Sergey Marunich, profile picture
Uploaded bySergey Marunich
PDF, PPTX1,980 views

S series presentation

This document discusses HP TippingPoint's IPS and virtualization security solutions for data centers. It provides an overview of the modern threat landscape facing applications, and introduces HP TippingPoint's IPS platform and product lines. Key details include the platform's performance capabilities, available models in the S-Series and N-Series, and the TippingPoint 1200N embedded IPS module for HP switches. Virtualization security solutions are also briefly mentioned.

Embed presentation

Download as PDF, PPTX
HP TIPPINGPOINT IPS AND VIRTUALIZATION SECURITY FOR THE DATA CENTER Sean Ennis Solutions Architect (HP TippingPoint) – Canada 1 ©2009 HP Confidential template rev. 12.10.09 ©2009 HP Confidential template rev. 12.10.09
AGENDA – Modern Threat Landscape – IPS Platform – Secure Virtualization Framework – Q&A 2
DATA CENTER TRENDS Connect Everyone to Everything Do More With Less Past Present & Future Efficiency Drives Virtualization, Blades, Dispersed, Physical, Consolidation Increased Bandwidth New Apps, Legacy, Client Server, Legacy + Web, IPv4 + IPv6, Protocols & IPv4, Data Data + Voice + Video Traffic Threat Worms, Viruses, Sophisticated Targeted Landscape Trojans, DDoS Attacks, Re-Perimeterization 3 Change
MODERN ATTACK LANDSCAPE APPLICATIONS ARE THE PRIMARY TARGETS Network / Server Social Enterprise and Web Downtime Engineering Application Attacks Attacks Attacks 2002-2004 2004-2007 2007-2010+ Worm Virus Trojan Social Media PHP File Include Botnet Malware Spyware Application Exploits P2P DDoS O/S Specific Attacks SQL Injection XSS Whaling Phishing Individual Online Credit Corporate Corporate Email Customer Account Click Card Confidential 4 Ransom ©2009 HP Confidential template rev. 12.10.09 Spamming Details Credentials Fraud Database Information
WHAT ABOUT THE FIREWALL? In simplest form…. • Separates distinct security zones • Designed to block or allow traffic based on a set of rules • Rejects all unauthorized ports/protocols at the edge of a security zone • Very good at ensuring network resources (servers, clients, etc.) only see required traffic • Can also be generally responsible for VPN,NAT, redirection, proxying, etc. 5
WHAT ABOUT THE FIREWALL? …Browser exploits …Drive-by DL …Adobe exploits SQL Injection … DDoS Spyware PHP File Include XSS … In simplest form…. • Separates distinct security zones • Designed to block or allow traffic based on a set of rules • Rejects all unauthorized ports/protocols at the edge of a security zone • Very good at ensuring network resources (servers, clients, etc.) only see required traffic • Can also be generally responsible for VPN,NAT, redirection, proxying, etc. 6
IPS PLATFORM INTRODUCTION Security Management System Unknown Traffic Clean Traffic Goes In Comes Out IPS Platform IPS Platform Designed for future security demands and services Proactive Security Costs • In-line reliability • Leading security • Quick to deploy research • In-line performance • Automated threat (throughput/latency) • Fastest coverage blocking • Filter accuracy • Broadest coverage • Easy to manage 7
HP TIPPINGPOINT S-SERIES PRODUCTS IPS Platform Solutions Security Intelligence 10GE Networks, Core, ROBO, Perimeter, Zone Management, Data Center, Service DVLabs Services isolation, MSPs… Accessories Providers… TippingPoint S10 TippingPoint S660N Core Controller Digital Vaccine 20Mbps • 2 Segments 750Mbps • 10 Segments 20Gbps • 3x10GbE Broadest Coverage • Evergreen Protection TippingPoint S110 TippingPoint S1400N Security Management System (SMS) Web App DV and Scanning 100Mbps • 4 Segments 1.5Gbps • 10 Segments Manage Multiple Units • Central Dashboard Web Scan• Custom Filters • PCI Report TippingPoint S330 TippingPoint S2500N SSL Appliance S1500 ThreatLinQ 300Mbps • 4 Segments 3Gbps • 11 Segments Transparent SSL Bridging and Off-Loading Real Time Threat Intelligence TippingPoint S5100N vController and VMC Reputation DV VIRTUAL CONTROLLER 8 ©2009 HP Confidential template rev. 12.10.09 5Gbps • 11 Segments Virtual Data Center Security & Visibility IP Reputation • DNS Reputation
