hp angle light 16x9 green - quicklan · ›digital vaccine ›web app dv ›reputation dv ›custom...
TRANSCRIPT
©2010 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice©2010 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice
HP TippingPoint
Enrique Gonzalez
Solutions Architect
MCA – Latin America
Agenda
• Intrusion Prevention Systems Technical Overview
• HP TippingPoint and VMWAre Partnership
• Securing the Next Generation Virtualized Data Center
Intrusion Prevention Systems Technical Overview
Traditional Firewall Holes
Traditional Defenses:Firewalls and Intrusion Detection Systems
Traditional Defenses Miss 80% of All Attacks
Hole punchfor server port
Vulnerable Serversand ClientsFirewall
IDS
ALERT!
External Attack Penetrates FW
Internal AttackHas Total Access
Traditional Reaction:Patching Individual Systems…
Hole punchfor server port
Patched Serversand ClientsFirewall
IDS
ALERT!
External Attack Penetrates FW
Multiply by thousandsor tens of thousands of servers and clients…
scaling problem
…But Can’t Keep Up With All The Patches
X-Rays Are Not Enough!
X-Ray = IDS
What do you prefer?1. Find out you fractured a bone
2. Prevent the bone from fracturing in the first place
Convergence of Network and Security
Security is
embedded in
the network
itself
Botnet CnC• 5,000 - 6,000 sites worldwide
Phishing Sites• 50,000+ new
phishing sites discovered monthly
Malware Depots
• Estimates of 2,500 - 50,000 new malware depots discovered daily
Compromised Hosts
• Millions worldwide
Cyber Attacks – What we are facing
June 24, 2011 9
IPS PlatformDesigned for future security demands and services
IPS Platform IntroductionAutomated, Scalable Threat Protection
Proactive
•In-line reliability
•In-line performance (GB/latency)
•Filter accuracy
Dirty Traffic
Goes In
Clean Traffic
Comes Out
IPS Platform
Security Management
System
Security
•Leading security research
•Fastest coverage
•Broadest coverage
Costs
•Quick to deploy
•Automated threat blocking
•Easy to manage
Hardware Features5100N and 2500N
HP TippingPoint S-Series Products
HP TippingPoint S10
20Mbps • 2 Segments
HP TippingPoint S110
100Mbps • 4 Segments
HP TippingPoint S330
300Mbps • 4 Segments
HP TippingPoint S660N
750Mbps • 10 Segments
HP TippingPoint S1400N
1.5Gbps • 10 Segments
HP TippingPoint S2500N
3Gbps • 11 Segments
HP TippingPoint S5100N
5Gbps • 11 Segments
IPS Platform Portfolio
ROBO, Perimeter, Zone Isolation, MSPs 10GE Networks, Core, Data Center, Service Providers
HP TP S1200N IPS A7500 Module
1.3Gbps • 4 Segments
HP TippingPoint S5100N Bundle
10Gbps • 22 Segments
HP TippingPoint S6100N
8Gbps • 11 Segments
HP TippingPoint S6100N Bundle
16Gbps • 22 Segments
One HP TippingPoint Core Controller
Two HP TippingPointS5100N IPS
Two HP TippingPointS6100N IPS
One HP TippingPoint Core Controller
HP TippingPoint S-Series Products
Core Controller
20Gbps • 3x10GbE
Security Management System (SMS)
Manage Multiple Units • Central Dashboard
Management,
Accessories
SSL Appliance S1500
Transparent SSL Bridging and Off-Loading
vController and VMC
Virtual Data Center Security & Visibility
Digital Vaccine
Broadest Coverage • Evergreen Protection
Web App DV and Scanning
Web Scan• Custom Filters • PCI Report
ThreatLinQ
Real Time Threat Intelligence
Security Intelligence
Reputation DV
IP Reputation • DNS Reputation
DVLabs Services
VIRTUALCONTROLLER
TippingPoint IPS Platform
DVLabs Services:› Digital Vaccine
› Web App DV
› Reputation DV
› Custom DV
Leading security research
and filter development with
30+ Dedicated Researchers
Partners
SANS, CERT, NIST, etc.Software & Reputation Vendors
2,000+ Customers Participating
1,500+ Independent Researchers
IPS Platform is Only as Good as its Security Intelligence
Digital Vaccine – DVLabs
DV Labs Research & QA
› App DV
› ThreatLinQ
› Lighthouse Program
How fast? Is it important?
HP DVLabs’ Digital Vaccine®Providing a Virtual Patch to Unpatched Servers
Vulnerability
False Positives(course filter)
Standard IPS Exploit Filterfor Exploit A
Exploit AExploit B(missed by Exploit Filter A)
Term Definition
VulnerabilitySecurity flaw in a software program
Exploit
Method that takes advantage of a
vulnerability to:
• Gain unauthorized access
• Create a denial of service
Exploit Filter
Covers a single exploit, not the
vulnerability
• Typically produced due to IPS engine
performance limitations
• Results in missed attacks and false positives
• Other filters may entirely block service
access
Vulnerability
Filter
Covers entire vulnerability and all
possible exploits
HP TippingPoint’s vulnerability filter
acts as a Virtual Software Patch,
eliminating false positives
Digital Vaccine Provides Filters to Detect
Malicious Codes
Vulnerabilities
Malicious Code (virus, Trojan, etc.)
