hp esp channel se café & product update - … tippingpoint security management system. t...
TRANSCRIPT
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
HP ESP Channel SE Café & Product update - TippingPoint
C. K. Lin (林傳凱)
Senior Solution Manager, Greater China Region
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
440T
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.3
HP TippingPoint Product Family
IntegratedPolicy
Next-Generation Firewall• NGIPS with enterprise firewall• Granular application visibility and
control
In-line Threat Protection with Next-Generation Intrusion Prevention (NGIPS)• Inspects network traffic and blocks
against known vulnerabilities• Reliable network uptime track record
Advanced Threat Appliance (ATA)• Superior detection via multiple scanning
techniques across over 80 protocols • Enhanced defense against “patient zero”
infection and subsequent lateral spread
Security Management System• Centralized management across NGIPS
and NGFW• Single console to deploy devices and
policies
Digital Vaccine Labs• Industry-leading security intelligence• Delivers zero-day coverage
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.4
TippingPoint Portfolio : Threat Protection System
TippingPoint NX Platform
3/5/10/15/20 Gbps • 4 slots
TippingPoint NX I/O Modules
1G/10G/40G
TippingPoint 660N/1400N
750 Mbps/1.5 Gbps • 10 segments
TPS /IPS/ATA Solutions Security IntelligenceDVLabs Services
ATA-Network 250
250 Mbps
Security Management System (SMS)
Central Policy Management & Reporting
Digital Vaccine
Broadest coverage • Evergreen protection
ThreatDV
IP reputation • DNS reputation
ATA-Network 500
ATA-Network 1000
ATA-Network 4000
TippingPoint TPS 440T
500 Mb/s IPS & IPS + NGFW
500 Mbps
1 Gbps
4 Gbps
HP vSMS Essential for VMware (vSMS)
Supports 2 devices and 440T
HP vSMS Essential for VMware (vSMS)
Supports 25 devices
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.5
Recent Updates to the TippingPoint Portfolio
EOS announcement for HPS10, S110, S330 IPS
This leaves a gap for the low end IPS
The lowball Product Promotion expired as of June 19th
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.6
TPS 440T
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.7
440T Technical Specifications
Specification 440T IPS 440T NGFW
Inspection Throughput 500 Mb/s 500 Mb/s(IPS+Firewall)
Typical Latency <100 Microseconds < 100 Microseconds
Security Contexts 750,000 NA
IPsec VPN NA 250 Mb/s
Max IPsec VPN tunnels NA 1024
New connections per second 50,000 35,000
Concurrent Sessions 1,000,000 250,000
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.8
What’s the opportunity?
Launch of 440T gives us a lot of new opportunities:
Net New opportunities
Competitive displacement
Current TippingPoint IPS and NGFW customer
S10,S110, S330 replacement
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.9
HP TippingPoint Threat Protection System Platform
HP TippingPoint Threat Protection System
HP TippingPoint Security Management System
T Series TX Series V Series
Licenses
Security Services(inspection-based)
8200TX8400TX
V Series StandardV Series Enterprise440T 2200T
Digital Vaccine®
Threat Digital Vaccine® (ThreatDV)
URL Filtering
…
Dual Persona
Next-Generation IPS/NGFW
Next-Generation Intrusion Prevention System (IPS)
Next-Generation Firewall (NGFW)
SSL
…
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.10
NGFW vs IPS vs TPS
We have three product linesNGFW
IPS
TPS
The NGFW and IPS products are standalone products already in marketNGFW products ships as NGFW only, sitting on Linux platform
IPS products ship as IPS only, sitting on VxWorks platform
The TPS product line is our new converged codebaseNGFW started on Linux platform
IPS engine and surrounding code ported to Linux platform in support of NGFW
The result is we have a platform that can either be an NGFW or an IPS, i.e. “dual-persona” (more later)
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.11
NGFW/TPS have similar hardware
Model Current Hardware Platform Notes
NGFW S1050F Nexcom HPAR1
NGFW S3010FNGFW S3020F
Nexcom HPAR3A
NGFW S8005FNGFW S8010F
Nexcom HPAR3D
TPS 440T Starlight HPAR1 Upgraded version of HPAR1
TPS 2200T Starlight HPAR3A Upgraded version of HPAR3A
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.12
Nexcom vs Starlight hardware
Nexcom was the ODM (original design manufacturer) for the HPAR line of hardware
They designed the original variants of the boxes, which we refer to internally as the Nexcom boxes, e.g. Nexcom HPAR1
The “Starlight” program involved moving the manufacturing piece from Nexcom to our own HP manufacturing facilities in Puerto Rico, PRMO.
The new boxes being manufactured by PRMO are internally referred to as the “Starlight” boxes, e.g. Starlight HPAR1
In the process of moving the manufacturing, we also made some hardware updates as appropriate, for the future products (discussed more later)
All 440T’s will be manufactured out of PRMO, therefore they will all be Starlight HPAR1s
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.13
What is the TPS 440T?
