1 / 78

Presenter Date

ProCurve Network Immunity Solution NPI Sales Training Pervasive intelligent threat defense for a highly available network. Presenter Date. Objectives. After completing this training, you should be able to: Identify the market potential for the Network Immunity Solution

coughlin
Download Presentation

Presenter Date

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ProCurve Network Immunity SolutionNPI Sales TrainingPervasive intelligent threat defense for a highly available network Presenter Date

  2. Objectives • After completing this training, you should be able to: • Identify the market potential for the Network Immunity Solution • Describe the Network Immunity Solution • Position this solution within the ProCurve family • Describe the key features and benefits of the Network Immunity Solution • Target potential customers by work environments and needs • Articulate • Customer business benefits • IT benefits • Reseller business benefits • Review the competition • Identify the ProCurve Network Immunity Solution key differentiators • Address customer objections/concerns • Emphasize the ProCurve EDGE ArchitectureTM and value propositions fit

  3. Overview

  4. Security overview • The challenges to secure today's enterprise networks are everywhere: • Hackers • Internet intruders • Eavesdroppers • Forgers • “Traditional” security techniques no longer enough • Threats no longer just from the outside – internal • Recent FBI Survey showed that attacks by worms, viruses, and Trojan horses are so common that 1/5 of the businesses it surveyed had suffered 20 or more incidents related to virus infections • Host of security options – companies must choose which is best for them

  5. What Organizations Need to do Today • Apply access rights and take control over network usage • Eliminate viruses and unwanted network traffic • Turn security intelligence into actionable network operations • Understand and demonstrate regulatory compliance • Deploy easy-to-use security solutions that are standards- based, interoperable and reliable

  6. ProCurve Overview • The ProCurve Network Immunity Solution is an integral part of the ProActive Defense strategy, encompassing a holistic approach to network security. It allows for the continuous protection, detection and response to security threats at the network edge. • This comprehensive vision delivers a trusted network infrastructure, which is controllable for appropriate use, immune to threats, and is able to protect data integrity for all users.

  7. Network Vendors Started with perimeter bolt-on Security Boxes Firewalls IDS/IPS Moving security enforcement in the core Now focused on NAC 802.1X (finally) NAC, NAP Servers What the Others are Doing Centralized Security Controllers Clients Clients Traditional Core Firewall VPN Security Vendors • They have limited deployment options • Host-based software • Overlay Boxes WirelessAccess Points WirelessClients Internet

  8. Integrated Access and Infrastructure Management Access Control Business Policy Validation Forensics WAN LAN Policy Control Statistics Alerts NETWORK IMMUNITY WLAN ProCurve’s Vision - Integration The network contains valuable resources which require many types of access; all of which need to be secure – ProCurve is addressing these need with the ProActive defense strategy which includes: • Access Controlproactively identifies and assesses users and devices connecting to the network • Network Immunityprovides defense by monitoring devices throughout the network and responding to threats • Command from the Centerprovides centralized control for the intelligent edge Uncontrolled Access Authenticated Access COMMAND FROM THE CENTER Trusted Access

  9. Integrated Security and Infrastructure Management Business Policy Validation Forensics GATE 37 Policy Control Statistics Alerts INFRA DEFENSE STRUCTURE Pilot Co-Pilot WAN LAN COMMAND FROM THE CENTER WLAN ACCESS CONTROL ProCurve ProActive Defense Defense • Secure Network Devices • Network ‘Immunity Response’ • Utilizes Policy-Controlled Edge Proactive • Access Control • Adaptive Edge Architecture • Policy-Controlled Intelligent Edge

  10. Before asecuritybreach Prevent/Protect Centralized Management During asecuritybreach Mitigate asecuritybreach Respond Detect ProCurve Security Architecture

  11. MarketLandscape and potential

  12. Market Drivers • Frequency of attacks • Regulatory compliance • Increasing mobile workforce • Limitations of existing firewalls and client anti-virus software

  13. What will Network Immunity solve? ProCurve’s Network Immunity solution will solve internal threat management concerns including: • Limitations in those protections currently available against internalnetwork based attacks • Lack of visibility to threat activity insidethe network • The need for tools to help maximize network uptime • The need for assistance to meet new and changing regulatorycompliance requirements