TECHNICAL SPECIFICATION - N-PLATFORM SENSORS TippingPoint 660N TippingPoint 1400N TippingPoint 2500N TippingPoint 5100N Performance Network Throughput • 750 Mbps • 1.5 Gbps • 15 Gbps • 15 Gbps Inspection Throughput • 750 Mbps • 1.5 Gbps • 3 Gbps • 5 Gbps Typical Latency • < 80 microseconds • < 80 microseconds • < 80 microseconds • < 80 microseconds Concurrent Network • 6,500,000 • 6,500,000 • 10,000,000 • 10,000,000 Sessions Security Contexts • 1,200,000 • 1,200,000 • 2,600,000 • 2,600,000 Connections/Sec • 115,000 • 115,000 • 230,000 • 230,000 Interfaces • 10 x 1GbE Copper • 10 x 1GbE Copper • 1 x 10GbE XFP • 1 x 10GbE XFP • 10 x 1GbE SFP • 10 x 1GbE SFP • Internal ZPHA (10GbE) • Internal ZPHA (10GbE) • 10 Total Segments • 10 Total Segments • 10 x 1GbE Copper • 10 x 1GbE Copper • External ZPHA • External ZPHA • 10 x 1GbE SFP • 10 x 1GbE SFP • 10 Total Segments • 10 Total Segments • External ZPHA • External ZPHA Power • AC only • AC only • AC or DC • AC or DC 9
TSE Threat Suppression Engine Thread Thread Thread Tier 3,4 Tier 2 Load Balancer, Traffic Management (FW), Bypass Tier 1 10 ©2009 HP Confidential template rev. 12.10.09 10
HP TIPPINGPOINT 1200N EMBEDDED IPS PLATFORM – TippingPoint IPS module brings industry leading IPS, including Digital Vaccine and Reputation DV service to any A7500 series switch – 1.3 Gbps aggregate inspection throughput across 2 x 1Gb copper or 1 HP A7500 Switch Series x 10Gb backplane interface – A unified network and security management framework based on TippingPoint’s Security Management System (SMS) integrated and HP’s Intelligent Management Center (IMC) HP TippingPoint 1200N IPS 11
CORE CONTROLLER FOR 10GBE Core Controller Model Provides: • Three 10GbE segments • High Availability – Reliability and Redundancy • High Performance with Low Latency – 10Gbps inspection across IPS’s • 20Gbps aggregate inspection throughput • Ease of Management and Low TCO – Low cost of entry and pay-as-you-grow design • Scalability – Expand IPS capacity to meet high bandwidth demands • 24x iLink segments - Interconnects to IPSs - 48 1Gbps ports • Smart ZPHA modules (Optional) • Zero Power High Availability – bypass • Dual hot-swappable power supplies • System health and status panel 12 ©2009 HP Confidential template rev. 12.10.09 12
1500S – SSL INSPECTION High-performance, transparent SSL off-loading and bridging for IPS traffic inspection SSL Appliance 000100101010011110100100101 010101010110101010101010001 110101010101 1010101010101010101010 1010101010100100000110 1001010011010 v c Clean Encrypted Traffic c v OR Dirty Encrypted JOHNSONAMY>TEL21251>NU Traffic MBER0338-2934-051 QUE€2532.90>DOB09/19/ IPS Platform Clean Un-Encrypted Traffic › Key Benefits • Increased Web server and application security • Virtually no traffic bottlenecks or application performance penalty • Carrier-class reliability delivers high-availability / up-time • Contributes to regulatory compliance efforts • Reduced server utilization in off-loading configuration 13
LEADING SECURITY RESEARCH – DVLABS IPS Platform is Only as Good as its Security Intelligence 1,400+ Independent Researchers DV Labs Research & QA TippingPoint IPS Platform Leading security research and filter development with 30+ Dedicated Researchers 2,000+ Customers Participating DVLabs Services: › Digital Vaccine › App DV Partners › Web App DV › ThreatLinQ › Reputation DV › Lighthouse Program › Custom DV SANS, CERT, NIST, etc. Software & Reputation Vendors 14 14 ©2009 HP Confidential template rev. 12.10.09
PROVEN IN-LINE FILTER ACCURACY UNMATCHED ACCURACY FROM DVLABS AND DIGITAL VACCINE Vulnerability Term Definition Security flaw in a software Vulnerability program False Positives Attack on a vulnerability to: (coarse filter) Exploit • Gain unauthorized access • Create a denial of service Stops a single exploit • Easy to produce • Typically produced due to Exploit Filter IPS engine performance limitations Exploit B • Results in missed attacks (missed by Exploit Filter A) Exploit A and false positives Vulnerability Stops all exploits attacking Standard IPS Exploit Filter Filter the vulnerability for Exploit A TippingPoint’s vulnerability filter acts like a Virtual Software Patch, 15 eliminating false positives September 22, 2010 15
REPUTATION DIGITAL VACCINE Keep the bad guys and the botnets off your network Reputation Database • IPv4 & IPv6 Address • Geography • DNS Names • Merge with your data Access Switch Internet IPS Platform BLOCK OUTBOUND TRAFFIC BLOCK INBOUND TRAFFIC • Botnet Trojan downloads • Spam and phishing emails • Malware, spyware, & worm downloads • DDoS attacks from botnet hosts • Access to botnet CnC sites • Web App attacks from botnet hosts • Access to phishing sites Botnets Currently Being Tracked: Conficker, ZeuS, Kraken, Srizbi, Torpia, Storm, Asprox, Gumblar, Koobface, Mariposa, Dark Energy 16
