TippingPoint IPS Security Solutions - PowerPoint PPT Presentation

1 / 23

About This Presentation

Title:

TippingPoint IPS Security Solutions

Description:

Comply with increasingly stringent internal security policies ... Managed security solutions reduce complexity, but drive up monthly OpEx ... – PowerPoint PPT presentation

Number of Views:1664

Avg rating:3.0/5.0

Slides: 24

Provided by: Eli103

Category:

more less

Transcript and Presenter's Notes

Title: TippingPoint IPS Security Solutions

1
TippingPoint IPS Security Solutions

Simon Leech
Technical Director EMEA
sleech_at_tippingpoint.com

2
Agenda

IT Security Challenges
TippingPoint Solutions
Summary
QA

3
TippingPoint History
4
Balancing IT Business Goals

Minimize Security Risks
Protect network assets and applications
Control who / what accesses the network
Protect critical customer data
Improve IT Compliance
Comply with increasingly stringent internal
security policies
Comply with government regulations, industry
standards, and best practices

Minimize IT Complexity
Minimize vendor list
Minimize management consoles and number of
security devices
Reduce impact to network performance
Minimize Overall IT Costs
Minimize total cost of network security
Control staffing levels for network security and
event response

Regain misused bandwidth
5
Industry IT/Security Challenges

Risks
High volume of on-line financial transactions
Collecting and securing personal information from
customers, employees, partners
More targeted attacks on specific financial data
Traditional threats continue, and are growing in
sophistication (virus, worm..)
Existing network security (FW, IDS, AV..) does
not cover todays threats

Cost / Complexity
Keeping applications, operating systems and
network gear updated inthe face of frequent
patch releases
IDS-based solutions require too much care and
feeding, and additional staff to manage
Managed security solutions reduce complexity, but
drive up monthly OpEx
In-line enforcement causes concerns about network
availability and performance

Compliance
Internal Security Policies are more stringent
Audit compliance requirements driven by security,
privacy, regulatory and legal concerns (e.g.
GLBA, SOX, PCI, Basel II, FFIEC, privacy laws)

6
Evolving Threat LandscapeTodays Attacks
Threaten Application, OS and Network Layers

Almost one-fifth of respondents.. have suffered
a targeted attack
Financial fraud overtook virus attacks as the
source of the greatest financial losses.
customer and proprietary data was the
second-worst cause of financial loss

Threats
Targets
Applications

Oracle Applications
SQL MySQL
Web Server
PHP
IE, Firefox, Safari
Other Client Server Apps

Unpatched Applications
Worms / Walk-in Worms
Viruses, Trojans, Spyware
DDoS Attacks
Web App. Attacks (XSS, PHP, SQL Injection)

Client
Server
Operating Systems

MS Windows
Vista
Other MS Client OSs
MS Server OSs
Linux O/S

Unpatched OSs
Worms / Walk-in Worms
Viruses, Trojans
DDoS Attacks
Internal Attacks
Spyware

Client
Server
Network

Routers (e.g. Cisco IOS)
Switches
Firewalls
VoIP
Bandwidth
Mission Critical Traffic

Unpatched Network Gear
Worms, Viruses, Trojans
DDoS Attacks
SYN Floods
Peer-to-Peer Apps
Unauthorized Apps (IM..)

7
Network Attack History

Code Red II (Jul 19, 2001)
Estimated cost 2.6 billion
Peak infection rate 2K hosts / min

Sapphire/Slammer (Jan 25, 2003)
Doubled in size every 8.5 secs
Infected 90 of vulnerable hosts in 10 min.

8
Top Network Security Concerns
Types of Attacks / Misuse Detected in 2006 (by
percent of respondents)
Top Four Categories of Attack / Misuse Account
for 74 of Financial Losses (Average loss per
incident)
60
86K
Virus (worm, virus, Trojan)
Unauthorized access to info.
42
Insider abuse of net access
69K
Virus (worm, virus, Trojan)
32
Unauthorized access to info.
25
30K
Denial of service
Laptop Theft
15
System penetration
21K
DoS
9
Theft of Prop. Info
Most Critical Issues for Next Two Years (falling
within top 10 of all categories reported)
Data Protection
Policy/Reg Compliance
Identity Theft / Data Leakage
Viruses / Worms
Insider Threat
Spyware
CSI/FBI Computer Crime and Security Survey 2006
9
The Growing Security GapAnd the Need for
Automated Threat Protection
This growing security gap increases the need for
automated, in-line network, OS and application
threat protection
10
What We DoIndustry Leading, In-line Automated
Protection

Automated Protection for
Applications
Operating Systems
Network Infrastructure
Network Performance

11
TippingPoint Solutions OverviewAutomated,
Real-Time Network Security
Critical Product Considerations
Intrusion Prevention System

Automated, Real-Time Protection
Network Availability
Performance (Throughput Latency)

Digital Vaccine Service

Leading Security Research
Filter Accuracy
Vulnerability Coverage
Timeliness of Protection

Ease of Management
Granular Policy Controls
Centralized Reporting Console

Security Management System
12
Network PerformancePurpose Built for In-Line
Performance
ICSA Network IPS Development (NIPD) Consortium
Vendors
Only 4 out of 13 tested vendors passed ICSA
cert.

