TippingPoint IPS Security Solutions - PowerPoint PPT Presentation

1 / 23
About This Presentation
Title:

TippingPoint IPS Security Solutions

Description:

DoS. Dirty. Traffic. Clean. Traffic. Automatic. Protection. TippingPoint Solutions Overview ... Create a denial of service. Exploit Filter. Covers a single ... – PowerPoint PPT presentation

Number of Views:254
Avg rating:3.0/5.0
Slides: 24
Provided by: Eli105
Category:

less

Transcript and Presenter's Notes

Title: TippingPoint IPS Security Solutions


1
TippingPoint IPS Security Solutions
  • Simon Leech
  • Technical Director EMEA
  • sleech_at_tippingpoint.com

2
Agenda
  • IT Security Challenges
  • TippingPoint Solutions
  • Summary
  • QA

3
TippingPoint History
4
Balancing IT Business Goals
  • Minimize Security Risks
  • Protect network assets and applications
  • Control who / what accesses the network
  • Protect critical customer data
  • Improve IT Compliance
  • Comply with increasingly stringent internal
    security policies
  • Comply with government regulations, industry
    standards, and best practices
  • Minimize IT Complexity
  • Minimize vendor list
  • Minimize management consoles and number of
    security devices
  • Reduce impact to network performance
  • Minimize Overall IT Costs
  • Minimize total cost of network security
  • Control staffing levels for network security and
    event response


Regain misused bandwidth
5
Industry IT/Security Challenges
  • Risks
  • High volume of on-line financial transactions
  • Collecting and securing personal information from
    customers, employees, partners
  • More targeted attacks on specific financial data
  • Traditional threats continue, and are growing in
    sophistication (virus, worm..)
  • Existing network security (FW, IDS, AV..) does
    not cover todays threats
  • Cost / Complexity
  • Keeping applications, operating systems and
    network gear updated inthe face of frequent
    patch releases
  • IDS-based solutions require too much care and
    feeding, and additional staff to manage
  • Managed security solutions reduce complexity, but
    drive up monthly OpEx
  • In-line enforcement causes concerns about network
    availability and performance
  • Compliance
  • Internal Security Policies are more stringent
  • Audit compliance requirements driven by security,
    privacy, regulatory and legal concerns (e.g.
    GLBA, SOX, PCI, Basel II, FFIEC, privacy laws)

6
Evolving Threat LandscapeTodays Attacks
Threaten Application, OS and Network Layers
  • Almost one-fifth of respondents.. have suffered
    a targeted attack
  • Financial fraud overtook virus attacks as the
    source of the greatest financial losses.
  • customer and proprietary data was the
    second-worst cause of financial loss

Threats
Targets
Applications
  • Oracle Applications
  • SQL MySQL
  • Web Server
  • PHP
  • IE, Firefox, Safari
  • Other Client Server Apps
  • Unpatched Applications
  • Worms / Walk-in Worms
  • Viruses, Trojans, Spyware
  • DDoS Attacks
  • Web App. Attacks (XSS, PHP, SQL Injection)

Client
Server
Operating Systems
  • MS Windows
  • Vista
  • Other MS Client OSs
  • MS Server OSs
  • Linux O/S
  • Unpatched OSs
  • Worms / Walk-in Worms
  • Viruses, Trojans
  • DDoS Attacks
  • Internal Attacks
  • Spyware

Client
Server
Network
  • Routers (e.g. Cisco IOS)
  • Switches
  • Firewalls
  • VoIP
  • Bandwidth
  • Mission Critical Traffic
  • Unpatched Network Gear
  • Worms, Viruses, Trojans
  • DDoS Attacks
  • SYN Floods
  • Peer-to-Peer Apps
  • Unauthorized Apps (IM..)

7
Network Attack History
  • Code Red II (Jul 19, 2001)
  • Estimated cost 2.6 billion
  • Peak infection rate 2K hosts / min
  • Sapphire/Slammer (Jan 25, 2003)
  • Doubled in size every 8.5 secs
  • Infected 90 of vulnerable hosts in 10 min.