2010: DATA CENTER VIRTUALIZATION REACHES THE TIPPING POINT Leading in Times of Transition: the 2010 CIO Agenda ~ 58 million Survey of 1,586 CIOs: deployed x86 50% machines • Virtualization becomes… #1 Technology Priority in 2010 •Displaces Business Intelligence 16% which held top position for the last 5 yrs! 2010 2011 2012 17 Source: Gartner Says 16% of Workloads are Running in Virtual Machines Today. Will grow to 50% by 2012(October 2009)
BUT WHAT ABOUT SECURITY? “60 Percent of Virtualized Servers Will Be Less Secure than the Physical Servers They Replace Through 2012” I. Information Security Isn't Initially Involved in the Virtualization Projects II. A Compromise of the Virtualization Layer Could Result in the Compromise of All Hosted Workloads III. Workloads of Different Trust Levels Are Consolidated onto a Single Physical Server Without Sufficient Separation IV. Adequate Controls on Administrative Access to the Hypervisor/VMM Layer and to Administrative Tools are Lacking V. There Is a Potential Loss of SOD for Network and Security Controls ... Source: MacDonald, Neal. Addressing the Most Common Security Risks in Data Center Virtualization Projects, Gartner, Inc. January 25, 2010 18 SOD: Separation Of Duties
SECURE VIRTUALIZATION FRAMEWORK VIRTUALIZATION VISIBILITY GAPS APPLICATION VMs App App App App OS OS OS OS ? VMsafe Kernel Module Virtual Switch HYPERVISOR ESX Host ESX Host ? ? (1) Host to Host IPS inspection on each uplink is expensive/unmanageable IPS (2) VM to VM No way to insert physical IPS (3) VM Mobility What happens when a vm moves? Core 19
SECURE VIRTUALIZATION FRAMEWORK TIPPINGPOINT VCONTROLLER APPLICATION VMs APPLICATION VMs APPLICATION VMs • Utilizes same specialized hardware as App App App App App App App App App App App App physical network segments OS OS OS OS OS OS OS OS OS OS OS OS • Policy-based redirection ties IPS vController inspection to VMs Redirection Policies VMsafe VMsafe VMsafe • VMsafe kernel module integration provides deep insight into vm behavior Virtual Switch Virtual Switch Virtual Switch maintains low redirection latency HYPERVISOR HYPERVISOR HYPERVISOR (<80us) ESX Host • Manage all virtual and physical networks with the same tools • VMC console provides full visibility into logical VM connectivity Core IPS 20 http://www.bestofinterop.com/winners/#security
WHAT ABOUT VIRTUAL IPS? RESTRICTED SCALABILITY App APPLICATION VMs App App App vIPS ? • Can be effective in smaller environments OS OS OS OS • Cannot take advantage of specialized hardware VMsafe Kernel Module • Shares resources with other VMs Virtual Switch • Latency is typical due to lack of HYPERVISOR hardware acceleration ESX Host • Difficult to establish performance baselines IPS Core 21
VISUALIZE YOUR VIRTUALIZATION TIPPINGPOINT VIRTUALIZATION MANAGEMENT CENTER (VMC)  Empower network/security teams with real-time visibility into virtual environment  Integration with virtualization management  Topology mapping provides identification of virtual/physical 22 network paths
TIPPINGPOINT VMC IT’S ALL ABOUT THE INSPECTION POLICIES  Assign policies by VM and/or zone, not location or network connection  Automate trust zone assignmentfor new or untrusted workloads  Ensure policies follow VM regardless of state(in motion, powered on, powered off)  Cloned VMs must automatically inherit parent policies 23
SUMMARY S ecuring T he Next G eneration Data C enter S top T hreats P rotec ts Highes t Immediate, Always Up T o S ec ure V irtualization F as ter B andwidth Data C enters Date P rotec tion F ramework • Proactive Security Model • Highest performance • Protects in Minutes • vController • Best Inline Enforcement • 20Mbps to 16Gbps • Automated DV Updates • Visibility and control • Broadest Security • Latency in Microseconds • Most Timely Protection • Leverage existing hardware • DVLabs Leading Security • Protects Layer 2-7 • Leading Zero-Day Protection investments Research • Inline or out-of-band • Intuitive managment • No compromise to • Zero-Day Initiative deployment options consolidation ratio • Application Visibility • Deployment Options for • Vulnerability Intelligence Virtual Data Centers 24
THANK YOU 25 ©2009 HP Confidential template rev. 12.10.09

