HP ESP 2013 Solution Roadmap

C. K. Lin (林傳凱) Senior Channel Solution Manager, North Asia ck.lin@hp.com

March 8, 2013

資安要聞

3

議程

• HP ESP 簡介

• HP ESP 解決方案

• HP ESP 2013 Solution Roadmap

• Q&A

HP ESP 簡介

HP Enterprise Security Products – 1,500 由ArcSight, Fortify, TippingPoint and Atalla 團隊來的資安專家

– 1,500 在HP Enterprise Security Services的資安專家

–唯一的一家資安公司所有的指標性的產品都居於領導者的地位(Gartner’s leaders quadrant)

Magic Quadrant Leadership One Team, One Vision

ATALLA DATA SECURITY

Unparalleled Customer Base Unrivaled Industry Awards

Gartner report 2013: “ArcSight should be on the list of every large

organization building a SOC”

HP ESP 解決方案

Controls Reporting

ApplicationMonitoring

Controls Monitoring

Identity Monitoring

HP ArcSight 解决方案

資料蒐集

日誌整合

事件關聯 HP

ArcSight Express

HP ArcSight Connector

HP ArcSight Logger

HP ArcSight ESM

日誌源

ArcSight 讓電信客戶每天接獲的安全事件通報從 4000 萬降低到只有 45 件重大事件。改善率達百萬倍！

支援 350+ 種資料來源及格式， 業界第一

最高可達 100,000 EPS 的效能

HP Fortify 完整軟體開發生命週期的解决方案

9

HP Fortify SS

Dynamic Test

SecurityScope

HP Fortify SCA

Develop

Static Code Analyzer

HP Fortify RTA

Deploy

Real-Time Analyzer

Coding Integration QA Maintenance Deploy

HP Fortify Software Security Center

Tool Integration Data Integration

Correlation

HP WI

Penetration Test

WebInspect

HP Fortify SCA （静態程式碼分析）

HP WebInspect & Security Scope （動態應用檢測）

HP Fortify RTA （軟體防火牆）

HP Software Security Center（安全管理中心）

方案最完整 性價比最高

TippingPoint 解决方案 IPS Platform Solutions

網路延遲最低，網路埠數業界最多 Security

Intelligence Reputation DB 引領業界風潮

Digital Vaccine

Broadest Coverage • Evergreen Protection

Web App DV and Scanning

Web Scan• Custom Filters • PCI Report

Reputation DV

IP Reputation • DNS Reputation

ThreatLinQ

Real Time Threat Intelligence

Core Controller

20Gbps • 3x10GbE

Security Management System (SMS)

Manage Multiple Units • Central Dashboard

SSL Appliance S 1500S

Transparent SSL Bridging and Off-Loading

Secure Virtualization Framework

vController & vIPS

S 10

20Mbps • 2 Segments

S 110

100Mbps • 4 Segments

S 330

300Mbps • 4 Segments

S 2500N

3Gbps • 11 Segments

S 5100N

5Gbps • 11 Segments

S 6100N

8Gbps • 11 Segments

S 660N

750Mbps • 10 Segments

5200NX

5Gbps • Segments on Demand

S 1400N

1.5Gbps • 10 Segments

7100NX

13Gbps • 10 Segments on Demand

ROBO, Per im eter, Zone iso la t ion , MSPs…

10GE Netw ork s , Core, Data Cen ter, Ser v ice

P rov iders…

Managem en t , Accessor ies ,

Vir tu aliza t ion DVLabs Ser v ices

Atalla 解決方案

Network Security Processor (banking/retail)

• Also Secure Configuration Assistant, Boxcar, premium/custom commands

• ASPs $15-35K/unit, typical customer investment $100K-$1M

• 90% attach rate to NonStop FSI customers, but 60% attached to other hosts

• Competitors: Thales, Futurex, SafeNet

Enterprise Secure Key Manager (all verticals)

• Also Client Licenses for each enrolled encryption device

• ASP $20-25K/unit, typical customer investment $100K-$1M

• 100% attach rate to HP NonStop volume encryption, HP Storage enterprise tape library encryption, HP Storage SAN encryption, HP Cloud Services, HP ES Backup/Restore

• Competitors: RSA, IBM, Thales, SafeNet

HP ESP 2013 Solution Roadmap

什麼是 ESM 6.0c?

ESM 5.x and earlier

Relies on Oracle database technology

• RDBMS like Oracle is not optimized for today’s SIEM requirements

• Complex to Deploy

• Hard to maintain – requires DBAs to maintain it

ESM 6.0c

Embeds our own CORRE technology

• is optimized for today’s SIEM requirements

• Simpler, faster and easier

• Management console makes life much easier – eliminates DBAs.

Our performance-oriented enterprise SIEM solution

ESM 5.x Manager

Oracle Database

ESM 6.0c Manager

CORRE

效能大大超越 5.2

1 1 1

20

3

15

0

5

10

15

20

25

Storage EPS Query

Oracle

CORR

Detect More Incidents Up to 3x the current performance using the same hardware Faster Query up to15x

Address More Data Up to 20x the current capacity for correlated events using the same disk space

Operate More Efficiently Frees up security analyst cycles for proactive monitoring No DBA needed

Fortify 3.80 & WebInspect 10

1. Programming Environments – Visual Studio 2012 & .NET 4.5.

2. Batch Bug Management – Selection Criteria, Grouping Strategy, State Management. (Integrated with Quality Center)

3. Moderate improvements – Search syntax AND and ORs. Speed.

4. Competitive Heads-up

5. WebInspect 10 (Integrated with WAF & TippingPoint)

Nov. 2012 (3.7) -> Feb. 2013 (3.8)

Reputation-based threat intelligence

• What is it?

RepSM actively manages “reputation-based” security policies to detect and prevent communication with “known bad” actors.

• Detect additional threats including peer-to-peer network use and potential spear phishing

• Accumulate and analyze suspicious connections, including internal, over time further

• Integration with HP TippingPoint IPS to automatically block attacks and exfiltration

• Integration with HP ThreatDetector to detect and verify zero day attack and APT spread patterns

HP Reputation Security Monitor (RepSM 1.5)

Database Networks

Servers Apps

HP threat research

Devices

Events

HP SIEM

Reputation Data

Responses

Bad IPs/ DNS names

App

HP ESP 於 RSA Conference 2013 公佈的新產品

1. ArcSIght & Hadoop (處理與保存大量資料的雲端運算平台)

2. ArcSight & Autonomy (HP Big Data 解決方案 – 非結構化)

3. ArcSight & Vertica (HP Big Data 解決方案 – 結構化)

4. ArcSight Express 4.0

5. ArcSight cloud connector

6. ArcSight Reputation Security Monitor 1.5

THANK YOU