8
Top Network Security Concerns
Types of Attacks / Misuse Detected in 2006 (by
percent of respondents)
Top Four Categories of Attack / Misuse Account
for 74 of Financial Losses (Average loss per
incident)
60
86K
Virus (worm, virus, Trojan)
Unauthorized access to info.
42
Insider abuse of net access
69K
Virus (worm, virus, Trojan)
32
Unauthorized access to info.
25
30K
Denial of service
Laptop Theft
15
System penetration
21K
DoS
9
Theft of Prop. Info
Most Critical Issues for Next Two Years (falling
within top 10 of all categories reported)
Data Protection
Policy/Reg Compliance
Identity Theft / Data Leakage
Viruses / Worms
Insider Threat
Spyware
CSI/FBI Computer Crime and Security Survey 2006
9
The Growing Security GapAnd the Need for
Automated Threat Protection
This growing security gap increases the need for
automated, in-line network, OS and application
threat protection
10
What We DoIndustry Leading, In-line Automated
Protection
  • Automated Protection for
  • Applications
  • Operating Systems
  • Network Infrastructure
  • Network Performance

11
TippingPoint Solutions OverviewAutomated,
Real-Time Network Security
Critical Product Considerations
Intrusion Prevention System
  • Automated, Real-Time Protection
  • Network Availability
  • Performance (Throughput Latency)

Digital Vaccine Service
  • Leading Security Research
  • Filter Accuracy
  • Vulnerability Coverage
  • Timeliness of Protection
  • Ease of Management
  • Granular Policy Controls
  • Centralized Reporting Console

Security Management System
12
Network PerformancePurpose Built for In-Line
Performance
ICSA Network IPS Development (NIPD) Consortium
Vendors
Only 4 out of 13 tested vendors passed ICSA
cert.
  • ICSA Test Results
  • Highest Throughput
  • Lowest Latency
  • 100 Filter Accuracy
  • Depth and Breadth of Coverage

13
Network Up-TimeBuilt-In High-Availability and
Redundancy
High Availability
Redundancy
  • Multiple Redundancy Options
  • Active-Active, or Active-Passive
  • No IP Address or MAC Address
  • Transparent to Router Protocols
  • HSRP, VRRP, OSPF
  • 99.999 Network Reliability
  • Dual Hot-Swappable Power Supplies
  • Self-Monitoring Watchdog Timers
  • Security and Management Engines
  • Layer 2 switch fallback

Preserve network availability, performance and
security
Preserve network availability and performance
14
DVLabs Digital VaccineUnmatched Filter
Accuracy provides Virtual Patch
Vulnerability
False Positives (course filter)
Virtual Software Patch (TippingPoint Filter )
Exploit B (missed by Exploit Filter A)
Exploit A
Standard IPS Exploit Filter for Exploit A
TippingPoints vulnerability filter acts as a
Virtual Software Patch, eliminating false
positives
15
DVLabsLeading Security Research and IPS Filter
Development
DVLabs Research Team
  • 30 security researchers and 5 QA engineers
  • Renowned whos who of the security industry
  • Published experts and well respected speakers
  • Hacking VoIP Exposed (McGraw Hill 2007)
  • Fuzzing Brute Force Vulnerability Discovery
    (Addison Wesley, 2007).
  • Author of SANS _at_Risk Weekly Report
  • Responsible for
  • Digital Vaccine service
  • Zero Day Initiative (ZDI)
  • Unique vulnerability research

