HP ESP 2013
Solution Roadmap
C. K. Lin (林傳凱)
Senior Channel Solution Manager, North Asia [email protected]
3
議程
•
HP ESP 簡介
•
HP ESP 解決方案
•
HP ESP 2013 Solution Roadmap
HP Enterprise Security Products
–1,500 由ArcSight, Fortify, TippingPoint and Atalla 團隊來的資安專家
–1,500 在HP Enterprise Security Services的資安專家
–唯一的一家資安公司所有的指標性的產品都居於領導者的地位(Gartner’s leaders quadrant)
Magic Quadrant Leadership One Team, One Vision
ATALLA
DATA SECURITY
Gartner report 2013:
“ArcSight should be on the list of every large
organization building a SOC”
Controls Reporting Application
Monitoring Controls
Monitoring Monitoring Identity
HP ArcSight 解决方案
資料蒐集
日誌整合
事件關聯
HP ArcSight Express HP ArcSight Connector HP ArcSight Logger HP ArcSight ESM日誌源
ArcSight 讓電信客戶每天接獲的 安全事件通報從 4000 萬降低到 只有 45 件重大事件。改善率達 百萬倍! 支援350+ 種資 料來源及格式, 業界第一 最高可達100,000 EPS 的效能HP Fortify 完整軟體開發生命週期的解决方案
9 HP Fortify SSDynamic Test
SecurityScope HP Fortify SCADevelop
Static Code Analyzer HP Fortify RTADeploy
Real-Time AnalyzerCoding Integration QA Deploy Maintenance
HP Fortify Software Security Center
Tool Integration Data Integration Correlation HP WI
Penetration Test
WebInspect HP Fortify SCA (静態程式碼分析)HP WebInspect & Security Scope
(動態應用檢測) HP Fortify RTA (軟體防火牆)
HP Software Security Center(安全管理中心)
方案最完整 性價比最高
TippingPoint 解决方案
IPS Platform Solutions
網路延遲最低,網路埠數業界最多Security
Intelligence
Reputation DB 引領業界風潮
Digital Vaccine
Broadest Coverage • Evergreen Protection Web App DV and Scanning
Web Scan• Custom Filters • PCI Report Reputation DV
IP Reputation • DNS Reputation ThreatLinQ
Real Time Threat Intelligence Core Controller
20Gbps • 3x10GbE Security Management System (SMS)
Manage Multiple Units • Central Dashboard SSL Appliance S 1500S
Transparent SSL Bridging and Off-Loading Secure Virtualization Framework
vController & vIPS S 10 20Mbps • 2 Segments S 110 100Mbps • 4 Segments S 330 300Mbps • 4 Segments S 2500N 3Gbps • 11 Segments S 5100N 5Gbps • 11 Segments S 6100N 8Gbps • 11 Segments S 660N 750Mbps • 10 Segments 5200NX 5Gbps • Segments on Demand S 1400N 1.5Gbps • 10 Segments 7100NX 13Gbps • 10 Segments on Demand
ROBO, Perim eter, Zon e isolation , MSPs…
10GE Net w ork s, Core, Data Cen ter, Serv ice
P rov iders…
Man agem en t, Accessories, Virtu alization
Atalla 解決方案
Network Security Processor (banking/retail)
• Also Secure Configuration Assistant, Boxcar, premium/custom commands • ASPs $15-35K/unit, typical customer investment $100K-$1M
• 90% attach rate to NonStop FSI customers, but 60% attached to other hosts • Competitors: Thales, Futurex, SafeNet
Enterprise Secure Key Manager (all verticals)
• Also Client Licenses for each enrolled encryption device • ASP $20-25K/unit, typical customer investment $100K-$1M
• 100% attach rate to HP NonStop volume encryption, HP Storage enterprise tape library encryption, HP Storage SAN encryption, HP Cloud Services, HP ES Backup/Restore
HP ESP 2013
什麼是 ESM 6.0c?
ESM 5.x and earlier
Relies on Oracle database technology
• RDBMS like Oracle is not optimized for today’s
SIEM requirements
• Complex to Deploy
• Hard to maintain – requires DBAs to maintain it
ESM 6.0c
Embeds our own CORRE technology
• is optimized for today’s SIEM requirements • Simpler, faster and easier
• Management console makes life much easier –
eliminates DBAs.
Our performance-oriented enterprise SIEM solution
ESM 5.x Manager
Oracle Database
ESM 6.0c Manager
效能大大超越 5.2
1 1 1 20 3 15 0 5 10 15 20 25Storage EPS Query
Oracle CORR
Detect More Incidents
Up to 3x the current performance using the same hardware
Faster Query up to15x
Address More Data
Up to 20x the current capacity for correlated events using the same disk space
Operate More Efficiently
Frees up security analyst cycles for proactive monitoring
Fortify 3.80 & WebInspect 10
1. Programming Environments – Visual Studio 2012 & .NET 4.5.
2. Batch Bug Management – Selection Criteria, Grouping Strategy,
State Management. (Integrated with Quality Center)
3. Moderate improvements – Search syntax AND and ORs. Speed.
4. Competitive Heads-up
5. WebInspect 10 (Integrated with WAF & TippingPoint)
Reputation-based threat intelligence
•What is it?
RepSM actively manages “reputation-based” security
policies to detect and prevent communication with “known bad” actors.
• Detect additional threats including peer-to-peer network
use and potential spear phishing
• Accumulate and analyze suspicious connections, including
internal, over time further
• Integration with HP TippingPoint IPS to automatically block
attacks and exfiltration
• Integration with HP ThreatDetector to detect and verify zero
day attack and APT spread patterns
HP Reputation Security Monitor (RepSM 1.5)
Database Network s Servers Apps HP threat research Devices Events HP SIEM Reputation Data Responses
Bad IPs/ DNS names
