HP ESP 2013 Solution Roadmap - 敦新科技DAWNING … · · 2013-03-11HP Enterprise Security...
Transcript of HP ESP 2013 Solution Roadmap - 敦新科技DAWNING … · · 2013-03-11HP Enterprise Security...
HP ESP 2013 Solution Roadmap
C. K. Lin (林傳凱) Senior Channel Solution Manager, North Asia [email protected]
March 8, 2013
資安要聞
3
議程
• HP ESP 簡介
• HP ESP 解決方案
• HP ESP 2013 Solution Roadmap
• Q&A
HP ESP 簡介
HP Enterprise Security Products – 1,500 由ArcSight, Fortify, TippingPoint and Atalla 團隊來的資安專家
– 1,500 在HP Enterprise Security Services的資安專家
–唯一的一家資安公司所有的指標性的產品都居於領導者的地位(Gartner’s leaders quadrant)
Magic Quadrant Leadership One Team, One Vision
ATALLA DATA SECURITY
Unparalleled Customer Base Unrivaled Industry Awards
Gartner report 2013: “ArcSight should be on the list of every large
organization building a SOC”
HP ESP 解決方案
Controls Reporting
ApplicationMonitoring
Controls Monitoring
Identity Monitoring
HP ArcSight 解决方案
資料蒐集
日誌整合
事件關聯 HP
ArcSight Express
HP ArcSight Connector
HP ArcSight Logger
HP ArcSight ESM
日誌源
ArcSight 讓電信客戶每天接獲的安全事件通報從 4000 萬降低到只有 45 件重大事件。改善率達百萬倍!
支援 350+ 種資料來源及格式, 業界第一
最高可達 100,000 EPS 的效能
HP Fortify 完整軟體開發生命週期的解决方案
9
HP Fortify SS
Dynamic Test
SecurityScope
HP Fortify SCA
Develop
Static Code Analyzer
HP Fortify RTA
Deploy
Real-Time Analyzer
Coding Integration QA Maintenance Deploy
HP Fortify Software Security Center
Tool Integration Data Integration
Correlation
HP WI
Penetration Test
WebInspect
HP Fortify SCA (静態程式碼分析)
HP WebInspect & Security Scope (動態應用檢測)
HP Fortify RTA (軟體防火牆)
HP Software Security Center(安全管理中心)
方案最完整 性價比最高
TippingPoint 解决方案 IPS Platform Solutions
網路延遲最低,網路埠數業界最多 Security
Intelligence Reputation DB 引領業界風潮
Digital Vaccine
Broadest Coverage • Evergreen Protection
Web App DV and Scanning
Web Scan• Custom Filters • PCI Report
Reputation DV
IP Reputation • DNS Reputation
ThreatLinQ
Real Time Threat Intelligence
Core Controller
20Gbps • 3x10GbE
Security Management System (SMS)
Manage Multiple Units • Central Dashboard
SSL Appliance S 1500S
Transparent SSL Bridging and Off-Loading
Secure Virtualization Framework
vController & vIPS
S 10
20Mbps • 2 Segments
S 110
100Mbps • 4 Segments
S 330
300Mbps • 4 Segments
S 2500N
3Gbps • 11 Segments
S 5100N
5Gbps • 11 Segments
S 6100N
8Gbps • 11 Segments
S 660N
750Mbps • 10 Segments
5200NX
5Gbps • Segments on Demand
S 1400N
1.5Gbps • 10 Segments
7100NX
13Gbps • 10 Segments on Demand
ROBO, Per im eter, Zone iso la t ion , MSPs…
10GE Netw ork s , Core, Data Cen ter, Ser v ice
P rov iders…
Managem en t , Accessor ies ,
Vir tu aliza t ion DVLabs Ser v ices
Atalla 解決方案
Network Security Processor (banking/retail)
• Also Secure Configuration Assistant, Boxcar, premium/custom commands
• ASPs $15-35K/unit, typical customer investment $100K-$1M
• 90% attach rate to NonStop FSI customers, but 60% attached to other hosts
• Competitors: Thales, Futurex, SafeNet
Enterprise Secure Key Manager (all verticals)
• Also Client Licenses for each enrolled encryption device
• ASP $20-25K/unit, typical customer investment $100K-$1M
• 100% attach rate to HP NonStop volume encryption, HP Storage enterprise tape library encryption, HP Storage SAN encryption, HP Cloud Services, HP ES Backup/Restore
• Competitors: RSA, IBM, Thales, SafeNet
HP ESP 2013 Solution Roadmap
什麼是 ESM 6.0c?
ESM 5.x and earlier
Relies on Oracle database technology
• RDBMS like Oracle is not optimized for today’s SIEM requirements
• Complex to Deploy
• Hard to maintain – requires DBAs to maintain it
ESM 6.0c
Embeds our own CORRE technology
• is optimized for today’s SIEM requirements
• Simpler, faster and easier
• Management console makes life much easier – eliminates DBAs.
Our performance-oriented enterprise SIEM solution
ESM 5.x Manager
Oracle Database
ESM 6.0c Manager
CORRE
效能大大超越 5.2
1 1 1
20
3
15
0
5
10
15
20
25
Storage EPS Query
Oracle
CORR
Detect More Incidents Up to 3x the current performance using the same hardware Faster Query up to15x
Address More Data Up to 20x the current capacity for correlated events using the same disk space
Operate More Efficiently Frees up security analyst cycles for proactive monitoring No DBA needed
Fortify 3.80 & WebInspect 10
1. Programming Environments – Visual Studio 2012 & .NET 4.5.
2. Batch Bug Management – Selection Criteria, Grouping Strategy, State Management. (Integrated with Quality Center)
3. Moderate improvements – Search syntax AND and ORs. Speed.
4. Competitive Heads-up
5. WebInspect 10 (Integrated with WAF & TippingPoint)
Nov. 2012 (3.7) -> Feb. 2013 (3.8)
Reputation-based threat intelligence
• What is it?
RepSM actively manages “reputation-based” security policies to detect and prevent communication with “known bad” actors.
• Detect additional threats including peer-to-peer network use and potential spear phishing
• Accumulate and analyze suspicious connections, including internal, over time further
• Integration with HP TippingPoint IPS to automatically block attacks and exfiltration
• Integration with HP ThreatDetector to detect and verify zero day attack and APT spread patterns
HP Reputation Security Monitor (RepSM 1.5)
Database Networks
Servers Apps
HP threat research
Devices
Events
HP SIEM
Reputation Data
Responses
Bad IPs/ DNS names
App
HP ESP 於 RSA Conference 2013 公佈的新產品
1. ArcSIght & Hadoop (處理與保存大量資料的雲端運算平台)
2. ArcSight & Autonomy (HP Big Data 解決方案 – 非結構化)
3. ArcSight & Vertica (HP Big Data 解決方案 – 結構化)
4. ArcSight Express 4.0
5. ArcSight cloud connector
6. ArcSight Reputation Security Monitor 1.5
THANK YOU