More Related Content

PPTX
Education webinar april 2012
byInfoblox
 
PDF
F5 Networks: The Right Way to Protect Against DDoS Attacks (Business White Pa...
byF5 Networks
 
PDF
Thinking about SDN and whether it is the right approach for your organization?
byCisco Canada
 
PDF
F5 beyond load balancer (nov 2009)
byInformation Technology
 
PPTX
Top 10 Reasons Why F5 Makes Sense
byF5 Networks
 
PPTX
Cisco Intelligent WAN: Enabling the Next-Generation Branch
byCisco Canada
 
PDF
Enabling the Digital Leap: Strategies for K–12 Schools
byCisco Enterprise Networks
 
PDF
Wp ipam infoblox
byislamet
 
Education webinar april 2012
byInfoblox
 
F5 Networks: The Right Way to Protect Against DDoS Attacks (Business White Pa...
byF5 Networks
 
Thinking about SDN and whether it is the right approach for your organization?
byCisco Canada
 
F5 beyond load balancer (nov 2009)
byInformation Technology
 
Top 10 Reasons Why F5 Makes Sense
byF5 Networks
 
Cisco Intelligent WAN: Enabling the Next-Generation Branch
byCisco Canada
 
Enabling the Digital Leap: Strategies for K–12 Schools
byCisco Enterprise Networks
 
Wp ipam infoblox
byislamet
 

What's hot

PDF
The F5 DDoS Protection Reference Architecture (Technical White Paper)
byF5 Networks
 
PPTX
BIG-IP ADCs and ADF
byF5 Networks
 
PPTX
Check Point75 Makes3 D Security A Reality Q22011
bychaucheckpoint
 
PPTX
Cloud computing
byRohith Shankar
 
PDF
Transforming enterprise network infrastructure with sd wan services
byRehanShrivastav
 
PPT
IBM Software Defined Networking for Virtual Environments (IBM SDN VE)
byIBM System Networking
 
PPT
CyberCrime in the Cloud and How to defend Yourself
byAlert Logic
 
PPTX
Migrating To Cloud &amp; Security @ FOBE 2011
bycommandersaini
 
PDF
CenturyLink SD-WAN Executive Brief -- Emily Pechal
byEmily Pechal
 
PDF
RTI Data-Distribution Service (DDS) Master Class - 2010
byGerardo Pardo-Castellote
 
PDF
Usage Based Metering in the Cloud (Subscribed13)
byZuora, Inc.
 
PPTX
F5 Application Delivery Optimization
byF5 Networks
 
PPTX
IBM Relay 2015: Cloud is All About the Customer
byIBM
 
PDF
CNISP - Platform Introduction 071511pks
bylucpaquin
 
PDF
Scaling Mobile Network Security for LTE: A Multi-Layer Approach
byF5 Networks
 
PPTX
Vfm packetshaper presentation
byvfmindia
 
PDF
Air defense wireless_vulnerability_assessement_module_spec_sheet
byAdvantec Distribution
 
PPT
OCS LIA
bysimoninsa
 
PPTX
Cloud Computing security Challenges for Defense Forces
bycommandersaini
 
PDF
Breakingpoint Application Threat and Intelligence (ATI) Program
byIxia
 
The F5 DDoS Protection Reference Architecture (Technical White Paper)
byF5 Networks
 
BIG-IP ADCs and ADF
byF5 Networks
 
Check Point75 Makes3 D Security A Reality Q22011
bychaucheckpoint
 
Cloud computing
byRohith Shankar
 
Transforming enterprise network infrastructure with sd wan services
byRehanShrivastav
 
IBM Software Defined Networking for Virtual Environments (IBM SDN VE)
byIBM System Networking
 
CyberCrime in the Cloud and How to defend Yourself
byAlert Logic
 
Migrating To Cloud &amp; Security @ FOBE 2011
bycommandersaini
 
CenturyLink SD-WAN Executive Brief -- Emily Pechal
byEmily Pechal
 
RTI Data-Distribution Service (DDS) Master Class - 2010
byGerardo Pardo-Castellote
 
Usage Based Metering in the Cloud (Subscribed13)
byZuora, Inc.
 
