HP Software EMEA Performance Tour Zurich, Switzerland September 18

Transcription

1 HP Software EMEA Performance Tour 2013 Zurich, Switzerland September 18

2 ESP Making Network Security Relevant HP TippingPoint NGIPS Karl Hertenstein / ESP Solution Architect Switzerland & Austria September 18 th, 2013

3 Agenda Landscape HP TippingPoint NGIPS 3

4 Landscape

5 Rise of the cyber threat Enterprises and Governments are experiencing the most AGGRESSIVE THREAT ENVIRONMENT in the history of information 5

6 Cyber Attacks are now a global concern 6

7 Customers struggle to manage the security challenge Today, security is a board-level agenda item 7

8 Customers struggle to manage the security challenge Primary Challenges 1 Nature & Motivation of Attacks (Fame fortune, market adversary) A new market adversary Research Infiltration Discovery Capture Exfiltration 8

9 Customers struggle to manage the security challenge Primary Challenges 1 Nature & Motivation of Attacks (Fame fortune, market adversary) Delivery Traditional DC Private Cloud Managed Cloud Public Cloud 2 Transformation of Enterprise IT (Delivery and consumption changes) Network Storage Servers Consumption Virtual Desktops Notebooks Tablets Smart phones 9

10 Customers struggle to manage the security challenge 1 Primary Challenges Nature & Motivation of Attacks (Fame fortune, market adversary) Policies & Regulations 2 Transformation of Enterprise IT (Delivery and consumption changes) Basel III 3 Regulatory Pressures (Increasing cost and complexity) DoD

11 Attacks & attackers become more sophisticated Broad Attacks Advanced Targeted Threats Stuxnet Duqu Aurora Recreational Hackers Organized Crime & Nation States Only 16% of Firms Have a Security Policy in Place to Protect Against Advanced, Targeted Threats. * What Is an Advanced, Targeted Threat? * Source: Global State of Information Security Survey, PricewaterhouseCoopers, CIO magazine, CSO magazine, September

12 The adversary ecosystem Research Infiltration 5X Discovery 1X Their ecosystem Capture Our enterprise Exfiltration 12

13 Example of a High-Profile Attack: RSA Data Breach :00 AM Finance person receives a spearphishing 8:30 AM Opens to see 2012 Recruitment plan.xls file 8:31 AM RAT program downloaded utilizing Adobe Flash vulnerability 8:32 AM Poison Ivy RAT is initiated NEXT DAY / 12:01AM NMAP scan to identify and classify network resources DAY 10 OVER THE NEXT 10 DAYS Collect data over a period of time 11TH DAY / 12:05 AM Encrypt and ftp file to good.mincesur.com 12TH DAY Attack hits the headlines 13

14 The Impact is Real March 17, 2011 RSA Hit By Advanced Persistent Threat RSA has been breached and sensitive token key information from more than 40 million end users may have been compromised. Breaches Are Costly RSA announced cost of breach at $66 million Negative press. Loss of business and loss of trust. May 31, 2011 Lockheed Martin Suffers Massive Cyberattack Significant and tenacious attack targeted multiple defense contractors and involved hack of RSA SecurID System. The Stakes Are High Intellectual property loss could compromise national security 14

15 And RSA Was Not Alone United Nations Cyber attack on United Nations leads to massive loss of information and posses huge economic threat. 360,000 accounts hacked in cyber attack; $2.7 million stolen. Barracuda Hit By Cyber Attack Attacker grabbed the information using an SQL injection script Sony Online estimates 25 million customer accounts hacked. Stuxnet Worm Sophisticated worm attacks Siemen s SCADA industry control systems and Windows. Directors Desk application breached, Web-based collaboration and communications tool for senior executives and board members 15

16 84% of breaches occur at the application layer 68% increase in mobile application vulnerability disclosures 16

17 416days average time to detect breach 2012 January February March April May June July August September October November December 2013 January February March April 17

18 94% 3rd of breaches are reported by a party 18

19 What are customers missing? Converged infrastructures require high rates of inspected traffic throughput Virtualization requires virtual security Protection from zero-day vulnerabilities 19

