filter Filter the vulnerability for Exploit A TippingPoint’s vulnerability filter acts like a Virtual Software Patch,15 eliminating false positives September 22, 2010 15
  16. 16. REPUTATION DIGITAL VACCINEKeep the bad guys and the botnets off your networkReputation Database • IPv4 & IPv6 Address • Geography • DNS Names • Merge with your data Access Switch Internet IPS Platform BLOCK OUTBOUND TRAFFIC BLOCK INBOUND TRAFFIC • Botnet Trojan downloads • Spam and phishing emails • Malware, spyware, & worm downloads • DDoS attacks from botnet hosts • Access to botnet CnC sites • Web App attacks from botnet hosts • Access to phishing sites Botnets Currently Being Tracked: Conficker, ZeuS, Kraken, Srizbi, Torpia, Storm, Asprox, Gumblar, Koobface, Mariposa, Dark Energy16
  17. 17. 2010: DATA CENTER VIRTUALIZATION REACHES THE TIPPING POINT Leading in Times of Transition: the 2010 CIO Agenda ~ 58 millionSurvey of 1,586 CIOs: deployed x86 50% machines• Virtualization becomes… #1 Technology Priority in 2010•Displaces Business Intelligence 16% which held top position for the last 5 yrs! 2010 2011 2012 17 Source: Gartner Says 16% of Workloads are Running in Virtual Machines Today. Will grow to 50% by 2012(October 2009)
  18. 18. BUT WHAT ABOUT SECURITY? “60 Percent of Virtualized Servers Will Be Less Secure than the Physical Servers They Replace Through 2012” I. Information Security Isnt Initially Involved in the Virtualization Projects II. A Compromise of the Virtualization Layer Could Result in the Compromise of All Hosted Workloads III. Workloads of Different Trust Levels Are Consolidated onto a Single Physical Server Without Sufficient Separation IV. Adequate Controls on Administrative Access to the Hypervisor/VMM Layer and to Administrative Tools are Lacking V. There Is a Potential Loss of SOD for Network and Security Controls ...Source: MacDonald, Neal. Addressing the Most Common Security Risks inData Center Virtualization Projects, Gartner, Inc. January 25, 2010 18 SOD: Separation Of Duties
  19. 19. SECURE VIRTUALIZATION FRAMEWORKVIRTUALIZATION VISIBILITY GAPS APPLICATION VMs App App App App OS OS OS OS ? VMsafe Kernel Module Virtual Switch HYPERVISOR ESX Host ESX Host ? ? (1) Host to Host IPS inspection on each uplink is expensive/unmanageable IPS (2) VM to VM No way to insert physical IPS (3) VM Mobility What happens when a vm moves? Core19
  20. 20. SECURE VIRTUALIZATION FRAMEWORK TIPPINGPOINT VCONTROLLER APPLICATION VMs APPLICATION VMs APPLICATION VMs • Utilizes same specialized hardware as App App App App App App App App App App App App physical network segments OS OS OS OS OS OS OS OS OS OS OS OS • Policy-based redirection ties IPSvController inspection to VMs Redirection Policies VMsafe VMsafe VMsafe • VMsafe kernel module integration provides deep insight into vm behavior Virtual Switch Virtual Switch Virtual Switch maintains low redirection latency HYPERVISOR HYPERVISOR HYPERVISOR (<80us) ESX Host • Manage all virtual and physical networks with the same tools • VMC console provides full visibility into logical VM connectivity Core IPS 20 http://www.bestofinterop.com/winners/#security
  21. 21. WHAT ABOUT VIRTUAL IPS?RESTRICTED SCALABILITY App APPLICATION VMs App App App vIPS ? • Can be effective in smaller environments OS OS OS OS • Cannot take advantage of specialized hardware VMsafe Kernel Module • Shares resources with other VMs Virtual Switch • Latency is typical due to lack of HYPERVISOR hardware acceleration ESX Host • Difficult to establish performance baselines IPS Core21
  22. 22. VISUALIZE YOUR VIRTUALIZATIONTIPPINGPOINT VIRTUALIZATION MANAGEMENT CENTER (VMC)  Empower network/security teams with real-time visibility into virtual environment  Integration with virtualization management  Topology mapping provides identification of virtual/physical22 network paths
  23. 23. TIPPINGPOINT VMC IT’S ALL ABOUT THE INSPECTION POLICIES Assign policies by VM and/or zone, not location or network connection Automate trust zone assignmentfor new or untrusted workloads Ensure policies follow VM regardless of state(in motion, powered on, powered off) Cloned VMs must automatically inherit parent policies 23
  24. 24. SUMMARY S ecuring T he Next G eneration Data C enter S top T hreats P rotec ts Highes t Immediate, Always Up T o S ec ure V irtualization F as ter B andwidth Data C enters Date P rotec tion F ramework• Proactive Security Model • Highest performance • Protects in Minutes • vController• Best Inline Enforcement • 20Mbps to 16Gbps • Automated DV Updates • Visibility and control• Broadest Security • Latency in Microseconds • Most Timely Protection • Leverage existing hardware• DVLabs Leading Security • Protects Layer 2-7 • Leading Zero-Day Protection investments Research • Inline or out-of-band • Intuitive managment • No compromise to• Zero-Day Initiative deployment options consolidation ratio• Application Visibility • Deployment Options for• Vulnerability Intelligence Virtual Data Centers 24
  25. 25. THANK YOU25 ©2009 HP Confidential template rev. 12.10.09

×