making network security relevant
DESCRIPTION
La sicurezza della rete non significa solo impedire o bloccare gli attacchi. Attraverso il virtual patching e l'analisi di contenuti e contesti, un ' Next Generation Intrusion Prevention System' puo' fornire una nuova dimensione di Security Intelligence per proteggere il business Stefano Di Capua, HP Enterprise Secuirity Presales Manager Southern EuropeTRANSCRIPT
HP Software Performance Tour 2013 Stefano Di Capua Presales Manager SEMEA – HP ESP Baveno, Italy 20-21 June
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Making Network Security Relevant HP ESP – Enterprise Security Products
HP ESP – Enterprise Security Products
Stefano Di Capua
Baveno, 21 Giugno 2013
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 3
Why HP has invested in Intelligent Security Solutions?
Source: go-gulf.com
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 4
Why HP has invested in Intelligent Security Solutions?
Source: hackmageddon.com
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 5
Security Intelligence and Risk Management Platform HP EnterpriseView
Security Intelligence
Network Security
Application Security
& FSRG Threat Research
ESP: Piattaforma integrata di Security Intelligence e Risk Management
Payment Security
ATALLA
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 6
ESP è già un protagonista nel mondo Security
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 7
Portfolio ESP e Security Lifecycle
•Security Policy Shaping
•IPS Real-time Protection for Physical and Virtual Environments
•Zero-day Attacks Response
•IP Reputation Protection
•Real-time Event analysis & Correlation
•Incident Management & Forensics
•Network Behavioral Profiling
•Fraud Detection •Automatic Response
•Code review (Sw lifecycle)
•Asset Discovery •Vulnerability
Assessment •Threat Profiling
•Gap Analysis, Coverage Vs Attack Surface
•Incident and Threat Statistics
• Technology Refresh •Process Review
Security Plan Review and
Improvement
Business-related Risk Assessment
Protection Enforcement
Security Operations
Governance (SOC)
SMS
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 8
Leader – Security Research Frost & Sullivan Vulnerability Research Tracker
Leader - Gartner NIPS Magic Quadrant
Certified - ICSA Labs
- Broadband Testing
TippingPoint Introduces N-Platform, SSL-Appliance, Secure-Virtualization-Framework
TippingPoint acquired by HP
8,000th Customer
Enterprise Security Products Group
NX Platform
- NSS Labs
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 9 9
NGIPS, intelligenza multifattoriale Sicurezza proattiva di sistemi ed applicazioni in rete
IPS Serie N e NX Progettati per la protezione evolutiva delle reti e delle applicazioni Web 2.0
Proattività
• Totale affidabilità In-line
• In-line performance (throughput/latenza)
• Accuratezza dei DV
IPS Platform
Security Management System
Security
• Leader nella ricerca delle vulnerabilità
• Ampia copertura delle minacce
• Tempi di risposta Zero-Day
Costi
• Deployment rapido
• Protezione immediata
• Semplicità di gestione
Il traffico entra
Il traffico pulito esce
Digital Vaccine Reputation DV - AppDV Web App DV Custom Filters
BLOCK
PERMIT
TRUST
LIMIT
LOG/REPORT EXT. LOG
SOC/SIEM
QUARANTINE
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 10
Protezione distribuita nell’infrastruttura
Unified network security policy console
Campus LAN
Edge
Wireless LAN Core
Data center
Remote offices and branches
Tele-workers, partners, and customers
Virtual machines (VMs)
WAN
Internet
• Ogni rete o Vlan ha il suo profilo univoco di protezione
• La copertura di vulnerabilità e tipologie di attacco comprende applicazioni, DB, endpoint, server, anomalie di protocollo, comportamenti, P2P...
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 11
Gartner Definisce il “Next Generation IPS” (Ott 2011)
Analisi: perchè NGIPS
ü Le minacce si evolvono in complessità e sofisticazione
ü Il mercato dell’IPS di rete è stagnante
ü Il NGIPS rappresenta l’evoluzione del NIPS per contrastare le nuove minacce
Principali Caratteristiche del NGIPS
1. Modalità nativa “inline blocking”
2. Funzionalità IPS di prima generazione a livello leader
3. Decisioni su base multifattore, principalmente contesto e contenuto
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 12
Identikit della Soluzione NGIPS Ideale
1
Enterprise Security – HP
Next Generation Intrusion Prevention System (NGIPS)
Eccellente IPS di prima generazione
Visibilità e Controllo Applicativo
Analisi di Contesto (Context Awar.)