  14. What is the market potential? • According to a report published by Synergy Research Group, based in Reno, NV, the worldwide network security market increased six percent sequentially and grew ten percent in 2006 compared to 2005, approaching $5 billion • According to an IDC report, vendors of Network Behavior Anomaly Detection (NBAD) and Security Information Management software (dubbed “Firedoor” products) could expect a $122 million dollar market for 2007

  15. So – what is NBAD? • Network Behavior Anomaly Detection (NBAD) is a method to detect viruses or worms based on the network traffic behavior • Network traffic is monitored and a normal network usage profile is built • When the current traffic flow deviates significantly from the established “normal usage” profile an attack alert is created

  16. Network Immunity Manager (NIM) is an NBAD solution • Network Immunity Manager (NIM) has a built-in NBAD engine • Zero-day virus attacks can be effectively detected by NBAD since they do not rely on virus signatures like IDS/IPS appliances do • Typically NBAD systems use traffic flows (sFlow, netFlow, jFlow) or span ports to monitor for anomalous activity in the network • Network Immunity Manager 1.0 uses sFlow

  17. What is the potential for resellers? • ProCurve’s Network Immunity Manager (NIM) • Requires functionality already built in to ProCurve switches -- allowing you to strategically position the previous sale of ProCurve switches or the additional sale of ProCurve’s advanced edge products • Creates opportunities to sell security and/or regulatory compliance services • Engage the customer in high-touch security engagements • Provide more security with less complexity

  18. Products

  19. Network Immunity explained • Network immunity is the ability of the network to detect and respond to internal threats. • Analogy: • Business traveler in airport – continues to be monitored by airport personnel even after securing a ticket and being allowed access to a specific gate • Network Immunity – continues to monitor behavior of users and devices even after they have been granted access to network

  20. Network Immunity Manager (NIM) Solution • Addresses customer needs for a flexible internal threat solution that provides broad coverage with few components with advanced features such as: • Wired and wireless support • Location-based policy setting • Detailed offender tracking reports • ProCurve’s Network Immunity Manager provides an alternative to competing solutions that are expensive, complex and difficult to deploy and support

  21. Solution Components • ProCurve Network Immunity Solution is made up of the combination of the following ProCurve products: • ProCurve Manger Plus 2.2 • ProCurve Network Immunity Manager 1.0 • ProCurve switches from the intelligent switch series Implemented together with third party UTM/IPS/IDS devices such as: • Cisco IPS 4200 series (supported in May 2007) • Fortinet UTM appliances (supported in Jun 2007) • SonicWall Pro Series UTM appliance (supported in Jul 2007)

  22. Solution components The Network Immunity Manager 1.0 is a plug-in to PCM Plus (PCM+) version 2.2 and resides on the same server • Bundled on the PCM+ 2.2 CD, the Network Immunity Manager is enabled with a separately purchased license key • A 30-day Network Immunity Manager 1.0 trial is available at no charge with the purchase of PCM+ 2.2 To take full advantage of all the features of the NI solution switches need to have the following: • sFlow traffic sampling • Virus Throttle attack alerts • Support for remote mirroring and a variety of response options (Block port, MAC lockout, Quarantine VLAN setting, port bandwidth limiting)

  23. What does the ProCurve Network Immunity Manager 1.0 provide? • Internal threat detection • Threat mitigation/response • Reporting

  24. Regulatory compliance assistance • The following is a partial list of ProCurve software management reports planned for availability in Summer 2007 that are recommended to assist with regulatory compliance: • Network Immunity Manager Reports • Security Policy Action Report • Security Events History Report • Security Heat Map Report • Offenders Tracking Report • ProCurve Manager Plus Reports • Device Security History Report • Device Access Security Report • Port Access Security Report • Password Policy Compliance • Current credentials Report • Identity Driven Manager Reports • User Unsuccessful Login Report • User Session History • User MAC address Report • For a full list of reports planned for availability in Summer 2007, please refer to the list of reports @ www.procurve.com/security

  25. NIM solution in action • The Network Immunity Manager solution can be activated in three (3) usage models: • Broad coverage / standalone • NIM1.0 + PCM2.2 – no IDS/IPS appliances used • Leverage IDS appliance throughout the network • NIM1.0 + PCM2.2 + IDS appliance in monitor mode • Deploy IPS in-line • NIM1.0 + PCM2.2 + IPS applianceon switch uplinks

