TippingPoint1 mk

8/14/2019 TippingPoint1 mk

1/29

[email protected][email protected]

3Com System Engineer3Com System Engineer


2/29

TippingPointTippingPoint - Vvoj firmy- Vvoj firmy

TippingPoint History


3/29

Certifikace a ocennCertifikace a ocenn

NSS Gold Award TippingPoints Intrusion

Prevention System is theFIRST and ONLY productto win the coveted NSSGold Award in the IPSspace.

Best Security Solution 2005 TippingPoint IPS Overall

Winner in SC Global Awards Over 1,000 products nominated

Certified at faster throughput(3Gbps) and lower latency (84sec) than any other IPS in theworld

ICSA Labs Certified

2006 Winner Best IntegratedSecurity, Info Security

2006 Winner of Best Product Security Week Brazil

ICSA Labs Firewall and IPSecVPN Certification

X-Series:
http://infosecuritymag.techtarget.com/ss/0,295796,sid6_iss526_art1054,00.htmlhttp://www.infosecurityproductsguide.com/productexcellence.htmlhttp://www.cbronline.com/article_cbr.asp?guid=7D792053-714E-4633-AE98-CCB7C7ED7281https://newlabs.icsalabs.com/icsa/labnote.php?cid=1821$681800e6-536263ee$07fa-bca7c8f3http://www.infosecurityproductsguide.com/http://www.tmcnet.com/voip/1006/top-voices-of-ip-communications.htmhttp://www.varbusiness.com/sections/news/breakingnews.jhtml;jsessionid=GJXWPKE5ZWTYMQSNDLRCKH0CJUNN2JVN?articleId=193401415mhttp://www.icsalabs.com/icsa/docs/html/communities/firewalls/pdf/tippingpoint.pdfhttp://www.scmagazine.com/us/awards/voting/profiles/26149/a6182d79-2662-4dad-bee3-ca9cfde33a36/11ddb560-3495-46ae-931b-c882b39ef4d3/


4/29

Gartner Magic Quadrant for NetworkGartner Magic Quadrant for NetworkIntrusion Prevention Systems, 11/06Intrusion Prevention Systems, 11/06

This Magic Quadrant graphic was published byGartner, Inc. as part of a larger research note andshould be evaluated in the context of the entirereport. The Gartner report is available uponrequest from 3Com.

* Magic Quadrant DisclaimerThe Magic Quadrant is copyrighted Nov. 30, 2006,by Gartner, Inc. and is reused with permission.

The Magic Quadrant is a graphical representationof a marketplace at and for a specific time period.It depicts Gartner's analysis of how certainvendors measure against criteria for thatmarketplace, as defined by Gartner. Gartner doesnot endorse any vendor, product or servicedepicted in the Magic Quadrant, and does notadvise technology users to select only thosevendors placed in the "Leaders" quadrant. TheMagic Quadrant is intended solely as a researchtool, and is not meant to be a specific guide toaction. Gartner disclaims all warranties, express orimplied, with respect to this research, includingany warranties of merchantability or fitness for aparticular purpose.

The Magic Quadrant for Network Intrusion Prevention System Appliances, 11/06 was authored by John Pescatore and Greg Young November 30, 2006.


5/29

TippingPoint een


6/29

TippingPointTippingPoint::Intrusion Prevention System (IPS)Intrusion Prevention System (IPS)

Zraniteln serverya klientiFirewall

Interntonk

toky prol FW

toky jsoudetekovny a

blokovny za plnrychlosti. UnityOnefunguje jako sovpatch nebovirtuln softwarepatch

