©2010 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice©2010 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice

HP TippingPoint

Enrique Gonzalez

Solutions Architect

MCA – Latin America

Agenda

• Intrusion Prevention Systems Technical Overview

• HP TippingPoint and VMWAre Partnership

• Securing the Next Generation Virtualized Data Center

Intrusion Prevention Systems Technical Overview

Traditional Firewall Holes

Traditional Defenses:Firewalls and Intrusion Detection Systems

Traditional Defenses Miss 80% of All Attacks

Hole punchfor server port

Vulnerable Serversand ClientsFirewall

IDS

ALERT!

External Attack Penetrates FW

Internal AttackHas Total Access

Traditional Reaction:Patching Individual Systems…

Hole punchfor server port

Patched Serversand ClientsFirewall

IDS

ALERT!

External Attack Penetrates FW

Multiply by thousandsor tens of thousands of servers and clients…

scaling problem

…But Can’t Keep Up With All The Patches

X-Rays Are Not Enough!

X-Ray = IDS

What do you prefer?1. Find out you fractured a bone

2. Prevent the bone from fracturing in the first place

Convergence of Network and Security

Security is

embedded in

the network

itself

Botnet CnC• 5,000 - 6,000 sites worldwide

Phishing Sites• 50,000+ new

phishing sites discovered monthly

Malware Depots

• Estimates of 2,500 - 50,000 new malware depots discovered daily

Compromised Hosts

• Millions worldwide

Cyber Attacks – What we are facing

June 24, 2011 9

IPS PlatformDesigned for future security demands and services

IPS Platform IntroductionAutomated, Scalable Threat Protection

Proactive

•In-line reliability

•In-line performance (GB/latency)

•Filter accuracy

Dirty Traffic

Goes In

Clean Traffic

Comes Out

IPS Platform

Security Management

System

Security

•Leading security research

•Fastest coverage

•Broadest coverage

Costs

•Quick to deploy

•Automated threat blocking

•Easy to manage

Hardware Features5100N and 2500N

HP TippingPoint S-Series Products

HP TippingPoint S10

20Mbps • 2 Segments

HP TippingPoint S110

100Mbps • 4 Segments

HP TippingPoint S330

300Mbps • 4 Segments

HP TippingPoint S660N

750Mbps • 10 Segments

HP TippingPoint S1400N

1.5Gbps • 10 Segments

HP TippingPoint S2500N

3Gbps • 11 Segments

HP TippingPoint S5100N

5Gbps • 11 Segments

IPS Platform Portfolio

ROBO, Perimeter, Zone Isolation, MSPs 10GE Networks, Core, Data Center, Service Providers

HP TP S1200N IPS A7500 Module

1.3Gbps • 4 Segments

HP TippingPoint S5100N Bundle

10Gbps • 22 Segments

HP TippingPoint S6100N

8Gbps • 11 Segments

HP TippingPoint S6100N Bundle

16Gbps • 22 Segments

One HP TippingPoint Core Controller

Two HP TippingPointS5100N IPS

Two HP TippingPointS6100N IPS

One HP TippingPoint Core Controller

HP TippingPoint S-Series Products

Core Controller

20Gbps • 3x10GbE

Security Management System (SMS)

Manage Multiple Units • Central Dashboard

Management,

Accessories

SSL Appliance S1500

Transparent SSL Bridging and Off-Loading

vController and VMC

Virtual Data Center Security & Visibility

Digital Vaccine

Broadest Coverage • Evergreen Protection

Web App DV and Scanning

Web Scan• Custom Filters • PCI Report

ThreatLinQ

Real Time Threat Intelligence

Security Intelligence

Reputation DV

IP Reputation • DNS Reputation

DVLabs Services

VIRTUALCONTROLLER

TippingPoint IPS Platform

DVLabs Services:› Digital Vaccine

› Web App DV

› Reputation DV

› Custom DV

Leading security research

and filter development with

30+ Dedicated Researchers

Partners

SANS, CERT, NIST, etc.Software & Reputation Vendors

2,000+ Customers Participating

1,500+ Independent Researchers

IPS Platform is Only as Good as its Security Intelligence

Digital Vaccine – DVLabs

DV Labs Research & QA

› App DV

› ThreatLinQ

› Lighthouse Program

How fast? Is it important?

HP DVLabs’ Digital Vaccine®Providing a Virtual Patch to Unpatched Servers

Vulnerability

False Positives(course filter)

Standard IPS Exploit Filterfor Exploit A

Exploit AExploit B(missed by Exploit Filter A)

Term Definition

VulnerabilitySecurity flaw in a software program

Exploit

Method that takes advantage of a

vulnerability to:

• Gain unauthorized access

• Create a denial of service

Exploit Filter

Covers a single exploit, not the

vulnerability

• Typically produced due to IPS engine

performance limitations

• Results in missed attacks and false positives

• Other filters may entirely block service

access

Vulnerability

Filter

Covers entire vulnerability and all

possible exploits

HP TippingPoint’s vulnerability filter

acts as a Virtual Software Patch,

eliminating false positives

Digital Vaccine Provides Filters to Detect

Malicious Codes

Vulnerabilities

Malicious Code (virus, Trojan, etc.)