F5 Application Delivery Optimization
byF5 Networks
 
IBM Relay 2015: Cloud is All About the Customer
byIBM
 
CNISP - Platform Introduction 071511pks
bylucpaquin
 
Scaling Mobile Network Security for LTE: A Multi-Layer Approach
byF5 Networks
 
Vfm packetshaper presentation
byvfmindia
 
Air defense wireless_vulnerability_assessement_module_spec_sheet
byAdvantec Distribution
 
OCS LIA
bysimoninsa
 
Cloud Computing security Challenges for Defense Forces
bycommandersaini
 
Breakingpoint Application Threat and Intelligence (ATI) Program
byIxia
 

Similar to S series presentation

PPTX
F5 - BigIP ASM introduction
byJimmy Saigon
 
PPT
Arrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBM
byArrow ECS UK
 
PDF
DSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems Intelligence
byAndris Soroka
 
PPT
Next Generation Security
byneoma329
 
PPTX
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
byAhmed Al Enizi
 
PDF
Nebezpecny Internet Novejsi Verze
byTUESDAY Business Network
 
PDF
Day 3 p2 - security
byLilian Schaffer
 
PDF
Day 3 p2 - security
byLilian Schaffer
 
PPTX
Simple ams slidedeck
byBengmancastro
 
PPTX
F5's IP Intelligence Service
byF5 Networks
 
PDF
DSS ITSEC Conference 2012 - Radware - Protection from SSL DDOS Attacks
byAndris Soroka
 
PPT
Trend micro - Your journey to the cloud, where are you
byGlobal Business Events
 
PDF
Pawaa OCC Presentation
byCloudComputing
 
PDF
Security model-of-sip-d2-05 at kishore
byAT Kishore
 
PDF
SIEM evolution
byStijn Vande Casteele
 
PDF
Cat6500 Praesentation
bySophan_Pheng
 
PPT
PCTY 2012, Threat landscape and Security Intelligence v. Michael Andersson
byIBM Danmark
 
PDF
Bulding Soc In Changing Threat Landscapefinal
byMahmoud Yassin
 
PPTX
Smart, Data-Centric Security for the Post-PC Era
byTrend Micro (EMEA) Limited
 
PPTX
Get the Most From Your Firewall
bySophos
 
F5 - BigIP ASM introduction
byJimmy Saigon
 
Arrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBM
byArrow ECS UK
 
DSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems Intelligence
byAndris Soroka
 
Next Generation Security
byneoma329
 
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
byAhmed Al Enizi
 
Nebezpecny Internet Novejsi Verze
byTUESDAY Business Network
 
Day 3 p2 - security
byLilian Schaffer
 
Day 3 p2 - security
byLilian Schaffer
 
Simple ams slidedeck
byBengmancastro
 
F5's IP Intelligence Service
byF5 Networks
 
DSS ITSEC Conference 2012 - Radware - Protection from SSL DDOS Attacks
byAndris Soroka
 
Trend micro - Your journey to the cloud, where are you
byGlobal Business Events
 
Pawaa OCC Presentation
byCloudComputing
 
Security model-of-sip-d2-05 at kishore
byAT Kishore
 
SIEM evolution
byStijn Vande Casteele
 
Cat6500 Praesentation
bySophan_Pheng
 
PCTY 2012, Threat landscape and Security Intelligence v. Michael Andersson
byIBM Danmark
 