UnityOne


7/29

Produkty


8/29

IPSIPS z hlediska stz hlediska st

In-line na sti jako LAN switchTransparentn, neviditeln, bez MAC nebo IP adresy

Data Segments agregovan

prchodnostady produktOd 50Mbpsdo 5Gbps

Management PortSSH, HTTPS, SNMP

remote management logovn updaty filtr

opticksegment

metalicksegment

Tx

Rx

Tx

Rx

Tx/RxTx/Rx


9/29

Vysok vkon a nzk latenceVysok vkon a nzk latence


10/29

Vkon Hardware eenVkon Hardware een

Preference bezpenostiped vkonem

Preference vkonu

ped bezpenost

dn kompromis


11/29


12/29

TippingPoint X505

Aktuln produktov adaAktuln produktov ada TippingPointTippingPoint


13/29

Klov vlastnosti


14/29

UnityOneUnityOne roziuje IPS (roziuje IPS ( IntrusionIntrusionPreventionPrevention ))

Todays businesses demanduncompromising performance,

reliability, and protection

Ultra-HighPerformanceCustom Hardware

5 Gbps Throughput Switch-Like Latency

2M Sessions 250K Sessions/Second Total Flow Inspection 64K Rate Shaping Queues 10K Parallel Filters

Infrastructure Protection

Application Protection

Performance Protection

IntrusionPreventio

nSystems


15/29

Ochrana aplikacOchrana aplikac Chrn klienty a serveryChrn klienty a servery

Performs Total Inspection at Layers 2-7

Protects Vulnerabilities Protects Perimeter and Internal Network Provides Day-Zero Attack Protection Eliminates Emergency Patching Triage Prevents Application and O/S Damage/Downtime

Protect:

Microsoft Applications& Operating Systems Oracle Applications Linux O/S VoIP

From:

Worms/Walk-in Worms Viruses Trojans DDoS Attacks Internal Attacks Unauthorized Access




IntrusionPrevention

Systems


16/29

OchranaOchrana InfrastruInfrastrukturyktury Chrn sov prvkyChrn sov prvky

Protects Network Equipment

Vulnerabilities Protects Against Anomalous TrafficBehavior Automatic Baselining Rate Limit, Block, or Alert on Thresholds

Supports Custom IP filters, ACLs

Protect:

Routers(e.g. Cisco IOS)

Switches Firewalls (e.g. Netscreen OS,

CheckPoint FW1)

VoIP

From:

Worms/ Walk-in Worms Viruses Trojans DDoS Attacks SYN Floods Traffic Anomalies




IntrusionPrevention

Systems


17/29

Protect:

Bandwidth Server Capacity Mission-Critical Traffic

From: Peer-to-Peer Apps Unauthorized Instant

Messaging Unauthorized

Applications DDoS Attacks

Ochrana vkonuOchrana vkonu Ochrana sovho vkonuOchrana sovho vkonu

Increases Network Performance EvenWhen Not Under Attack

Rate Limits Non-Mission CriticalApplications Eliminates Bandwidth Hijacking Controls Rogue Applications Eliminates Misuse and Abuse Controls Peer-to-Peer Traffic




IntrusionPrevention

Systems


18/29

Monosti redundanceMonosti redundance

Dual Hot-Swappable PowerSupplies

Self-Monitoring WatchdogTimers Security and Management Engines

L2 switch fallback

99.999% Network Reliability

Stateful Redundancy Active-Active

Active-Passive No IP Address or MAC Address Transparent to Router Protocols

HSRP, VRRP, OSPF

No loss of segments or ports in

this scenario

Stateful Network RedundancyIntrinsic High Availability


19/29

Sluby vztaen k TippingPoint een


20/29

TippingPoint Digital VaccineTippingPoint Digital Vaccine

Coverage Vendors Threat organizations Independent researchers (ZDI) Internal Threat Management

Center Timeliness

Weekly filter distribution Zero Day Initiative Same day Microsoft Tuesday

coverage Accuracy

Designed to block 5 years of filter writing experience No performance degradation

Extensibility Signatures, vulnerabilities, traffic

and protocol anomalies New Threats: P2P, Instant

Messaging, Spyware, Phishing,VOIP

The Digital Vaccine service is the most comprehensive, accurateand automatic protection service available.