Spyware
DDoS Attacks
Reconnaissance
Protocol Anomaly
Policy (attachments, common passwd, etc)
VoiP
SCADA
• Deep filter coverage• Weekly updates
HP TippingPoint provides >5100 filters with 4 recommended filter sets
19
Internet
Servers
Database
Storage
Web Application Scan
1
2
Web App
Web App Scan Service1. Comprehensive Scan
2. Vulnerability report• Input to DVLabs filter creation
Web App DV Filter Service3. DVLabs creates custom Web
App filters
4. Web App DV package deployed to IPS
– “Virtual Patch”
5. Rescan through IPS to confirm
no vulnerabilities
Compliance Reporting
Vulnerability
Report
3
4
XXXXXX
XXXXXX
VulnerabilityP
age and
Parameter
Web App DV & Scanning Services
BLOCK OUTBOUND TRAFFIC BLOCK INBOUND TRAFFIC
Reputation Database
• IPv4 & IPv6 Address
• DNS Names
IPS Platform
Access
Switch
• Botnet Trojan downloads
• Malware, spyware, & worm downloads
• Access to botnet CnC sites
• Access to phishing sites
• Spam and phishing emails
• DDoS attacks from botnet hosts
• Web App attacks from botnet hosts
Botnets Currently Being Tracked: Conficker, ZeuS, Kraken, Srizbi, Torpia, Storm, Asprox, Gumblar, Koobface, Mariposa, Dark Energy
Reputation Digital Vaccine
• Geography
• Merge with your data
Mantener tráfico potencialmente malo fuera de la red
Internet
Application Digital Vaccine
HP Confidential
Set rate limits that ensure
bandwidth is available for mission
critical applications
Granular policies give IT control
of 000s of applications
Quickly manage categories or
specific applications, reducing
management time from hours to
minutes
Controls application access and usage to ensure mission critical applications are available
Source: Anonymous HP TippingPoint Customer
FACEBOOK• Examples of what we can do today:
–Facebook Access allowed with Facebook Chat and File Transfer denied
Facebook Access
Facebook Chat
HP TippingPoint and VMware Partnership
HP TippingPoint and VMware Strategic Partnership
February 15 Announcement
Strategic Development Partnership
VMware #1 Virtualization Platform
HP TippingPoint #1 Security Research/Architecture
Virtual Security Solutions today with vController and vShield
Building Next Generation Security APIs for Cloud Environments
Building Next Generation Security APIs for Cloud Environments
HP TippingPoint and VMware Security Solutions for Today and Tomorrow
25
Today:
• HP TippingPoint’s vController and VMware’s vShield protect today’s
virtual environments
Tomorrow:
• HP TippingPoint and VMware jointly develop next generation security APIs
to protect complex cloud environments
Integrated security capabilities: TodayHP TippingPoint plus VMware = Comprehensive Cloud Security
VMware
– vShield Edge: data center security
– vShield Zone: zones security
– vShield App: application security
– vShield Endpoint: malware security
HP TippingPoint vController IPSVMware vShield Edge HP TippingPoint vController IPS
VMware vShield AppsVMware vShield Zones
HP TippingPoint vController IPSVMware vShield Endpoint
HP TippingPoint
–vController: real-time traffic
inspection across VMs
–vController: bridges virtual &
physical
Data CenterZones
Endpoint
Industry Leaders Develop Next Generation APIs for Cloud
Environments
• VMware and HP to develop Next Generation APIs
• HP TippingPoint vIPS runs as service VM for efficiency
• Security is pervasive in virtual and cloud environments
vNetwork Standard or Distributed Switch
VMware Tools
TippingPoint vIPS
IPS Inspection
SMS Mgmt
VMware vSphere
VMsafe / VMReady Next Generation APIsMgtPort
28 Footer goes here
HP TippingPoint and VMware Secure the Cloud
VMware#1 Virtualization Platform
HP TippingPoint#1 Security Research/Architecture
Next Generation Security Solutions for the Cloud
Securing the Next Generation Virtualized Data Center
Increased Data Center Security Focus2010 – Virtualization Reaches a Tipping Point
~ 58 million
deployed x86
machines
• #1 Technology Priority in 2010
•Survey of 1,586 CIOs
•Displaces Business Intelligence
which held top position for the last
5 years!