20 HP TippingPoint NGIPS

21 What s Gartner s Recommended Solution? Next Generation Intrusion Prevention System (NGIPS) Standard First Gen IPS Capabilities Context Awareness Content Awareness Application Awareness and Visibility Agile Engine 21

22 How can we fit the requirements? Converged infrastructures require high rates of inspected traffic throughput Virtualization requires virtual security Protection from zero-day vulnerabilities 22

23 HP TippingPoint NX Serie Highest port density on the market today Hot-Swappable I/O modules Stops malicious traffic & protects vulnerable applications Provides application visibility and control Installs ~1 hour for quick in-line threat protection Ensures high network performance and availability Provides low-latency for real-time applications Easy to configure, deploy and manage Multiple security services: Reputation Services Web Application Security Application awareness, control and security Customized Security and Protection Global Threat Intelligence 23

24 NX Platform Market Leading 2U Port-Density with Swappable Modules Available Models: 2600NX, 3 Gbps 5200NX, 5 Gbps 6200NX, 10 Gbps 7100NX, 15 Gbps 7500NX, 20 Gbps 24

25 Swappable I/O Modules Complete range available, including bypass-options Non-Bypass-Modules - 6 segment Gig-T - 6 segment GbE-SFP - 4 segment 10GbE-SFP+ - 1 segment 40GbE-QSFP+ Bypass-Modules* - 4 segment Gig-T - 2 segment 1GbE-Fiber-SR - 2 segment 1GbE-Fiber-LR - 2 segment 10GbE-Fiber-SR - 2 segment 10GbE-Fiber-LR *Provide connectivity when power fails 25

26 Flexibility and Performance NGIPS Appliance Inspection Thrgp. [Mbps] Inline IPS Segments N N N NX N NX N NX NX NX Gbps Ethernet Copper 1Gbps Ethernet Fiber 10Gbps Ethernet Fiber Ports 40Gbps Ethernet Fiber Network Thrgp. [Mbps] Connections per Second Concurrent Sessions

27 HP TippingPoint Security Management System The HP TippingPoint Security Management System (SMS) provides unified management to HP TippingPoint products, acts as a connecting point for strategic integration, and adds value to security solutions. Features: Centralized Multi-tenancy Best of Breed Management Easy Installation 3 rd Party Integration Security Services Aggregation Graphing and Reporting Active Updates 27

28 HP TippingPoint protects from data center to edge Blocks threats attacking applications and operating systems Virtual machines (VMs) Remote offices and branches Network-embedded and standalone devices Endpoint management Data center Protection for physical, virtual, and cloud environments WAN Best-of-Breed Management and Reporting Wireless LAN Core Campus LAN Edge Internet Tele-workers, partners, and customers Unified network security policy console 28

29 How can we fit the requirements? Converged infrastructures require high rates of inspected traffic throughput Virtualization requires virtual security Protection from zero-day vulnerabilities 29

30 Extending Security to Virtual Environments CloudArmour: purpose-built for virtualization network security IPS protection for virtual zones and perimeters Enforce network zones/segmentation in virtual network layer Extend compliance zones into virtual environment Maintain separation of duties Address virtualisation specific challenges: VM Sprawl VM Mobility VM Patch Management (Rollback and Templates) PCI DMZ Corporate Secure VMware Virtualisation with HP TippingPoint PCI DMZ Corporate HP TippingPoint vcontroller + Firewall VMware vcenter VMware vsphere Security Domain Server Admin Domain 30

31 How can we fit the requirements? Converged infrastructures require high rates of inspected traffic throughput Virtualization requires virtual security Protection from zero-day vulnerabilities 31

32 Proactive Prevention Vulnerability is discovered first, exploits are released later Ratio of (Vulnerability : Exploits) is always (1:n), where n>1 Proactive IPS Protection t1 t2 t3 t4 Vulnerability Is found Exploit-Code is In-The-Wild Software Vendor releases Patch Patch Rollout 32

