HP TippingPoint Next Generation

Intrusion Prevention System

(NGIPS)
Advanced Protection Against Advanced Threats

2012 Hewlett-Packard Development Company, L.P.

The information contained herein is subject to change without
notice
Agenda
The Threat Landscape is Evolving
HP TippingPoint Strategic Security Framework
HP TippingPoint Next Generation Intrusion Prevention System
Threat Scenario: How NGIPS Protects Against Advanced Threats
HP TippingPoint NGIPS is the Best Choice

2 Enterprise Security HP Confidential

The Threat Landscape
is Evolving
Enterprise IT Landscape is Evolving
Traditional security controls are becoming less effective.

Personal mobile devices accessing the

Consumerization corporate enterprise impact risk profile

Violation of government and business

Compliance regulations results in fines and lost
business
Cloud and virtualization deployment
Consolidation requires new, scalable security model

Social media applications and their use

Convergence impacts business and security policies

Attackers Have More Attack Surface To Target. Security Professionals Have More Risk To Manage

4
 The Threat Landscape is Evolving
Attacks and attackers are becoming more sophisticated

Broad Attacks

Advanced Targeted Threats

Stuxnet Duqu Aurora

Recreational Hackers

Organized Crime & Nation

States
Only
Only 16%
16% of
of Firms
Firms Have
Have a
a Security
Security Policy
Policy in
in Place
Place to
to
Protect
Protect Against
Against Advanced,
Advanced, Targeted
Targeted Threats.
Threats. **

* Source: Global State of Information Security Survey, PricewaterhouseCoopers, CIO magazine, CSO magazine,
September 2011

5 What Is an Advanced, Targeted Threat?

Example: NGIPS Protection Against Advanced Targeted
Attacks
5:00 AM 8:30 AM 8:31 AM

Finance person receives Opens to see 2012 Recruitment RAT program downloaded utilizing
1
a spearphishing email 2
plan with .xls file 3 Adobe Flash vulnerability

NEXT DAY / 12:01AM 8:32 AM

NMAP scan to identify and classify

Poison Ivy RAT is initiated
5 network resources 4

OVER THE NEXT 10 DAYS 11TH DAY / 12:05 AM 12TH DAY

Collect data over a Encrypt and ftp file to Attack hits

6 period of time 7
good.mincesur.com 8 the headlines
The Impact is
Real
March 17, 2011 Breaches Are Costly
RSA Hit By Advanced
Persistent Threat RSA announced cost of breach
RSA has been breached and sensitive
at $66 million
token key information from more than 40 Negative press. Loss of
million end users may have been business and loss of trust.
compromised.

May 31, 2011

Lockheed Martin Suffers The Stakes Are High
Massive Cyberattack
Significant and tenacious attack Intellectual property loss
targeted multiple defense contractors and
could compromise national
involved hack of RSA SecurID System.
security

7
And RSA Was Not Alone
United
Nations

360,000 Blackhole Exploit

accounts hacked Injected into USPS
Cyber attack on United in cyber attack;
Nations leads to Website
The website of U.S Postal
$2.7 million
massive loss of Service serving up malware
stolen.
information and posses
huge economic threat.
Stuxnet Worm Barracuda Hit By
Sophisticated worm Cyber Attack
attacks Siemens
Sony PlayStation SCADA industry control Attacker grabbed the
information using an SQL
Network Down systems and Windows.
injection script
77 million accounts at
risk of data theft Sony Online estimates
25 million customer
accounts hacked.
8
 Whats Gartners Recommended
Solution?
Next Generation Intrusion Prevention System
(NGIPS)

Standard First Gen IPS

Capabilities
Context Awareness

Content Awareness

Application Awareness and

Visibility

Agile Engine

9 Enterprise Security HP Confidential

HP TippingPoint
Network Defense System
A Strategic Framework For Network
Security
HP TippingPoint Network Defense System

Network Defense System

NDS SECURITY COMPONENTS:
Inline network defense solutions that can adapt to
Inline proactively mitigate current and future security threats
Enforcement (NGIPS)

Security Advanced Advanced Policy management and event visibility &

Intelligenc Managemen reporting for all TippingPoint products (SMS)
e t
Security Intelligence and services that protect
networks from todays and tomorrows threats
(DVLabs)

NDS: A Strategic Framework For Network Security and Threat

Protection
11 Enterprise Security HP Confidential
HP TippingPoint Network Defense System (NDS)
NDS SECURITY COMPONENTS
Network Defense System Next Generation Intrusion Prevention System
Powerful N-Platform threat suppression engine
adapts to protect against current and future
advanced targeted threats
Next Generation Intrusion Prevention
System Security Management System
(N Platform) Real time event management and correlation
DV Labs Security Management
Research System resulting in better policy decision making,
policy deployment, and security
administration

Global DVLabs Research Organization

Security services and intelligence that detects
malicious traffic, exploits and advanced,
targeted threats
HP TippingPoint
Next Generation Intrusion
Prevention System (NGIPS)
 Next Generation Intrusion Prevention System (NGIPS)
Advanced Protection Against Advanced Threats
HP TippingPoint NGIPS

