hp esp channel se café & product update - … tippingpoint security management system. t...

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

HP ESP Channel SE Café & Product update - TippingPoint

C. K. Lin (林傳凱)

Senior Solution Manager, Greater China Region

[email protected]


440T

© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.3

HP TippingPoint Product Family

IntegratedPolicy

Next-Generation Firewall• NGIPS with enterprise firewall• Granular application visibility and

control

In-line Threat Protection with Next-Generation Intrusion Prevention (NGIPS)• Inspects network traffic and blocks

against known vulnerabilities• Reliable network uptime track record

Advanced Threat Appliance (ATA)• Superior detection via multiple scanning

techniques across over 80 protocols • Enhanced defense against “patient zero”

infection and subsequent lateral spread

Security Management System• Centralized management across NGIPS

and NGFW• Single console to deploy devices and

policies

Digital Vaccine Labs• Industry-leading security intelligence• Delivers zero-day coverage


TippingPoint Portfolio : Threat Protection System

TippingPoint NX Platform

3/5/10/15/20 Gbps • 4 slots

TippingPoint NX I/O Modules

1G/10G/40G

TippingPoint 660N/1400N

750 Mbps/1.5 Gbps • 10 segments

TPS /IPS/ATA Solutions Security IntelligenceDVLabs Services

ATA-Network 250

250 Mbps

Security Management System (SMS)

Central Policy Management & Reporting

Digital Vaccine

Broadest coverage • Evergreen protection

ThreatDV

IP reputation • DNS reputation

ATA-Network 500

ATA-Network 1000

ATA-Network 4000

TippingPoint TPS 440T

500 Mb/s IPS & IPS + NGFW

500 Mbps

1 Gbps

4 Gbps

HP vSMS Essential for VMware (vSMS)

Supports 2 devices and 440T

HP vSMS Essential for VMware (vSMS)

Supports 25 devices


Recent Updates to the TippingPoint Portfolio

EOS announcement for HPS10, S110, S330 IPS

This leaves a gap for the low end IPS

The lowball Product Promotion expired as of June 19th

http://wpcfs.corp.hp.com/TSGWW2_WPC/Marketing_Policies/docs/MSPC%20Product%20Promotions/WW%20Product%20Promotions/3A002_HP_ESP_Lowball_Upgrade_Promotion_May2015.docx


TPS 440T


440T Technical Specifications

Specification 440T IPS 440T NGFW

Inspection Throughput 500 Mb/s 500 Mb/s(IPS+Firewall)

Typical Latency <100 Microseconds < 100 Microseconds

Security Contexts 750,000 NA

IPsec VPN NA 250 Mb/s

Max IPsec VPN tunnels NA 1024

New connections per second 50,000 35,000

Concurrent Sessions 1,000,000 250,000


What’s the opportunity?

Launch of 440T gives us a lot of new opportunities:

Net New opportunities

Competitive displacement

Current TippingPoint IPS and NGFW customer

S10,S110, S330 replacement


HP TippingPoint Threat Protection System Platform

HP TippingPoint Threat Protection System

HP TippingPoint Security Management System

T Series TX Series V Series

Licenses

Security Services(inspection-based)

8200TX8400TX

V Series StandardV Series Enterprise440T 2200T

Digital Vaccine®

Threat Digital Vaccine® (ThreatDV)

URL Filtering

…

Dual Persona

Next-Generation IPS/NGFW

Next-Generation Intrusion Prevention System (IPS)

Next-Generation Firewall (NGFW)

SSL

…


NGFW vs IPS vs TPS

We have three product linesNGFW

IPS

TPS

The NGFW and IPS products are standalone products already in marketNGFW products ships as NGFW only, sitting on Linux platform

IPS products ship as IPS only, sitting on VxWorks platform

The TPS product line is our new converged codebaseNGFW started on Linux platform

IPS engine and surrounding code ported to Linux platform in support of NGFW

The result is we have a platform that can either be an NGFW or an IPS, i.e. “dual-persona” (more later)


NGFW/TPS have similar hardware

Model Current Hardware Platform Notes

NGFW S1050F Nexcom HPAR1

NGFW S3010FNGFW S3020F

Nexcom HPAR3A

NGFW S8005FNGFW S8010F

Nexcom HPAR3D

TPS 440T Starlight HPAR1 Upgraded version of HPAR1

TPS 2200T Starlight HPAR3A Upgraded version of HPAR3A


Nexcom vs Starlight hardware

Nexcom was the ODM (original design manufacturer) for the HPAR line of hardware

They designed the original variants of the boxes, which we refer to internally as the Nexcom boxes, e.g. Nexcom HPAR1

The “Starlight” program involved moving the manufacturing piece from Nexcom to our own HP manufacturing facilities in Puerto Rico, PRMO.

The new boxes being manufactured by PRMO are internally referred to as the “Starlight” boxes, e.g. Starlight HPAR1

In the process of moving the manufacturing, we also made some hardware updates as appropriate, for the future products (discussed more later)

All 440T’s will be manufactured out of PRMO, therefore they will all be Starlight HPAR1s


What is the TPS 440T?