16
DVLabs Digital VaccineVulnerability Coverage
Total Vulnerabilities Discovered 1Q05-3Q06
3rd Party validation of industry-leading
vulnerability coverage
Vulnerabilities Discovered - by Severity
Total Microsoft Vuln. Discovered 1Q05-3Q06
Source Frost Sullivan, An Analysis of
Vulnerability Discovery and Disclosure, January
2007
17
DVLabs Digital VaccineTimeliness of Filter
Releases
Zero Day Initiative (ZDI)
2007 Timeliness of Microsoft Vulnerability
Coverage
  • ZDI rewards researchers for responsibly
  • disclosing discovered vulnerabilities.
  • Reward independent security research
  • Promote / ensure the responsible disclosure of
    vulnerabilities
  • Provide customers with the world's best security
    protection

-45 days 66/67 covered
2007 ZDI Timeliness of Vulnerability Coverage
-77 days 50/50 covered
  • Average response times were calculated only on
    the vulnerabilities that the vendor covered. If a
    vendor provided protection before a vulnerability
    was disclosed, this created a negative response
    number of days. For instance, TippingPoint
    received a response time of -8 days for the
    MS06-016 Outlook Express vulnerability discovered
    through the Zero Day Initiative since customers
    were protected 8 days before the Microsoft
    advisory went public.

18
Security Management SystemEasy to Use Granular
Policy Controls
  • Easy Installation and on-going Management
  • Shipped with recommended settings
  • No false positive tuning
  • Set and forget policy enforcement
  • Extremely Scalable
  • Granular, enterprise-wide policy management
  • Per segment policy
  • Per VLAN policy
  • Directional policy (per port)
  • Per device policy
  • Automated Reports
  • Provide compliance audit reporting details

19
IPS DeploymentBeyond a Point Solution Broad
Network Protection
Perimeter
Aggregation
Core
Core
Access
(1.5 100Mbps)
Internet
DMZ
Data Center
VPN
10Mbps 1Gbps
1Gbps 10Gbps
1Gbps 10Gbps
nx1Gbps nx10Gbps
20
TippingPoint Product Line
One IPS License. No extra cost options.
Protection independent of number of machines
protected
21
IPS Addresses Financial Industry Security
Challenges
  • Reduced Risks
  • Maintain network reliability and security for
    high volume, on-line financial transactions
  • Automated protection for Web servers and
    applications
  • Reliability and performance to handle high
    volumes / high throughput
  • Security for critical and private data from
    targeted criminal attacks with in-line protection
  • Protect against blended attacks with thorough
    filter and network security coverage
  • Reduced Cost / Complexity
  • Eliminate emergency patching
  • Minimize staff and/or managed service provider
    fees
  • Maintain or improve current network performance
  • IPS filters provide a virtual patch protecting
    systems from zero-day events
  • IPS automated protection eliminates most manual
    event follow-up compared to IDS solutions
  • IPS provides line-rate automated protection and
    can recapture misused bandwidth
  • Compliance
  • Automated enforcement of Internal Security
    Policies
  • Clearly demonstrate significant security
    improvements during compliance audits
  • SMS security reporting provides details required
    by auditors

22
Five reasons to choose TippingPoint
  • High Security
  • DVLabs provides fastest reaction time to protect
    vulnerabilities
  • Zero Day Initiative provides coverage before
    vendor patch available
  • ThreatlinQ (Dec 07) provides real time Internet
    threat filter advice
  • High Precision
  • No false positives
  • Anti-evasion for IP fragmentation, TCP
    re-assembly, anti-obfuscation
  • Context sensitive filters
  • High Availability
  • 7 Mechanisms for solution high availability
  • Your network is Our highest priority we will
    not break it
  • High Performance
  • 5 Gigabits in a single IPS. 20 Gigabits with a
    CoreControllerTM cluster
  • Very low latency (ICSA - 84 Microseconds) - even
    under full load
  • High Productivity
  • Easily understood and relevant alerts
  • Recommended settings provide guaranteed baseline
    for security policy
  • Highly Intuitive, well conceived user interface
    for TippingPoint SMS
  • All IPS and SMS devices are appliances no
    software installation pain conflicts

23
Thank You
Write a Comment
User Comments (0)
About PowerShow.com