Spyware

DDoS Attacks

Reconnaissance

Protocol Anomaly

Policy (attachments, common passwd, etc)

VoiP

SCADA

• Deep filter coverage• Weekly updates

HP TippingPoint provides >5100 filters with 4 recommended filter sets

19

Internet

Servers

Database

Storage

Web Application Scan

1

2

Web App

Web App Scan Service1. Comprehensive Scan

2. Vulnerability report• Input to DVLabs filter creation

Web App DV Filter Service3. DVLabs creates custom Web

App filters

4. Web App DV package deployed to IPS

– “Virtual Patch”

5. Rescan through IPS to confirm

no vulnerabilities

Compliance Reporting

Vulnerability

Report

3

4

XXXXXX

XXXXXX

VulnerabilityP

age and

Parameter

Web App DV & Scanning Services

BLOCK OUTBOUND TRAFFIC BLOCK INBOUND TRAFFIC

Reputation Database

• IPv4 & IPv6 Address

• DNS Names

IPS Platform

Access

Switch

• Botnet Trojan downloads

• Malware, spyware, & worm downloads

• Access to botnet CnC sites

• Access to phishing sites

• Spam and phishing emails

• DDoS attacks from botnet hosts

• Web App attacks from botnet hosts

Botnets Currently Being Tracked: Conficker, ZeuS, Kraken, Srizbi, Torpia, Storm, Asprox, Gumblar, Koobface, Mariposa, Dark Energy

Reputation Digital Vaccine

• Geography

• Merge with your data

Mantener tráfico potencialmente malo fuera de la red

Internet

Application Digital Vaccine

HP Confidential

Set rate limits that ensure

bandwidth is available for mission

critical applications

Granular policies give IT control

of 000s of applications

Quickly manage categories or

specific applications, reducing

management time from hours to

minutes

Controls application access and usage to ensure mission critical applications are available

Source: Anonymous HP TippingPoint Customer

FACEBOOK• Examples of what we can do today:

–Facebook Access allowed with Facebook Chat and File Transfer denied

Facebook Access

Facebook Chat

HP TippingPoint and VMware Partnership

HP TippingPoint and VMware Strategic Partnership

February 15 Announcement

Strategic Development Partnership

VMware #1 Virtualization Platform

HP TippingPoint #1 Security Research/Architecture

Virtual Security Solutions today with vController and vShield

Building Next Generation Security APIs for Cloud Environments

Building Next Generation Security APIs for Cloud Environments

HP TippingPoint and VMware Security Solutions for Today and Tomorrow

25

Today:

• HP TippingPoint’s vController and VMware’s vShield protect today’s

virtual environments

Tomorrow:

• HP TippingPoint and VMware jointly develop next generation security APIs

to protect complex cloud environments

Integrated security capabilities: TodayHP TippingPoint plus VMware = Comprehensive Cloud Security

VMware

– vShield Edge: data center security

– vShield Zone: zones security

– vShield App: application security

– vShield Endpoint: malware security

HP TippingPoint vController IPSVMware vShield Edge HP TippingPoint vController IPS

VMware vShield AppsVMware vShield Zones

HP TippingPoint vController IPSVMware vShield Endpoint

HP TippingPoint

–vController: real-time traffic

inspection across VMs

–vController: bridges virtual &

physical

Data CenterZones

Endpoint

Industry Leaders Develop Next Generation APIs for Cloud

Environments

• VMware and HP to develop Next Generation APIs

• HP TippingPoint vIPS runs as service VM for efficiency

• Security is pervasive in virtual and cloud environments

vNetwork Standard or Distributed Switch

VMware Tools

TippingPoint vIPS

IPS Inspection

SMS Mgmt

VMware vSphere

VMsafe / VMReady Next Generation APIsMgtPort

28 Footer goes here

HP TippingPoint and VMware Secure the Cloud

VMware#1 Virtualization Platform

HP TippingPoint#1 Security Research/Architecture

Next Generation Security Solutions for the Cloud

Securing the Next Generation Virtualized Data Center

Increased Data Center Security Focus2010 – Virtualization Reaches a Tipping Point

~ 58 million

deployed x86

machines

• #1 Technology Priority in 2010

•Survey of 1,586 CIOs

•Displaces Business Intelligence

which held top position for the last

5 years!