21/29

AutomaticAutomatick dk digitigitlnln vakcinavakcina

SANS CERT Vendor Advisories Bugtraq VulnWatch PacketStorm Securiteam

Digital VaccineAutomaticallyDelivered toCustomers

Vulnerability Analysis

Raw Intelligence

Feeds

Vaccine Creation

Scalable distribution networkusing Akamais 9,700 servers

in 56 countries

@RISKWeekly Report

Filter Types Signature Vulnerability Traffic and/or Statistical Anomaly


22/29

TippingPoint zTippingPoint zkaznci ochrnni odkaznci ochrnni od99.8..8.20052005

as k vytvoen zplatyochrann intervalSe scvrkvz msc na dny

Ohroen zranitelnch stanic jeZaruen pokud je erv vyputn

en erv se m na minuty

toncivybaveni abyvybrali cl a ohroziliuivatele

Zranitelnostodhalena

Zotob Exploitpublikovn

Zotob Worm

tok 16.8.2005

Zraniteln

stanicenapadeny

TippingPointBezpenostn filtry

distribuovny9.8.2005

TippingPoint zkaznci ochrnni


23/29

Global Service and SupportGlobal Service and Support

Professional Services Installation & Advanced Implementation Services Comprehensive detailed installation, configuration, and tuning of basic & advanced

security features of TippingPoint IPS and Security Management System products Security Posture Assessments (SPA)

A comprehensive security evaluation of the network to identify vulnerabilities,weaknesses, and exposure to exploitation of the external and internal infrastructure

Training A family of basic, advanced, and expert level training courses delivered globally by

experienced subject matter experts

Custom Digital Vaccine (DV) Development Development of local or specialized security filters for a particular geography or environment

Managed Security Services (MSS) Outsource the operations of security monitoring and device management

Global Technical Support 24x7x365 & Next Day Shipping replacement hardware


24/29

Souhrn


25/29

Vlastnosti TP eenVlastnosti TP een

Frequent protection and prevention (weekly or better) against the latestthreatsConfidence and comfort of network protection

Timely Filter Updates

Lowers TCO with automatic attack blocking, filter updates and reportsAutomation

Advanced protection against a multitude of threats: Spyware, Phishing,VoIP, P2P, Protocol Anomalies, Behavioral/Traffic Anomalies, Worms,Trojans, DDoS attacks, DDoS SYN Proxy and Connection RateLimiters, Microsoft Vulnerabilities, etc.Avoids multiple security solutions and provides cost savings

Comprehensive Security Prevention

Ensures no good traffic gets blocked, no network disruptionFilter Accuracy

Immediate security, out of the box; High ROI, Low/No configurationSimple Set-up

Proactive accurate and comprehensive attack filteringprovides zero-day attack protectionProtects against all types of attacks

Complete Filtering Methods

(signature, protocol anomaly,vulnerability, traffic anomaly)

Reclaims bandwidth and improves network performanceRate Shaping

Extensible platform for unparalleled security and networkingLowers administration and maintenance

Purpose-Built Custom ASIC Hardware

Effective proactive attack termination. Protects unpatched systemsEnsures system availability and performance

In-line Attack Blocking

50Mb 5Gb Performance enables scalable solutions for perimeter andinternal protectionNo adverse network impact

Switch-Like Latency

Pnos pro uivateleVlastnost


26/29

Performance ASIC-based Architecture Fastest IPS on the market (5 Gbps) Runs inline with switch like latency (


27/29

Zkaznci

Kd j k k Ti i P i tKd j k k Ti i P i t


28/29

Kdo je zkaznk pro TippingPointKdo je zkaznk pro TippingPointproduktyprodukty

Zkaznk, kter hled: Ochranu ped pemnoenm hlavnch vir/erv

Nem dostatek asu/zdroj testovat a nasazovat zplaty na servery astanice

Hodl chrnit nejen perimetr st ped toky zvnjku, ale tak centrum avybran sov zdroje ped internmi toky

Zvauje optimalizaci st a zen zbavnch aplikac, jako P2P, Spyware,

Potebuje ochranu ped DoS a DDoS toky


29/29

Dky za pozornost

TippingPoint1 mk

Documents

Transcript of TippingPoint1 mk