Interpretazione dei Contenuti (Content Awar.)
Architettura Hw/Sw Agile ed Efficiente
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 13
Vulnerabilità scoperta
t1
L‘Exploit è „In-The-Wild“
t2
Rilascio patch Del produttore
t3 t4
Installazione patch
Proactive IPS Protection
Definizione di minaccia Zero-Day
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 14
Recognized Security Research Leader
*Frost & Sullivan, Analysis of the Global Public Vulnerability Research Market in CY 2011, April 2012
Frost & Sullivan Market Share Leadership Award for Vulnerability Research – 3 years in a row!
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 15
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 16
Leading Security Research – DVLabs Microsoft Security Bulletin
http://www.microsoft.com/technet/security/bulletin/ms<YY>-<MMM>.mspx Example: http://technet.microsoft.com/it-it/security/bulletin/ms13-jun
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 17
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 18
Block Outbound Traffic Block Inbound Traffic
DVLabs Reputation Database
› Millions of entries › Reputation Score 0-100 › IPv4 & IPv6 Address › DNS Name › Meta data
• Botnet Trojan downloads
• Malware, spyware & worm downloads
• Access to botnet CnC sites
• Access to phishing sites • Spam and phishing emails
• DDoS attacks from botnet hosts
• Web App attacks from botnet hosts
Internet
Difendersi da Bot e Frodi: Cyber Reputation
TippingPoint NGIPS
HP TP Next Gen IPS Countermeasures
Context Awareness RepDV blocks mail traffic from known sources of phishing emails
Content Awareness Detects mail traffic containing phishing attack techniques
Corp. LAN
Reputation
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 19
IP Reputation di livello eccellente e ad alta dinamica
Reputation
Source: IT-Harvest Next Generation IPS and Reputation Services
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 20
2
Visibilità e Context: Geo Locator, UserId, Application Recognition
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 21
Key NX Platform Features
High Performance • 7500NX = 20Gbps
• 7100NX = 15Gbps
• 5200NX = 5Gbps
Market Leading Port-Density with Swappable Modules • 16 segments of 10GbE = market leading
• 24 segments of 1GbE = market leading
• 4 segments of 40GbE = market leading
Optional built-in bypass modules
Small Form Factor • Performance and Port Density in only 2U
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 22
2
Visibilità e Context: Il portale ThreatLinq, info attacchi real-time
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 23
Adaptive Web Application Firewall (WAF) technology Web Application Protection, integrazione WebInspect
Cosa fa? • Scansione avanzata delle Web Application e generazione di
protezioni IPS personalizzate
• I report di WebInspect sono passati al WebAppDV per la generazione automatica di filtri IPS (virtual patching)
Funzionalità • Ispezione di traffico in chiaro e HTTPS
• Report dettagliato delle vulnerabilità delle Web App
• Attivazione immediata dei filtri di virtual patching
Benefici per i clienti • Protezione di applicazioni pubbliche (es. eCommerce) e interne
• Eliminazione del tuning tipico dei Web Application Firewall
HP WebInspect Scan
Vulnerability Report
Vulnerability Page and Parameter
Internet
SSL
IPS
1
2
3
4
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 24 NIPS Segments [Port-Pairs]
Insp
ecti
on T
hrou
ghpu
t [M
bps]
20
24
TippingPoint 2600NX, 5200NX, 6200NX
3Gbps, 5Gbps, 8Gbps,
4
TippingPoint 110, 330 100Mbps , 300Mbps
2 10/11
TippingPoint 660N, 1400N 750Mbps, 1,5Gbps
20.000 TippingPoint 7500NX
20Gbps
24
TippingPoint 7100NX 15Gbps
TippingPoint 10 20Mbps
24