  26. Network Immunity ManagerUsage model #1 -- Broad coverage Virus Detection Methods • Duplicate IP • IP spoofing • IP fan out • Packet size deviation used • Protocol anomalies • TCP/UDP Fan out • ProCurve Manager Plus 2.2 • Network Immunity Manager • NBAD/sFlow based virus alert sFlow samples Virus Throttling alert Per port response, Reconfiguration of switch Virus Response Methods • Quarantine VLAN • Offender MAC lockout • Offender port shutdown • Offender port rate limiting • Offender port mirroring for deeper analysis • Enable sflow at the offender port • Email notification Network switches

  27. Network Immunity Manager with IDS/UTM ApplianceUsage model #2 -- Leverage IDS across the network Virus Detection Methods • Duplicate IP • IP spoofing • IP fan out • Packet size deviation used • Protocol anomalies • TCP/UDP Fan out • ProCurve Manager Plus 2.2 • Network Immunity Manager • NBAD/sFlow based virus alert sFlow samples Virus Throttling alert IDS alert IDS/UTM Per port response, Reconfiguration of switch Suspect Traffic Virus Response Methods • Quarantine VLAN • Offender MAC lockout • Offender Port shutdown • Offender Port rate limiting • Offender Port Mirroring for deeper analysis • Enable sflow at the offender port • Email notification Network switches

  28. Network Immunity Manager with IDS/UTM ApplianceUse Model #3, deploy IPS appliances inline Detection Analysis • Duplicate IP • IP spoofing • IP fan out • DNS tunneling • Packet size deviation used • Protocol anomalies • TCP/UDP Fan out • ProCurve Manager • Network Immunity Manager IPS alert IPS/UTM Per port response, Reconfiguration of switch Virus Response Methods • Quarantine VLAN • Offender MAC lockout • Offender port Shutdown • Offender port rate limiting • Offender port mirroring for deeper analysis • Enable sflow at the offender port • Email notification Network switches HP Confidential – Under NDA Only

  29. Usage Model Summary • Broad coverage • ProCurve Network Immunity Manager can standalone and detect viruses • Fewest components and lowest cost of 3 modes • Leverage IDS appliance throughout the network • This use model provides virus signature file matching for high confidence detection of known viruses and the name of the virus • Broad coverage with few components and moderate cost • Deploy IPS in-line • The ProCurve Network Immunity Manager can accept virus attack alerts from select 3rd party inline IDS/IPS/UTM appliances and provide many response options and offender tracking information • Focused coverage with many components and higher cost

  30. Product positioning within ProCurve family • Network Immunity Manager is an application that unlocks the power of ProCurve intelligent switch series to provide enhanced internal threat protection • Customers can leverage their investment in PCM+ 2.2 and ProCurve switches that support advanced technology like sFlow, Virus Throttle and remote mirroring by adding the Network Immunity Manager Solution

  31. Just 5300!

  32. Features & benefits

  33. Features & benefits

  34. Target Customers

  35. Target customers • Target customers for the Network Immunity Solution will be large enough to invest in intelligent network management and want/need: • an internal threat detection and response solution • per port security against internal threats • network intelligence that automatically acts to control outbreaks • a solution for zero-day attacks • These customers typically have some mechanism to control virus propagation for known threats but have limited staff and to monitor and contain malicious outbreaks • They either cannot afford or are investment conscious enough not to want to purchase an IDS/IPS appliance for every switch uplink, but need similar or better functionality

  36. Vertical markets • Education • K-12 • Higher Education • Public Sector • Government • Corporate (campus) • Retail (branch offices) • Healthcare • Financial

  37. Benefits for K-12 and Higher Ed • Virus/threat protection • NBAD support is key in an uncontrolled environment • Multiple action triggers protect against a variety of threats • Third-party integration for deeper packet inspection • Security for uncontrolled homogenous client environment • Clientless network-based detection • Protects the network when admin has little or no control over client hardware • Resource economy • Tools automate reaction to threats • Quick, clear view of threatened areas

  38. Benefits for Commercial market • Virus/threat protection • Multiple alert triggers and actions protect against a variety of threats • Ensures maximum uptime for critical systems – directly effects profit • Protects intellectual property from external and internal hacking • Resource economy • Tools automate reaction to threats • Automatic roll-back once threat is addressed • Quick, clear view of threatened areas • Customizable reports for regulatory compliance

