Embed Size (px)
Citation preview
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
HP TippingPoint IPS
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Защита предприятия в современном контексте
Архитектура используемых решений усложняется
Контрразведка стала обязательным элементом сетевой безопасности
Серьезное давление на периметр, BYOD и т.д.
Понимание контекста приложений необходимо для противодействия современным атакам
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Advanced Threat Appliance (ATA)• Лучший анализ сетевого трафика на содержание вредоносного кода, более 100 протоколов
• Расширенная защита и выявление заражения “patient zero
Семейство продуктов HP TippingPoint
IntegratedPolicy
IntegratedPolicy
Next-Generation Firewall (NGFW)• NGIPS интегрированый с МЭ• Детектирование протоколвприложений
• Высокая производительность, в сочетании с низкой стоимостью владения
In-line Threat Protection with Next-Generation Intrusion Prevention (NGIPS)• Инновационные технологии интеграции в инфраструктуру
• Надежная аппаратная платформа, Uptime 99,99%
• Уникальная производительность во время действующей «Атаки»
• Защита инфраструктуры и приложений
Security Management System (SMS)• Централизованное управление
NGIPS, NGFW and ATA• Единое управление политиками и управление устройствами ТР
Digital Vaccine Labs (DVLabs)• Исследовательская лаборатория • Инициатива zero-day
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
NGIPS - матрица устройств
Сегменты [пар портов]
Производительность
[Mbp
s]
20
up to24
TippingPoint 6200NX, 2600NX, 5200NX 3 Gbps, 5 Gbps, 10 Gbps
4
TippingPoint S110, S330100 Mbps , 300 Mbps
2 10/11
TippingPoint 660N, 1400N750 Mbps, 1,5 Gbps
20.000 TippingPoint 7100NX, 7500NX15 Gbps, 20 Gbps
TippingPointS1020 Mbps
up to24
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Сильные стороны HP TippingPoint
НадежностьNGIPS с рекордной доступностью в 99.99999%
ПростотаПростота использования, управления и эффективные настройки по-умолчанию
ЭффективностьЛучшая в отрасли исследовательская лаборатория DVLabs
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Простота – это важно!• Ввод в работу в течение минут• Графический интерфейс с
особым упором на простоту использования
• Общая система управления для всей линейки решений NGIPS и NGFW
• Высокая эффективность настроек по-умолчанию
• HP Vertica Big Data для хранения журналов
• Документированный API, интеграция с HP ArcSight“60% of customers deploy with
recommended settings.” – Frost & Sullivan
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Filter-Store
• MODBUS• DNP3• ICCP• InduSoft
WebStudio• WellinTech• DATAC
RealWin• GE• Schneider
Electric
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Надежность• доступность NGIPS на уровне
99.99999%• Прозрачное подключение
“bump in the wire”, VRRP, OSPF, HSRP
• Два режима обеспечения надежности• Routing Active-Passive HA• Transparent with bypass
• SSD диски, два блока питания
• Низкая задержка при обработке сетевого пакета менее 40 микросекунд
• Обновление TOS без перезапуска устройства
• ZPHA – замена шасси без потери связи
2x 10GbE SFP+ ZPHA
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Эффективность• Большой опыт в данной области (2005 voip, 2007 scada)• Более 1,100 фильтров 800+ приложений• Ограничение полосы, блокировка, карантин, уведомление
• Pandora• Netflix• Spotify
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Effective
DVLabs Research & QA~3,000+ independent researchers
• 8,200+ filters right out of the box • ~3,000 contributing security
researchers • Proven accuracy with minimal false
positives• Repeatable results week over week• Optimize network performance and
protect business critical applications
Note: All figures are rounded. The base year is 2012. Source: Frost & Sullivan and Microsoft Advisory Acknowledgements
0
20
40
60
80
100
Identified High Severity Vulnerabilities
HP T
ippi
ngPo
int
US-
CER
T
Secu
nia
IBM
ISS
VUPE
N
Secu
rity
Cor
e Se
curit
y
Cod
emon
icon
Labs
Veris
ign
iDef
ense
Hig
h-Te
ch B
ridge
050
100150200250300350
Microsoft Advisory Acknowledgments
2006 2007 2008 2009 2010 2011 2012 2013 2014
HP T
ippi
ngPo
int
McA
fee
IBM
Sour
ceFi
re
Che
ck P
oint
Forti
net
Palo
Alto
Del
l
Cis
co
Ston
esof
t
! Vulnerability-based Filter !