Bulding Soc In Changing Threat Landscapefinal
byMahmoud Yassin
 
Smart, Data-Centric Security for the Post-PC Era
byTrend Micro (EMEA) Limited
 
Get the Most From Your Firewall
bySophos
 

S series presentation

  • 1.
    HP TIPPINGPOINT IPS AND VIRTUALIZATION SECURITY FOR THE DATA CENTER Sean Ennis Solutions Architect (HP TippingPoint) – Canada 1 ©2009 HP Confidential template rev. 12.10.09 ©2009 HP Confidential template rev. 12.10.09
  • 2.
    AGENDA – Modern ThreatLandscape – IPS Platform – Secure Virtualization Framework – Q&A 2
  • 3.
    DATA CENTER TRENDS ConnectEveryone to Everything Do More With Less Past Present & Future Efficiency Drives Virtualization, Blades, Dispersed, Physical, Consolidation Increased Bandwidth New Apps, Legacy, Client Server, Legacy + Web, IPv4 + IPv6, Protocols & IPv4, Data Data + Voice + Video Traffic Threat Worms, Viruses, Sophisticated Targeted Landscape Trojans, DDoS Attacks, Re-Perimeterization 3 Change
  • 4.
    MODERN ATTACK LANDSCAPE APPLICATIONSARE THE PRIMARY TARGETS Network / Server Social Enterprise and Web Downtime Engineering Application Attacks Attacks Attacks 2002-2004 2004-2007 2007-2010+ Worm Virus Trojan Social Media PHP File Include Botnet Malware Spyware Application Exploits P2P DDoS O/S Specific Attacks SQL Injection XSS Whaling Phishing Individual Online Credit Corporate Corporate Email Customer Account Click Card Confidential 4 Ransom ©2009 HP Confidential template rev. 12.10.09 Spamming Details Credentials Fraud Database Information
  • 5.
    WHAT ABOUT THEFIREWALL? In simplest form…. • Separates distinct security zones • Designed to block or allow traffic based on a set of rules • Rejects all unauthorized ports/protocols at the edge of a security zone • Very good at ensuring network resources (servers, clients, etc.) only see required traffic • Can also be generally responsible for VPN,NAT, redirection, proxying, etc. 5
  • 6.
    WHAT ABOUT THEFIREWALL? …Browser exploits …Drive-by DL …Adobe exploits SQL Injection … DDoS Spyware PHP File Include XSS … In simplest form…. • Separates distinct security zones • Designed to block or allow traffic based on a set of rules • Rejects all unauthorized ports/protocols at the edge of a security zone • Very good at ensuring network resources (servers, clients, etc.) only see required traffic • Can also be generally responsible for VPN,NAT, redirection, proxying, etc. 6
  • 7.
    IPS PLATFORM INTRODUCTION Security Management System Unknown Traffic Clean Traffic Goes In Comes Out IPS Platform IPS Platform Designed for future security demands and services Proactive Security Costs • In-line reliability • Leading security • Quick to deploy research • In-line performance • Automated threat (throughput/latency) • Fastest coverage blocking • Filter accuracy • Broadest coverage • Easy to manage 7
  • 8.
    HP TIPPINGPOINT S-SERIESPRODUCTS IPS Platform Solutions Security Intelligence 10GE Networks, Core, ROBO, Perimeter, Zone Management, Data Center, Service DVLabs Services isolation, MSPs… Accessories Providers… TippingPoint S10 TippingPoint S660N Core Controller Digital Vaccine 20Mbps • 2 Segments 750Mbps • 10 Segments 20Gbps • 3x10GbE Broadest Coverage • Evergreen Protection TippingPoint S110 TippingPoint S1400N Security Management System (SMS) Web App DV and Scanning 100Mbps • 4 Segments 1.5Gbps • 10 Segments Manage Multiple Units • Central Dashboard Web Scan• Custom Filters • PCI Report TippingPoint S330 TippingPoint S2500N SSL Appliance S1500 ThreatLinQ 300Mbps • 4 Segments 3Gbps • 11 Segments Transparent SSL Bridging and Off-Loading Real Time Threat Intelligence TippingPoint S5100N vController and VMC Reputation DV VIRTUAL CONTROLLER 8 ©2009 HP Confidential template rev. 12.10.09 5Gbps • 11 Segments Virtual Data Center Security & Visibility IP Reputation • DNS Reputation
  • 9.
    TECHNICAL SPECIFICATION -N-PLATFORM SENSORS TippingPoint 660N TippingPoint 1400N TippingPoint 2500N TippingPoint 5100N Performance Network Throughput • 750 Mbps • 1.5 Gbps • 15 Gbps • 15 Gbps Inspection Throughput • 750 Mbps • 1.5 Gbps • 3 Gbps • 5 Gbps Typical Latency • < 80 microseconds • < 80 microseconds • < 80 microseconds • < 80 microseconds Concurrent Network • 6,500,000 • 6,500,000 • 10,000,000 • 10,000,000 Sessions Security Contexts • 1,200,000 • 1,200,000 • 2,600,000 • 2,600,000 Connections/Sec • 115,000 • 115,000 • 230,000 • 230,000 Interfaces • 10 x 1GbE Copper • 10 x 1GbE Copper • 1 x 10GbE XFP • 1 x 10GbE XFP • 10 x 1GbE SFP • 10 x 1GbE SFP • Internal ZPHA (10GbE) • Internal ZPHA (10GbE) • 10 Total Segments • 10 Total Segments • 10 x 1GbE Copper • 10 x 1GbE Copper • External ZPHA • External ZPHA • 10 x 1GbE SFP • 10 x 1GbE SFP • 10 Total Segments • 10 Total Segments • External ZPHA • External ZPHA Power • AC only • AC only • AC or DC • AC or DC 9