33 Exploit of Vulnerable Application HP TippingPoint Vulnerability Filter Term Definition Vulnerability False Positives Vulnerability Exploit Security flaw in a software program Attack on a vulnerability to: Gain unauthorized access Create a denial of service Exploit B (missed by Exploit Filter A) Exploit A Standard IPS Exploit Filter for Exploit A Exploit Filter Vulnerability Filter Stops a single exploit Easy to produce Typically produced due to IPS engine performance limitations Results in missed attacks and false positives Stops all exploits attacking the vulnerability 33 33

34 Proactive Security with HP TippingPoint DVLabs DVLabs Security Services Protects against 1000 s of exploits 1,650+ independent researchers 2,000+ customers participating Partners SANS, CERT, NIST, OSVDB etc. Software & reputation vendors DVLabs Research Leading security research organization The leader in zero day vulnerability discovery Delivers earliest filter protection Staffed by 30+ dedicated researchers Reputation Application Web Application DV Toolkit Blocks Millions of Known Bad Hosts Granular App Control and Rate Limiting Inspect and Protect Web Apps Custom Filter Tool with SNORT support Monitor the Global Threat Landscape Industry Leading Security Research Industry Leading Threat Protection 34

35 HP TippingPoint DVLabs Digital Vaccine Service DVLabs Discovers More Vulnerabilities And Provides Earliest Protection Against Zero Day Threats DVLabs: Leading the Industry in Vulnerability Discovery AND Filter Delivery 35

36 Recognized security research leader Frost & Sullivan Market Share Leadership Award for Vulnerability Research 3 years in a row! Analysis of vulnerabilities by severity (continued) Key takeaway: HP TippingPoint continues to lead in critical0severity vulnerability disclosures. At any time, 200 to 300 zero day vulnerabilities only HP knows about Note: All figures are rounded. The base year is CY Source: Frost & Sullivan analysis 36

37 Protection Against Advanced Targeted Attacks Spearphishing Attack 5:00 AM Content Finance Awareness person receives a Detects mail spearphishing traffic containing phishing attack techniques Context Awareness RepDV blocks mail traffic from known sources of phishing s Reconnaissance and Mapping NEXT DAY / 12:01AM NMAP scan to identify and Context Awareness classify network resources NGIPS detects the scan, quarantines the host, determines USER ID correlated with that host, then alerts end user and admin GEOLOCATION information included in each event shows a shift in this attack from external to internal Malicious Attachment 8:30 AM Content Opens Awareness to see 2012 Recruitment plan with.xls file Leverages 200 content filters from DV Labs to prevent download of s with malicious attachments DAY Ongoing OVER Scanning THE and Data Collection 10 NEXT 10 DAYS Collect data over a period of time HP ArcSight ESM identifies anomalous internal activities by analyzing and correlating every event, then provides real time dashboards, notifications or reports to the security administrator Exploit of Vulnerable Application 8:31 AM Vulnerability RAT program Protection downloaded DVLabs utilizing Filter Service Adobe offers Flash over 100 filters to protect vulnerability against Adobe exploit Content Awareness Content filters detect download of Poison Ivy RAT Context Awareness RepDV detects downloads from known sources of Malware and Spyware Data Leakage 11TH DAY / 12:05 AM Encrypt and ftp file to Context Awareness good.mincesur.com RepDV Service detects and blocks communications with known bad hosts, domains, and unapproved geographies External Use of Compromised Host 8:32 AM Content Poison Awareness Ivy RAT is initiated NGIPS detects and takes action on Poison Ivy command and control TRAFFIC Context Awareness NGIPS detects and takes action on COMMUNICATIONS with known malicious hosts HP TP Next 12TH Gen DAY IPS Delivers Attack hits the headlines TEN Countermeasures 37

38 HP TippingPoint Confidently Secures Your Network Comprehensive network, application and cloud data center protection HP TippingPoint Other network security vendors Pre-zero-day attack coverage Precise filters that minimize false positives 1,600 global security researchers Industry leader in vulnerability discovery Global threat intelligence portal (ThreatLinQ) Leading virtualization security solution Installs in-line in less than 2 hours 38

39 Thank you