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Исследовательская лаборатория DV Labs
DVLabs Services:• Digital Vaccine• ReputationDV• CustomDV• ThreatLinQ • Lighthouse Program
Leading security research and filter development with 30+ dedicated researchers
DVLabs Research & QA
PartnersSANS, CERT, NIST, etc.
Software & reputation vendors
2,000+ customers participating
~3,000+ independent researchers
Note: All figures are rounded. The base year is CY 2012. Source: Frost & Sullivan analysis
Analysis of Vulnerabilities by Severity
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Frost and Sullivan Market Share Leadership Award за вклад в работу по обнаружению уязвимостей
4 года подряд!
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Digital Vaccine обеспечивает большую эффективность• DV фокусируется на первопричине уязвимости, чтобы одним фильтром обеспечить защиту от нескольких эксплойтов• Всегда существует несколько вариантов эксплойтов• Обнаружение каждой конкретной реализации эксплойта, все
равно что вычерпывать воду из дырявой лодки
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
HP TippingPoint DVLabsАнализ уязвимостей
§ Покупка 0-day и анализ уязвимостей с помощью Zero Day Initiative (ZDI)
§ Поиск уязвимостей в широко известном ПО
§ Направленный анализ новых технологий атаки
Анализ вредоносов
§ Репутационная база узлов сети Интернет
§ Репутационная база URL§ Глубокий анализ для
выявления ключевых признаков
Weekly updates for to stay ahead of the threats
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
HP TippingPoint применения для АСУ ТП• Исследование уязвимостей в АСУ ТП• Разработка фильтров Digital Vaccine для АСУ ТП• Детектирование и разбор событий протоколов : MODBUS, DNP3, ICCP• Совместная работа с производителями АСУ ТП (Siemens, Schneider, GE)• SCADA Zero Days• Постоянная работа по программе Zero-Day Initiative (ZDI) program в области АСУ ТП• Реализация защиты от Zero-Day уязвимостей • ReputationDV• Анализ активности вредоносного кода и аномальных активностей во всем мире и
создание базы репутация • Возможность блокировки коммуникаций с подозрительными источниками
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
0days published in 2015 so far (sample):
• Moxa SoftCMS• MICROSYS PROMOTIC• Schneider Electric ClearSCADA
Currently covered (pre-disclosure):
ZDI-CAN-2981 CogentZDI-CAN-2965 UnitronicsZDI-CAN-2964 UnitronicsZDI-CAN-2954 MoxaZDI-CAN-2952 MoxaZDI-CAN-2951 MoxaZDI-CAN-2950 MoxaZDI-CAN-2956 MoxaZDI-CAN-2955 MoxaZDI-CAN-2953 MoxaZDI-CAN-2930 Unitronics
ZDI-CAN-2922 GEZDI-CAN-2919 UnitronicsZDI-CAN-2918 UnitronicsZDI-CAN-2911 UnitronicsZDI-CAN-2910 UnitronicsZDI-CAN-2906 GEZDI-CAN-2904 UnitronicsZDI-CAN-2649 IndusoftZDI-CAN-2529 MoxaZDI-CAN-2526 MoxaZDI-CAN-2525 MoxaZDI-CAN-2496 Moxa
Преимущества защиты Zero-day АСУ ТП
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
0days published in 2014 so far (sample):
• WellinTech KingSCADA• GE Proficy• Schneider Electric ClearSCADA• Advantech WebAccess• Ecava IntegraXor• Cognet DataHub
Currently covered (pre-disclosure):
ZDI-CAN-2310 EcavaZDI-CAN-2301 MICROSYSZDI-CAN-2086 AdvantechZDI-CAN-2085 AdvantechZDI-CAN-2079 AdvantechZDI-CAN-2069 AdvantechZDI-CAN-2068 AdvantechZDI-CAN-2067 AdvantechZDI-CAN-2066 AdvantechZDI-CAN-2065 AdvantechZDI-CAN-2064 AdvantechZDI-CAN-2063 Advantech
ZDI-CAN-2062 AdvantechZDI-CAN-2061 AdvantechZDI-CAN-2044 AdvantechZDI-CAN-2043 AdvantechZDI-CAN-2032 AdvantechZDI-CAN-2043 AdvantechZDI-CAN-2172 ABB
Преимущества защиты Zero-day АСУ ТП
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Проекты HP TippingPoint SCADA
• HydroOne• Hong Kong China Light Power Company• Saint Lawrence Seaway Management• Southern California Edison (Power, Energy)• Alabama Power (Southern Company)• CE Electric aka Northern Power Grid (UK)• ABB Information Systems• Sempra Energy• Marathon Oil
• SCE• Comision Nacional de Electricidad• Enbridge Piplines• IESO (Independent Electricity System