  • 10.
    TSE Threat Suppression Engine Thread Thread Thread Tier 3,4 Tier 2 Load Balancer, Traffic Management (FW), Bypass Tier 1 10 ©2009 HP Confidential template rev. 12.10.09 10
  • 11.
    HP TIPPINGPOINT 1200N EMBEDDEDIPS PLATFORM – TippingPoint IPS module brings industry leading IPS, including Digital Vaccine and Reputation DV service to any A7500 series switch – 1.3 Gbps aggregate inspection throughput across 2 x 1Gb copper or 1 HP A7500 Switch Series x 10Gb backplane interface – A unified network and security management framework based on TippingPoint’s Security Management System (SMS) integrated and HP’s Intelligent Management Center (IMC) HP TippingPoint 1200N IPS 11
  • 12.
    CORE CONTROLLER FOR10GBE Core Controller Model Provides: • Three 10GbE segments • High Availability – Reliability and Redundancy • High Performance with Low Latency – 10Gbps inspection across IPS’s • 20Gbps aggregate inspection throughput • Ease of Management and Low TCO – Low cost of entry and pay-as-you-grow design • Scalability – Expand IPS capacity to meet high bandwidth demands • 24x iLink segments - Interconnects to IPSs - 48 1Gbps ports • Smart ZPHA modules (Optional) • Zero Power High Availability – bypass • Dual hot-swappable power supplies • System health and status panel 12 ©2009 HP Confidential template rev. 12.10.09 12
  • 13.
    1500S – SSLINSPECTION High-performance, transparent SSL off-loading and bridging for IPS traffic inspection SSL Appliance 000100101010011110100100101 010101010110101010101010001 110101010101 1010101010101010101010 1010101010100100000110 1001010011010 v c Clean Encrypted Traffic c v OR Dirty Encrypted JOHNSONAMY>TEL21251>NU Traffic MBER0338-2934-051 QUE€2532.90>DOB09/19/ IPS Platform Clean Un-Encrypted Traffic › Key Benefits • Increased Web server and application security • Virtually no traffic bottlenecks or application performance penalty • Carrier-class reliability delivers high-availability / up-time • Contributes to regulatory compliance efforts • Reduced server utilization in off-loading configuration 13
  • 14.
    LEADING SECURITY RESEARCH– DVLABS IPS Platform is Only as Good as its Security Intelligence 1,400+ Independent Researchers DV Labs Research & QA TippingPoint IPS Platform Leading security research and filter development with 30+ Dedicated Researchers 2,000+ Customers Participating DVLabs Services: › Digital Vaccine › App DV Partners › Web App DV › ThreatLinQ › Reputation DV › Lighthouse Program › Custom DV SANS, CERT, NIST, etc. Software & Reputation Vendors 14 14 ©2009 HP Confidential template rev. 12.10.09
  • 15.
    PROVEN IN-LINE FILTERACCURACY UNMATCHED ACCURACY FROM DVLABS AND DIGITAL VACCINE Vulnerability Term Definition Security flaw in a software Vulnerability program False Positives Attack on a vulnerability to: (coarse filter) Exploit • Gain unauthorized access • Create a denial of service Stops a single exploit • Easy to produce • Typically produced due to Exploit Filter IPS engine performance limitations Exploit B • Results in missed attacks (missed by Exploit Filter A) Exploit A and false positives Vulnerability Stops all exploits attacking Standard IPS Exploit Filter Filter the vulnerability for Exploit A TippingPoint’s vulnerability filter acts like a Virtual Software Patch, 15 eliminating false positives September 22, 2010 15
  • 16.
    REPUTATION DIGITAL VACCINE Keepthe bad guys and the botnets off your network Reputation Database • IPv4 & IPv6 Address • Geography • DNS Names • Merge with your data Access Switch Internet IPS Platform BLOCK OUTBOUND TRAFFIC BLOCK INBOUND TRAFFIC • Botnet Trojan downloads • Spam and phishing emails • Malware, spyware, & worm downloads • DDoS attacks from botnet hosts • Access to botnet CnC sites • Web App attacks from botnet hosts • Access to phishing sites Botnets Currently Being Tracked: Conficker, ZeuS, Kraken, Srizbi, Torpia, Storm, Asprox, Gumblar, Koobface, Mariposa, Dark Energy 16