ICSA Test Results
Highest Throughput
Lowest Latency
100 Filter Accuracy
Depth and Breadth of Coverage

13
Network Up-TimeBuilt-In High-Availability and
Redundancy
High Availability
Redundancy

Multiple Redundancy Options
Active-Active, or Active-Passive
No IP Address or MAC Address
Transparent to Router Protocols
HSRP, VRRP, OSPF

99.999 Network Reliability
Dual Hot-Swappable Power Supplies
Self-Monitoring Watchdog Timers
Security and Management Engines
Layer 2 switch fallback

Preserve network availability, performance and
security
Preserve network availability and performance
14
DVLabs Digital VaccineUnmatched Filter
Accuracy provides Virtual Patch
Vulnerability
False Positives (course filter)
Virtual Software Patch (TippingPoint Filter )
Exploit B (missed by Exploit Filter A)
Exploit A
Standard IPS Exploit Filter for Exploit A
TippingPoints vulnerability filter acts as a
Virtual Software Patch, eliminating false
positives
15
DVLabsLeading Security Research and IPS Filter
Development
DVLabs Research Team

30 security researchers and 5 QA engineers
Renowned whos who of the security industry
Published experts and well respected speakers
Hacking VoIP Exposed (McGraw Hill 2007)
Fuzzing Brute Force Vulnerability Discovery
(Addison Wesley, 2007).
Author of SANS _at_Risk Weekly Report
Responsible for
Digital Vaccine service
Zero Day Initiative (ZDI)
Unique vulnerability research

16
DVLabs Digital VaccineVulnerability Coverage
Total Vulnerabilities Discovered 1Q05-3Q06
3rd Party validation of industry-leading
vulnerability coverage
Vulnerabilities Discovered - by Severity
Total Microsoft Vuln. Discovered 1Q05-3Q06
Source Frost Sullivan, An Analysis of
Vulnerability Discovery and Disclosure, January
2007
17
DVLabs Digital VaccineTimeliness of Filter
Releases
Zero Day Initiative (ZDI)
2007 Timeliness of Microsoft Vulnerability
Coverage

ZDI rewards researchers for responsibly
disclosing discovered vulnerabilities.
Reward independent security research
Promote / ensure the responsible disclosure of
vulnerabilities
Provide customers with the world's best security
protection

-45 days 66/67 covered
2007 ZDI Timeliness of Vulnerability Coverage
-77 days 50/50 covered

Average response times were calculated only on
the vulnerabilities that the vendor covered. If a
vendor provided protection before a vulnerability
was disclosed, this created a negative response
number of days. For instance, TippingPoint
received a response time of -8 days for the
MS06-016 Outlook Express vulnerability discovered
through the Zero Day Initiative since customers
were protected 8 days before the Microsoft
advisory went public.

18
Security Management SystemEasy to Use Granular
Policy Controls

Easy Installation and on-going Management
Shipped with recommended settings
No false positive tuning
Set and forget policy enforcement
Extremely Scalable
Granular, enterprise-wide policy management
Per segment policy
Per VLAN policy
Directional policy (per port)
Per device policy
Automated Reports
Provide compliance audit reporting details

19
IPS DeploymentBeyond a Point Solution Broad
Network Protection
Perimeter
Aggregation
Core
Core
Access
(1.5 100Mbps)
Internet
DMZ
Data Center
VPN
10Mbps 1Gbps
1Gbps 10Gbps
1Gbps 10Gbps
nx1Gbps nx10Gbps
20
TippingPoint Product Line
One IPS License. No extra cost options.
Protection independent of number of machines
protected
21
IPS Addresses Financial Industry Security
Challenges

Reduced Risks
Maintain network reliability and security for
high volume, on-line financial transactions
Automated protection for Web servers and
applications
Reliability and performance to handle high
volumes / high throughput
Security for critical and private data from
targeted criminal attacks with in-line protection
Protect against blended attacks with thorough
filter and network security coverage

Reduced Cost / Complexity
Eliminate emergency patching
Minimize staff and/or managed service provider
fees
Maintain or improve current network performance

IPS filters provide a virtual patch protecting
systems from zero-day events
IPS automated protection eliminates most manual
event follow-up compared to IDS solutions
IPS provides line-rate automated protection and
can recapture misused bandwidth