Operator)• Transalta• Vale Inco• Terna• Santa Clara Valley Water District
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Гидроэлектростанция HydroOne (Канада)
Company Profile• Headquartered in Ontario, Canada• $5.8B revenue• Hydro One is a holding company with four subsidiaries, the largest being Hydro One Networks • It operates 97% of the high voltage transmission grid throughout Ontario and serves 1.3 million
customers in rural areas across the province in its capacity as Ontario's largest distribution utility
TippingPoint Deployment• Perimeter and datacenter deployments, securing their cyber perimeter and core data centers• 40 Hub locations with recently installed DV-powered 660Ns• IPS profiles configured with in-line blocking• SCADA signatures are utilized in a forward and permit mode
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Smart grid networking with IP convergenceHydroOne
• IP Network with VPN Hub and Spoke Topology
• IPS protection at all end points• Looking to expand with small form factor
and ruggedized versions of TP IPS for thousands of locations
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Сеть китайских электростанций (Гонконг)
Company Profile• Headquartered in Hong Kong• $9B in revenue• Provides electricity supply to Hong Kong City • Participates in new energy development such as nuclear power, natural gas power, wind power,
solar power, etc. in the greater China region and Australia TippingPoint Deployment• Protects internet traffic, internal traffic between branch offices, partners, and Hong Kong head
office• IPS profiles configured with in-line blocking• SCADA signatures are configured for permit notify as they are concerned about false positives
and critical business up-time
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Unified network security policy
console
CampusLAN
Edge
Core
Remoteoffices andbranches
Tele-‐workers,partners, andcustomers
Virtual machines (VMs)
Сеть электростанций (Гонконг)
Internet
Hong Kong Partners & Branch OfficeChina Partners & Branch Office
• 2 x S330 for internet protection• 2 x 1400N for internal traffic between the
China branch office, China partners and Hong Kong HQ with SCADA filters enabled with permit notify
• 2 x1400N protecting the HK HQ, HK partners and HK branch office
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Company Profile• Provides power to 4 million customers in northern UK• Moves electricity to and from homes and business over the Northern Powergrid network• 2,534 employees
TippingPoint Deployment• 3 x 660N, 2 are protecting corporate Internet connectivity and providing PCI 11.4 compliance, one is
deployed with zero power bypass in front of their industrial controls network• Realized that TippingPoint also provided SCADA protection and deployed in front of their monitor
and control network• Since much industrial control equipment is not regularly patched, TippingPoint Digital Vaccine
provides a Virtual Network Patch for this equipment
Сеть электростанций Великобритании
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Электросеть штата Алабама
Company Profile• Headquartered in Birmingham, Alabama• $5.7B revenue• Alabama Power was founded in 1906 and is one of four U.S utilities operated by Southern
Company, one of the largest producers of electricity in the U.S. • 1.4 million homes, businesses, and industries receive their electricity supply from Alabama
Power
TippingPoint Deployment• Perimeter and SCADA network deployments• DV-powered 660N and 2500N devices• IPS profiles configured with in-line blocking
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Электросеть штата Алабама (Архитектура) Internet
S660N
Scada Network
HMI StationsEng Workstations
Application Server Scada ServerDatabaseServer
Branch Offices
S660N
Communication Router
Remote Station 1RTU/PLC
Remote Station 2RTU/PLC
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Спасибо!