  • 17.
    2010: DATA CENTERVIRTUALIZATION REACHES THE TIPPING POINT Leading in Times of Transition: the 2010 CIO Agenda ~ 58 million Survey of 1,586 CIOs: deployed x86 50% machines • Virtualization becomes… #1 Technology Priority in 2010 •Displaces Business Intelligence 16% which held top position for the last 5 yrs! 2010 2011 2012 17 Source: Gartner Says 16% of Workloads are Running in Virtual Machines Today. Will grow to 50% by 2012(October 2009)
  • 18.
    BUT WHAT ABOUTSECURITY? “60 Percent of Virtualized Servers Will Be Less Secure than the Physical Servers They Replace Through 2012” I. Information Security Isn't Initially Involved in the Virtualization Projects II. A Compromise of the Virtualization Layer Could Result in the Compromise of All Hosted Workloads III. Workloads of Different Trust Levels Are Consolidated onto a Single Physical Server Without Sufficient Separation IV. Adequate Controls on Administrative Access to the Hypervisor/VMM Layer and to Administrative Tools are Lacking V. There Is a Potential Loss of SOD for Network and Security Controls ... Source: MacDonald, Neal. Addressing the Most Common Security Risks in Data Center Virtualization Projects, Gartner, Inc. January 25, 2010 18 SOD: Separation Of Duties
  • 19.
    SECURE VIRTUALIZATION FRAMEWORK VIRTUALIZATIONVISIBILITY GAPS APPLICATION VMs App App App App OS OS OS OS ? VMsafe Kernel Module Virtual Switch HYPERVISOR ESX Host ESX Host ? ? (1) Host to Host IPS inspection on each uplink is expensive/unmanageable IPS (2) VM to VM No way to insert physical IPS (3) VM Mobility What happens when a vm moves? Core 19
  • 20.
    SECURE VIRTUALIZATION FRAMEWORK TIPPINGPOINT VCONTROLLER APPLICATION VMs APPLICATION VMs APPLICATION VMs • Utilizes same specialized hardware as App App App App App App App App App App App App physical network segments OS OS OS OS OS OS OS OS OS OS OS OS • Policy-based redirection ties IPS vController inspection to VMs Redirection Policies VMsafe VMsafe VMsafe • VMsafe kernel module integration provides deep insight into vm behavior Virtual Switch Virtual Switch Virtual Switch maintains low redirection latency HYPERVISOR HYPERVISOR HYPERVISOR (<80us) ESX Host • Manage all virtual and physical networks with the same tools • VMC console provides full visibility into logical VM connectivity Core IPS 20 http://www.bestofinterop.com/winners/#security
  • 21.
    WHAT ABOUT VIRTUALIPS? RESTRICTED SCALABILITY App APPLICATION VMs App App App vIPS ? • Can be effective in smaller environments OS OS OS OS • Cannot take advantage of specialized hardware VMsafe Kernel Module • Shares resources with other VMs Virtual Switch • Latency is typical due to lack of HYPERVISOR hardware acceleration ESX Host • Difficult to establish performance baselines IPS Core 21
  • 22.
    VISUALIZE YOUR VIRTUALIZATION TIPPINGPOINTVIRTUALIZATION MANAGEMENT CENTER (VMC)  Empower network/security teams with real-time visibility into virtual environment  Integration with virtualization management  Topology mapping provides identification of virtual/physical 22 network paths
  • 23.
    TIPPINGPOINT VMC IT’S ALL ABOUT THE INSPECTION POLICIES  Assign policies by VM and/or zone, not location or network connection  Automate trust zone assignmentfor new or untrusted workloads  Ensure policies follow VM regardless of state(in motion, powered on, powered off)  Cloned VMs must automatically inherit parent policies 23
  • 24.
    SUMMARY S ecuring T he Next G eneration Data C enter S top T hreats P rotec ts Highes t Immediate, Always Up T o S ec ure V irtualization F as ter B andwidth Data C enters Date P rotec tion F ramework • Proactive Security Model • Highest performance • Protects in Minutes • vController • Best Inline Enforcement • 20Mbps to 16Gbps • Automated DV Updates • Visibility and control • Broadest Security • Latency in Microseconds • Most Timely Protection • Leverage existing hardware • DVLabs Leading Security • Protects Layer 2-7 • Leading Zero-Day Protection investments Research • Inline or out-of-band • Intuitive managment • No compromise to • Zero-Day Initiative deployment options consolidation ratio • Application Visibility • Deployment Options for • Vulnerability Intelligence Virtual Data Centers 24
  • 25.
    THANK YOU 25 ©2009 HP Confidential template rev. 12.10.09