The 440T is our first model in the Threat Protection System product lineWill be a 500 Mb/s box

It replaces our existing lowball hardware, the TP110/330 boxes

Runs on Starlight HPAR1 hardwareIt will be released with dual persona packages

This means that the TOS version shipped with these devices can be selected as NGFW or IPS persona

The NGFW Persona of the 440T mirrors the operational characteristics as the S1050F

Only applicable to the NGFW mode/persona of the 440T

IPS Persona supports 500 Mbps as stated above


More details on “dual persona” When a dual persona device boots up for the first time, it prompts the customer for the desired

personaWould you like to deploy this device as an NGFW or as an IPS?Device mode (NGFW or IPS): IPSDo you wish to accept [IPS] mode <Y,[N]>: Y

It’s important to note that the code for both NGFW and IPS exist on the device, and much of it is common between the two

When a persona is selected, we set an internal flag that changes the boot-up process Common applications launch regardless of persona

Persona-specific applications (or variants of applications) launch based on the persona selected

The intent is that: NGFW persona behaves identically to an NGFW product, e.g. S1050F

IPS persona behaves *similarly* to an IPS product, e.g. 110/330 (lowball)

It’s very important to note that we aimed for feature parity, but the interfaces may be different, such as different CLI commands and LSM


Instant-commit vs Deferred-commit

Instant-commit is used for most(all) IPS specific configuration operations

Deferred-commit is used for most(all) platform specific and firewall specific configuration operations

Configuration changes to instant-commit features take effect immediately.

Changes to deferred-commit features do not take effect until they are committed.

Two management models, to support instant/deferred commit

tosIPC (instant commit)

XMS (deferred commit)


Instant vs. Deferred Commit In CLI and LSM, some operations take effect immediately (instant commit model), while others

take effect only if a separate “commit” operation is performed (deferred commit model).

An Operation is by default “Deferred” unless noted by the UI.

CLI Instant Commit Notification Example:

DUT9{running}ips

Entering Immediate Commit Feature. Changes take effect immediately.

DUT9{running-ips}

LSM Instant Commit Notification Example:


Instant vs. Deferred Commit LSM “Pending Changes” button turns RED whenever you have made changes that have not

been committed.

The number displayed in the button shows how many uncommitted changes have been made.

• Remember to COMMIT before exiting CLI or LSM if you want your pending changes to take effect.

• Both CLI and LSM try to warn you if you leave without committing.

• CLI Warning:DUT9{running-gen}https disableDUT9{running-gen}exitDUT9{running}exitWARNING: Modifications will be lost. Are you sure you want to exit (y/n)? [n]:


Instant vs. Deferred Commit

LSM warning when logging Off with pending changes:

NO WARNING if you exit the Brower without Logging Off!!!


Example: Configuring the Management Port330 IPStp330# configure ttp330(config)# interface mgmtEthernet tp330(cfg-mgmt)# ip 15.8.133.116/21tp330(cfg-mgmt)# exittp330(config)# default-gateway 15.8.128.1tp330(config)# host name tpr-tp330tp330(config)# host location R4Lab


Example: Configuring the Management Port440T IPS

440T-ips{}edit440T-ips{running}interface mgmt440T-ips{running-mgmt}ipaddress 15.8.133.31/21440T-ips{running-mgmt}route 0.0.0.0/0 15.8.128.1440T-ips{running-mgmt}host name 440T-ips440T-ips{running-mgmt}host location R4Lab440T-ips{running-mgmt}commit


ESP Partner TekTalk Promotion - Regular Expressions for HP TP DV Toolkit


The New ESP Partner TekTalks

What? ESP Partner TekTalks are live, 90 minute, technical deep-dive webinars on HP Enterprise Security Products (ESP) products and solutions that are important to the channel.

Your opportunity to meet, hear, and get your questions answered directly from ESP Technical Experts.

When? the second and fourth Thursday of every monthSession One will be convenient for EMEA and APJ partners and start at 08:00am GMT/03:00PM SGT.

Session Two will be convenient for partners in North and South America, and start at 02:00PM EDT/11:00AM PDT.

Watch for invitations from your PBM, or check the training calendar in Software Partner Central


Upcoming TekTalks – Save the Date!

Recorded TekTalks:May 14 – ArcSight – Interactive Discovery

May 28 – TippingPoint Advanced Threat Appliance (ATA)

June 25 – Fortify AppDefender *

July 9 – ArcSight User Behavior Analytics*

July 23 – ArcSight Logger*

The current schedule of ESP Partner TekTalks after Q3:July 23 – ArcSight Logger (rescheduled from June 11 )*

August 13 – Tipping Point RegEX and DV Labs Toolkit*

August 27 – WebInspect10.1 release*

Sept 10 – Atalla ESKM w/ storage & server attach*

Sept 23 – ArcSight and Hadoop integration

Oct 8 – Tipping Point TPS/TP440T

Oct 22 – Atalla Adallom Cloud Security

Nov 12 – ArcSight DNS Analytics

Dec 10 – ArcSight ESM Express

* Registration is now open on the Learning Center

Questions? Email [email protected]


ESP Partner TekTalk Promotion - Regular Expressions for HP TP DV Toolkit (course content)


Create New Filter


Check


No HTTP


Thank You!

hp esp channel se café & product update - … tippingpoint security management system. t...

Documents