•Source: Gartner EXP, Jan 2010
2010 2011 2012
16%
50%
• 50% of Workloads by 2012
•Today 16% of workloads are
running in virtual machines
•Source: Gartner, Oct 2009
“60% of the virtual servers are less secure than the physical servers they replace…”
Source: Gartner Oct 2010 Key Trends Facing Data Center Infrastructure
Looking ForwardNetwork Security Deployment in the Data Center
• Same evolutionary pattern as network security
• Begins with DC perimeter protection
• Must protect entire DC attack surface
• Then internal DC / application segmentation
• Must address physical and virtual DC environments
Data Center Security Approaches and Challenges
DMZ FINANCE HR
PCI TEST DEV
Data CenterFW / IPS
FW / IPS
FW / IPS
– DC Perimeter Protection
– Zone Protection
– Endpoint Protection
– Single Security Model for Physical and Virtual DC
VM
VM
VM
VM
VM VM
VM VM
VM
VM VM
VM
VM VM
VMVM
VM
VMVM
VM
VM
VM
VM VM
VM VM
VM
Core Switch
The Virtual Network Visibility Gap
Virtualized Host
VM
App
OS
3
VM
App
OS
Virtualized Host
VM
App
OSVM
App
OS
Virtualized Host
VM
App
OSVM
App
OS1
2
4 VMs moved to
separate site
Top of Rack
Switch
IPS Platform• Hypervisor Security
• Are mission critical
• Can’t be secured with virtual IPS
• Patches must be immediate
• Host to Host Threats• Can’t deploy IPS for every server
• Also Need VM to Host security
• VM to VM Threats• Virtual trust zones
• Traffic does not enter the physical network for inspection
• A victim VM can attack other VMs
• VM Mobility• vMotion launches VMs in separate sites for DR or
other purposes
• Physical IPS options are cost prohibitive for these uses
2
1
3
4
What’s Included
– IPS Platform
– Virtual Controller + Virtual Firewall
(vController+vFW)
– SMS / Virtual Management Center
(vMC)
Securing Virtualization DC security solution
– Single, purpose-built DC security
solution
Extend IPS solution into the virtual DC
– Leverage previous IPS investments
VMC
Hypervisor
VMsafe Kernel Module
Core Switch
vSwitch
TippingPoint IPS
Redirect Policy
App App AppApp
Application VMs
OS OS OSOS
Virtualized Host
vController+ vFW
Service VM
Management Network
VMware
vCenter
Top of Rack Switch
Secure Virtualization Framework (SVF)
Virtualization Management Center (VMC)
DMZPCI Corporate
HP TippingPoint vController + Firewall
VMware vCenter
VMware vSphereServer Admin Domain
Security Domain
Virtualization Management Centervisibility and control for VSphereMaintain Separation of Duties
–vCenter integration provides security teams infrastructure visibility
–Security zones and policies maintained independent of vCenter
–Policies automatically adapt to infrastructure changes
–Enables zone and policy definition based on infrastructure attributes
–Real-time virtual network topology mapping
–Graphical policy visualization
CorporateDMZPCI
DMZPCI Corporate
HP TippingPoint vController + Firewall
VMware vCenter
VMware vSphere
Server Admin Domain
Security Domain
Secure VMware Virtualization with HP TippingPoint
vControllerPurpose-built for virtualization network securityExtend Proven Network Security To Virtualization
– IPS protection for virtual zones & perimeters
–Enforce network zones/segmentation in virtual network layer
–Extend compliance zones into virtual environment
–Maintain separation of duties
–Address virtualization specific challenges:– VM Sprawl
– VM Mobility
– VM Patch Management (Rollback &Templates)
Operation without vController
vController
Operation with vController
VMWare Ready
• VMware VMSafe Hypervisor Integration– vController is fully integrated with VMware vSphere using the VMSafe API
• VMware vCenter Integration– VMC is fully integrated with VMware’s vCenter management console
• Member of VMware Global Technology Alliance Partner (TAP) Program
• Certified per “VMware Ready” Program– Supports Vmware vShere 4 (ESX / ESXi4)
Leader (2008 – 2009 - 2010)
Intrusion Prevention System
HP Secure® AppliancesCertified (2009 - 2010)
DVLabs
Security Intelligent®
Conclusiones
HP Secure Market Recognitions
vController – Best of Interop – SecurityInterop 2010
Category: Security
TippingPoint - TippingPoint Virtual Controller (vController)
Judges: Tim Wilson & Andrew Conry-Murray
IT people agree – virtualization is one of the most important new developments to hit the data center
in many years. Unfortunately, many enterprises so far have been hestitant to deploy virtualization and
cloud technologies primarily because of one primary issue: security.
There have been a number of short-term "fixes" for the virtualization security problem, but the
TippingPoint Virtual Controller (vController), in our opinion, is taking the first steps toward a more
concrete solution. It includes integrated management capabilities that are compatible with VMware,
allowing the security team to see and monitor security in the virtualized environment at a granular
level. Working as a next-generation IPS, it includes up-to-the-minute security research from
TippingPoint’s Digital Vaccine Labs (DVLabs) team and the Zero Day Initiative.
http://www.bestofinterop.com/winners/#security
42June 24, 2011
“La cadena siempre se rompe por el eslabón más débil”
Preguntas?
Gracias