1. Protects vulnerable applications

2. More effective blocking decisions
3. Stops malicious traffic
4. See and control applications

Agile NGIPS Adapts to Prevent Future Attacks

14 Enterprise Security HP Confidential

HP TippingPoint Next Generation Intrusion Prevention
System (NGIPS)
Key Feature and Capability
Benefit and Services
Virtual patch (First Gen IPS) Web Application DV Toolkit
Vulnerability
Protection Protect Vulnerable Applications
Zero Day vulnerability discovery

Multi-vector alert correlation Reputation

Context
Awareness More actionable event information
More Effective Blocking
Geo Location
User information
Decisions

Inbound / outbound traffic Reputation

Content
Awareness inspection
Stop Malicious Traffic
Block malicious executables and

Application
files
Identify and Classify Applications Application DV Toolkit
Visibility Seeand
See andControl
ControlApplications
Applications
and Control Granular Application Control

15 Enterprise Security HP Confidential

HP TippingPoint DVLabs
DVLabs Security Services
Protects against
1000s of exploits
1,650+ independent researchers
DVLabs Reputation
Blocks Millions of
Research Known Bad Hosts
Leading security research
organization Application
Granular App
Control and Rate
The leader in zero day Limiting
2,000+ customers participating vulnerability discovery Web Application
Inspect and Protect
Web Apps
Delivers earliest filter
protection
DV Toolkit
Partners Custom Filter Tool
Staffed by 30+ dedicated with SNORT support
SANS, CERT, NIST, OSVDB etc. researchers
Software & reputation vendors
Monitor the Global
Threat Landscape

Industry Leading Security Research Industry Leading Threat Protection

16
Filter Service

HP TippingPoint DV Labs Digital Vaccine

Service
DVLabs Discovers More Vulnerabilities
And Provides Earliest Protection Against Zero Day
Threats

DVLabs: Leading the Industry in

Vulnerability Discovery AND Filter
Delivery
Enterprise Security HP Confidential
Threat Scenario:

How Does HP TippingPoint NGIPS

Protect Against Advanced Targeted
Threats?
Example: NGIPS Protection Against Advanced Targeted
AttacksSpearphishing Attack Malicious Email Attachment Exploit of Vulnerable
Application
HP TP Next Gen
HP5:00 AM
TP Next Gen IPS HP TP Next Gen IPS
8:30 AM
Countermeasures
8:31 AM IPS
Countermeasures
Countermeasures Vulnerabilit
Vulnerabilit DVLabs Filter Service offers over
Content
Content Detects mail traffic y
y
Leverages 200 content 100 filters to protect against
Awareness
Awareness containing phishing attack Protection
Protection
techniques
Content
Content filters from DV Labs to Content
Content Adobe exploit
Content filters detect download
Finance person
Context
Context
receives
RepDV blocks mail traffic Opens
Opens to
Awareness
Awareness
to see 2012
preventRecruitment
download of RAT program ofdownloaded
Awareness
Awareness Poison Ivy RAT utilizing
emails with malicious
1
a spearphishing
Awareness
Awareness from knownemail
sources of
2
plan with .xls file
attachments Adobe Flash
Context
3 Context
RepDVvulnerability
detects downloads from
phishing emails Awareness
Awareness known sources of Malware and
Spyware

Reconnaissance and Mapping External Use of Compromised Host

HP TP Next
NEXT DAY Gen IPS
/ 12:01AM 8:32 HP
AM TP Next Gen IPS
Countermeasures
Countermeasures
NGIPS detects the scan, quarantines the host, Content
Content NGIPS detects and takes action on Poison Ivy command
Awareness
Awareness and control TRAFFIC
Context determines USER ID correlated with that host, then alerts
Context
Awareness end user and admin
Awareness
NMAP scan to identify and classify
GEOLOCATION information included in each event shows Context NGIPS detects and takes action on COMMUNICATIONS
Context
Awareness Poison Ivymalicious
with known RAT is initiated
hosts
5 network resources
a shift in this attack from external to internal
4
Awareness

Ongoing Scanning and Data Data Leakage HP TP Next Gen IPS Delivers
Collection
OVER THE NEXT 10 DAYS HP TP Next Gen IPS
12TH DAY
OVER THE NEXT 10ESMDAYS 11TH DAY / 12:05
Countermeasures
AM
TEN
HP ArcSight identifies
anomalous internal activities by RepDV Service detects and
Context
analyzing and correlating every
event, then provides real time
Context
Awareness
Awareness
blocks communications with
known bad hosts, domains, Countermeasure
Collect data over a Encrypt and
and ftp filegeographies
to Attack hits
dashboards, notifications or
reports to the security
period of time
unapproved
good.mincesur.com
s
the headlines
6 administrator 7 8
 How Secure Are You?

20 Enterprise Security HP Confidential

Summary
The Reality
No security vendor can guarantee 100% protection from advanced, targeted attacks
But, the more countermeasures you have in place, the better protected you are

Why HP TippingPoint is The Best Security Solution

We deliver multiple countermeasures to protect your network against advanced attacks
TP NGIPS provides adaptable, inline protection against current and future attack
scenarios
DV Labs delivers industry-leading research that produces advanced, cutting-edge,
security services
SMS provides advanced management capabilities to improve policy decision making

HP TP Delivers Advanced Protection Against Advanced

Attacks
21 Enterprise Security HP Confidential
Thank you

For more information visit:

www.hpenterprisesecurity.com