•Source: Gartner EXP, Jan 2010

2010 2011 2012

16%

50%

• 50% of Workloads by 2012

•Today 16% of workloads are

running in virtual machines

•Source: Gartner, Oct 2009

“60% of the virtual servers are less secure than the physical servers they replace…”

Source: Gartner Oct 2010 Key Trends Facing Data Center Infrastructure

Looking ForwardNetwork Security Deployment in the Data Center

• Same evolutionary pattern as network security

• Begins with DC perimeter protection

• Must protect entire DC attack surface

• Then internal DC / application segmentation

• Must address physical and virtual DC environments

Data Center Security Approaches and Challenges

DMZ FINANCE HR

PCI TEST DEV

Data CenterFW / IPS

FW / IPS

FW / IPS

– DC Perimeter Protection

– Zone Protection

– Endpoint Protection

– Single Security Model for Physical and Virtual DC

VM

VM

VM

VM

VM VM

VM VM

VM

VM VM

VM

VM VM

VMVM

VM

VMVM

VM

VM

VM

VM VM

VM VM

VM

Core Switch

The Virtual Network Visibility Gap

Virtualized Host

VM

App

OS

3

VM

App

OS

Virtualized Host

VM

App

OSVM

App

OS

Virtualized Host

VM

App

OSVM

App

OS1

2

4 VMs moved to

separate site

Top of Rack

Switch

IPS Platform• Hypervisor Security

• Are mission critical

• Can’t be secured with virtual IPS

• Patches must be immediate

• Host to Host Threats• Can’t deploy IPS for every server

• Also Need VM to Host security

• VM to VM Threats• Virtual trust zones

• Traffic does not enter the physical network for inspection

• A victim VM can attack other VMs

• VM Mobility• vMotion launches VMs in separate sites for DR or

other purposes

• Physical IPS options are cost prohibitive for these uses

2

1

3

4

What’s Included

– IPS Platform

– Virtual Controller + Virtual Firewall

(vController+vFW)

– SMS / Virtual Management Center

(vMC)

Securing Virtualization DC security solution

– Single, purpose-built DC security

solution

Extend IPS solution into the virtual DC

– Leverage previous IPS investments

VMC

Hypervisor

VMsafe Kernel Module

Core Switch

vSwitch

TippingPoint IPS

Redirect Policy

App App AppApp

Application VMs

OS OS OSOS

Virtualized Host

vController+ vFW

Service VM

Management Network

VMware

vCenter

Top of Rack Switch

Secure Virtualization Framework (SVF)

Virtualization Management Center (VMC)

DMZPCI Corporate

HP TippingPoint vController + Firewall

VMware vCenter

VMware vSphereServer Admin Domain

Security Domain

Virtualization Management Centervisibility and control for VSphereMaintain Separation of Duties

–vCenter integration provides security teams infrastructure visibility

–Security zones and policies maintained independent of vCenter

–Policies automatically adapt to infrastructure changes

–Enables zone and policy definition based on infrastructure attributes

–Real-time virtual network topology mapping

–Graphical policy visualization

CorporateDMZPCI

DMZPCI Corporate

HP TippingPoint vController + Firewall

VMware vCenter

VMware vSphere

Server Admin Domain

Security Domain

Secure VMware Virtualization with HP TippingPoint

vControllerPurpose-built for virtualization network securityExtend Proven Network Security To Virtualization

– IPS protection for virtual zones & perimeters

–Enforce network zones/segmentation in virtual network layer

–Extend compliance zones into virtual environment

–Maintain separation of duties

–Address virtualization specific challenges:– VM Sprawl

– VM Mobility

– VM Patch Management (Rollback &Templates)

Operation without vController

vController

Operation with vController

VMWare Ready

• VMware VMSafe Hypervisor Integration– vController is fully integrated with VMware vSphere using the VMSafe API

• VMware vCenter Integration– VMC is fully integrated with VMware’s vCenter management console

• Member of VMware Global Technology Alliance Partner (TAP) Program

• Certified per “VMware Ready” Program– Supports Vmware vShere 4 (ESX / ESXi4)

Leader (2008 – 2009 - 2010)

Intrusion Prevention System

HP Secure® AppliancesCertified (2009 - 2010)

DVLabs

Security Intelligent®

Conclusiones

HP Secure Market Recognitions

vController – Best of Interop – SecurityInterop 2010

Category: Security

TippingPoint - TippingPoint Virtual Controller (vController)

Judges: Tim Wilson & Andrew Conry-Murray

IT people agree – virtualization is one of the most important new developments to hit the data center

in many years. Unfortunately, many enterprises so far have been hestitant to deploy virtualization and

cloud technologies primarily because of one primary issue: security.

There have been a number of short-term "fixes" for the virtualization security problem, but the

TippingPoint Virtual Controller (vController), in our opinion, is taking the first steps toward a more

concrete solution. It includes integrated management capabilities that are compatible with VMware,

allowing the security team to see and monitor security in the virtualized environment at a granular

level. Working as a next-generation IPS, it includes up-to-the-minute security research from

TippingPoint’s Digital Vaccine Labs (DVLabs) team and the Zero Day Initiative.

http://www.bestofinterop.com/winners/#security

42June 24, 2011

“La cadena siempre se rompe por el eslabón más débil”

Preguntas?

Gracias