The 440T is our first model in the Threat Protection System product lineWill be a 500 Mb/s box
It replaces our existing lowball hardware, the TP110/330 boxes
Runs on Starlight HPAR1 hardwareIt will be released with dual persona packages
This means that the TOS version shipped with these devices can be selected as NGFW or IPS persona
The NGFW Persona of the 440T mirrors the operational characteristics as the S1050F
Only applicable to the NGFW mode/persona of the 440T
IPS Persona supports 500 Mbps as stated above
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.14
More details on “dual persona” When a dual persona device boots up for the first time, it prompts the customer for the desired
personaWould you like to deploy this device as an NGFW or as an IPS?Device mode (NGFW or IPS): IPSDo you wish to accept [IPS] mode <Y,[N]>: Y
It’s important to note that the code for both NGFW and IPS exist on the device, and much of it is common between the two
When a persona is selected, we set an internal flag that changes the boot-up process Common applications launch regardless of persona
Persona-specific applications (or variants of applications) launch based on the persona selected
The intent is that: NGFW persona behaves identically to an NGFW product, e.g. S1050F
IPS persona behaves *similarly* to an IPS product, e.g. 110/330 (lowball)
It’s very important to note that we aimed for feature parity, but the interfaces may be different, such as different CLI commands and LSM
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.15
Instant-commit vs Deferred-commit
Instant-commit is used for most(all) IPS specific configuration operations
Deferred-commit is used for most(all) platform specific and firewall specific configuration operations
Configuration changes to instant-commit features take effect immediately.
Changes to deferred-commit features do not take effect until they are committed.
Two management models, to support instant/deferred commit
tosIPC (instant commit)
XMS (deferred commit)
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.16
Instant vs. Deferred Commit In CLI and LSM, some operations take effect immediately (instant commit model), while others
take effect only if a separate “commit” operation is performed (deferred commit model).
An Operation is by default “Deferred” unless noted by the UI.
CLI Instant Commit Notification Example:
DUT9{running}ips
Entering Immediate Commit Feature. Changes take effect immediately.
DUT9{running-ips}
LSM Instant Commit Notification Example:
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.17
Instant vs. Deferred Commit LSM “Pending Changes” button turns RED whenever you have made changes that have not
been committed.
The number displayed in the button shows how many uncommitted changes have been made.
• Remember to COMMIT before exiting CLI or LSM if you want your pending changes to take effect.
• Both CLI and LSM try to warn you if you leave without committing.
• CLI Warning:DUT9{running-gen}https disableDUT9{running-gen}exitDUT9{running}exitWARNING: Modifications will be lost. Are you sure you want to exit (y/n)? [n]:
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.18
Instant vs. Deferred Commit
LSM warning when logging Off with pending changes:
NO WARNING if you exit the Brower without Logging Off!!!
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.19
Example: Configuring the Management Port330 IPStp330# configure ttp330(config)# interface mgmtEthernet tp330(cfg-mgmt)# ip 15.8.133.116/21tp330(cfg-mgmt)# exittp330(config)# default-gateway 15.8.128.1tp330(config)# host name tpr-tp330tp330(config)# host location R4Lab
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.20
Example: Configuring the Management Port440T IPS
440T-ips{}edit440T-ips{running}interface mgmt440T-ips{running-mgmt}ipaddress 15.8.133.31/21440T-ips{running-mgmt}route 0.0.0.0/0 15.8.128.1440T-ips{running-mgmt}host name 440T-ips440T-ips{running-mgmt}host location R4Lab440T-ips{running-mgmt}commit
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
ESP Partner TekTalk Promotion - Regular Expressions for HP TP DV Toolkit
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.22
The New ESP Partner TekTalks
What? ESP Partner TekTalks are live, 90 minute, technical deep-dive webinars on HP Enterprise Security Products (ESP) products and solutions that are important to the channel.
Your opportunity to meet, hear, and get your questions answered directly from ESP Technical Experts.
When? the second and fourth Thursday of every monthSession One will be convenient for EMEA and APJ partners and start at 08:00am GMT/03:00PM SGT.
Session Two will be convenient for partners in North and South America, and start at 02:00PM EDT/11:00AM PDT.
Watch for invitations from your PBM, or check the training calendar in Software Partner Central
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.24
Upcoming TekTalks – Save the Date!
Recorded TekTalks:May 14 – ArcSight – Interactive Discovery
May 28 – TippingPoint Advanced Threat Appliance (ATA)
June 25 – Fortify AppDefender *
July 9 – ArcSight User Behavior Analytics*
July 23 – ArcSight Logger*
The current schedule of ESP Partner TekTalks after Q3:July 23 – ArcSight Logger (rescheduled from June 11 )*
August 13 – Tipping Point RegEX and DV Labs Toolkit*
August 27 – WebInspect10.1 release*
Sept 10 – Atalla ESKM w/ storage & server attach*
Sept 23 – ArcSight and Hadoop integration
Oct 8 – Tipping Point TPS/TP440T
Oct 22 – Atalla Adallom Cloud Security
Nov 12 – ArcSight DNS Analytics
Dec 10 – ArcSight ESM Express
* Registration is now open on the Learning Center
Questions? Email [email protected]
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
ESP Partner TekTalk Promotion - Regular Expressions for HP TP DV Toolkit (course content)
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.29
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.30
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.31
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.32
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.33
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.34
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.35
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.36
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.37
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.38
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.39
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.40
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.41
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.42
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.43
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.44
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.45
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.46
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.47
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.48
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.49
Create New Filter
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.50
Create New Filter
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.51
Create New Filter
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.52
Check
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.53
No HTTP
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.54
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.55
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.56
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.57