  39. Benefits for Healthcare • Virus/threat protection • Network-based anomaly detection requires no client integration – important for doctors who serve more than one site • Protects both wired and mobile users – increasingly important in healthcare environments • Resource economy • Tools automate reaction to threats • Automatic roll-back once threat is addressed • Quick, clear view of threatened areas • Customizable reports for patient security and regulatory compliance

  40. Benefits for Financial Companies • Virus/threat protection • Ensures maximum uptime for critical systems – directly effects profit • Multiple alert triggers and actions protect against a variety of threats • Extra layer of protection for customer property and funds are from external and internal hacking • Resource economy and speed of response • Tools automate reaction to threats • Automatic roll-back once threat is addressed • Customizable reports for regulatory compliance

  41. What to ask Your Customers

  42. Protection in the LAN • Question to customer • What steps have you taken to protect yourself from security threats occurring inside the LAN? • Issues customer may face • Traditionally, LANs are unprotected and customers have no idea what is on them • Wireless LANs may have some protection, but often separate from wired LANs • Most protection (firewall, IDS/IPS) has been deployed at the WAN perimeter and does not secure the internal LAN • Lead to ProCurve solution • ProCurve’s ProActive Defense strategy is to enforce security policies as close to the connected user as possible • The Network Immunity Manager effectively enhances every wired and wireless LAN edge port to become part of a distributed IDS/IPS • Through the most advanced ProCurve edge devices and the Network Immunity Manager you can maximize the return on investment from your existing WAN perimeter security

  43. Making Security Easier • Question to customer • How confident are you with your network security today? • Issues customer may face • A lot of expense has been put into systems with overwhelming complexity and difficulty in measuring ROI • Competitors often require expensive network upgrades in order to implement their security system • Traditional security devices are known for generating ‘false positives’ and having limited zero-day protection • Lead to ProCurve solution • ProCurve’s ProActive Defense leverages the existing network infrastructure and can be deployed without requiring significant network upgrades • Combining the anomaly based Virus Throttle and sFlow technology with signature based IDS/IPS technology, the Network Immunity Manager and ProVision based Edge switches minimize false positives and protect against zero-day attacks

  44. Assistance with Regulatory Compliance • Question to customer • How are you addressing the need to demonstrate control of your IT infrastructure for audits and regulatory compliance? • Issues customer may face • An increasing number of business compliance regulations from both government agencies and supply chain partners are pressuring customers to be able to demonstrate compliance • Forensic and audit information comes from many sources and is complex and expensive to correlate • Many customers have no idea who is on there network doing what and have no visibility to network based security incidents • Lead to ProCurve solution • NIM and IDM pull information together from PCM Plus 2.2 to generate pre-defined reports helpful to demonstrate compliance • The PCM database of network resources and events is stored in a standard open database can be mined for more in-depth reporting • NIM and IDM provide visibility and logging of security incidents and who is on the network, where and when

  45. ProCurve Network Immunity SolutionDeployment Scenarios

  46. NI Manager Internet NI Solution Deployment Data Center IDS Alerts Enable sFlow Virus Throttling Alerts Employee Cubicles Third party security device Remote Monitoring Conference Rooms Visitor Lobby Traffic Flows (sFlow) Attack Alerts Mirrored Traffic NI Threat Mitigation

  47. Third party security device Internet NI Manager NI Solution in Wireless Environment Data Center Enable sFlow Employee Cubicles ProCurve Wireless Edge Module Wireless IDS Conference Rooms With wireless access Conference Room With wireless access Visitor Lobby Traffic Flows (sFlow) Wireless Traffic NI Threat Mitigation

  48. NI Manager Third party security device Internet NI Solution Deployment – IDM Interoperability Data Center IDM Employee Cubicles Conference Rooms Visitor Lobby IDM Access Control NI Internal Threat Defense

  49. Business benefitsCustomer IT Reseller

  50. ProCurve Network Immunity Solution meets customer business needs ProCurve Network Immunity Solution • Detects and respond automatically to protect the network from internal threats, ensuring maximum uptime Maximum Availability • Create policies to assist with network control and reporting to comply with new regulations • Threat detection and action reports can be used to satisfy network auditing requirements Regulatory Compliance • Makes use of functionality already built into ProCurve Intelligent switches allowing customers to use their existing architecture without having to retool completely Investment Protection • Eliminate the need to purchase multiple, expensive, hard to manage IDS/IPS/UTM products. When NI Manger is used in combination with a single IDS/IPS/UTM product, each network switch port acts as a network security sensor Cost Effective

More Related