Presentation is loading. Please wait.

Presentation is loading. Please wait.

ProCurve Network Immunity Solution NPI Sales Training Pervasive intelligent threat defense for a highly available network Presenter Date.

Published byAmy Anthony Modified over 6 years ago

Similar presentations

Presentation on theme: "ProCurve Network Immunity Solution NPI Sales Training Pervasive intelligent threat defense for a highly available network Presenter Date."— Presentation transcript:

1 ProCurve Network Immunity Solution NPI Sales Training Pervasive intelligent threat defense for a highly available network Presenter Date

2 Objectives After completing this training, you should be able to:
Identify the market potential for the Network Immunity Solution Describe the Network Immunity Solution Position this solution within the ProCurve family Describe the key features and benefits of the Network Immunity Solution Target potential customers by work environments and needs Articulate Customer business benefits IT benefits Reseller business benefits Review the competition Identify the ProCurve Network Immunity Solution key differentiators Address customer objections/concerns Emphasize the ProCurve EDGE ArchitectureTM and value propositions fit

3 Overview

4 Security overview The challenges to secure today's enterprise networks are everywhere: Hackers Internet intruders Eavesdroppers Forgers “Traditional” security techniques no longer enough Threats no longer just from the outside – internal Recent FBI Survey showed that attacks by worms, viruses, and Trojan horses are so common that 1/5 of the businesses it surveyed had suffered 20 or more incidents related to virus infections Host of security options – companies must choose which is best for them Today’s network security policies have been [historically] aimed, for the most part, at authenticating the identity of users of the network. These policies have included adding access control lists on network edge devices such as routers and firewalls and using data encryption on virtual private network or VPN connections. However, with threats continuing to evolve and challenge these “traditional” security measures, more extensive techniques have been put into place to secure the network, such as Intrusion Detection Systems, Security Information Management, Security Event Management and Unified Threat Management solutions. Even as these systems are designed to detect, report and mitigate threats by monitoring behavior and examining data, networks continue to remain vulnerable to new and more complicated attacks.

5 What Organizations Need to do Today
Apply access rights and take control over network usage Eliminate viruses and unwanted network traffic Turn security intelligence into actionable network operations Understand and demonstrate regulatory compliance Deploy easy-to-use security solutions that are standards- based, interoperable and reliable Security management involves managing risks and practicing an appropriate standard of care We recommend that customer’s deploy the following layers of security: Access Control Virus detection and response solutions to protect against both internal and external threats Deploy network security solutions that can automatically respond to threats Perform a security assessment and deploy the right level of security to meet needs that are easy to deploy, standards-based, interoperable and reliable. Security can be expensive and hard to deploy, customers have many choices in the market place, a proper assessment can ensure the best possible solution.

6 ProCurve Overview The ProCurve Network Immunity Solution is an integral part of the ProActive Defense strategy, encompassing a holistic approach to network security. It allows for the continuous protection, detection and response to security threats at the network edge. This comprehensive vision delivers a trusted network infrastructure, which is controllable for appropriate use, immune to threats, and is able to protect data integrity for all users. Obviously, the process of securing the network is complex and perhaps the most difficult challenge facing IT departments in today's environment. So how can these threats be dealt with yet still allow users access to freely use network resources? ProCurve Networking believes the answer to that question is to recognize that network security is an ongoing process and not just a point product and that there is a need to address these threats proactively. To meet the challenge, ProCurve has created a holistic, all encompassing security strategy called ProActive Defense.

7 What the Others are Doing
Servers Network Vendors Started with perimeter bolt-on Security Boxes Firewalls IDS/IPS Moving security enforcement in the core Now focused on NAC 802.1X (finally) NAC, NAP Centralized Security Controllers Clients Clients Traditional Core Firewall VPN Not coordinated between Security and Network vendor approaches. Needs to be communication between the solutions (like in ProActive Defense) ISS has a new message regarding the future of network security management – they describe the move from “Lean Forward” management to “Lean Back”. They acknowledge that network management is more lean back and security today is lean forward. They see the inevitable integration of the two as helping security management become “Lean Back” Embedded point – you don’t have to pay extra for the ‘bolt-on’ capabilities with ProCurve. Use that money for other projects. Net-Net on this slide: Network vendors have had a piecemeal approach and are starting to now recognize the need for a better approach Security vendors have had to address the market with overlay because they don’t have network equipment nor access to that market. This is the perfect set-up for what ProActive Defense is and how it is different. Just focusing on the outside of a network is not sufficient because: not all end-points are controlled and have an agent – hard to deploy once on the network, bad things can still happen or happen after they connect many edge scenarios are not easily supported today – multi-clients on shared media, multiple apps on a client Prior to this current rave, the focus was on the perimeter and protecting against the external threats using firewalls, etc. Didn’t help with internal threats Expensive and management difficulties Many network players are putting their enforcement on core switch/router blades – like putting the security guard in the middle of the building. Security vendors have to overlay their solutions without the network’s involvement. Creates a management problem and doesn’t take advantage of the networks inherent capabilities. Security Vendors They have limited deployment options Host-based software Overlay Boxes Wireless Access Points Wireless Clients Internet

8 ProCurve’s Vision - Integration
The network contains valuable resources which require many types of access; all of which need to be secure – ProCurve is addressing these need with the ProActive defense strategy which includes: Integrated Access and Infrastructure Management Policy Control Statistics Alerts Business Validation Forensics Access Control proactively identifies and assesses users and devices connecting to the network Network Immunity provides defense by monitoring devices throughout the network and responding to threats Command from the Center provides centralized control for the intelligent edge Access Control Uncontrolled Access LAN WAN WLAN ProCurve Networking addresses today’s mounting security issues with its “ProActive Defense” approach to network security, allowing for the continuous protection, detection and response to security threats at the network edge. This comprehensive vision delivers a trusted network infrastructure, which is controllable for appropriate use, immune to threats, and is able to protect data integrity for all users. There are three main components to the ProActive Defense strategy – Access Control, Network Immunity and a Secure Infrastructure. Having both ProActive and Defense technologies integrated has the benefits of: - Combining multiple approaches to address the blended threat – which is more the risk today – not a point attack anymore - Having access to more data within the integrated system provides a greater opportunity to convert that intelligence into actionable items. This slide demonstrates how we integrate the proactive controls (access control) with defense controls (threat management) right into the edge of the network. It also demonstrates the importance of network management applications as the console for the automated process described above. In all cases, we use the Policy Controlled Intelligent Edge as the enforcement point for security policy. We want to do this as close to the end-user (source of attack) as possible. ProActive Dynamically configuring the edge based upon access control is a fundamental tenant and has been the consistent strategy of the Adaptive Edge Architecture. Access control must be ‘comprehensive’ because there is no true way to guarantee a homogenous environment of clients connecting to the network. Some will be managed, some will not. There will be guests, contractors, etc. The edge must supplement the access controls for un-trusted and uncontrolled clients accessing the network. Defense Embedded threat management in all edge devices; LAN, WAN, WLAN. The vision is to have capabilities like Virus Throttle at every edge point. The LAN, WAN, WLAN devices form a trusted infrastructure by being trustworthy themselves. They are solid, reliable and secure. Capable of forming the trusted infrastructure through authentication (e.g. device-to-device 802.1X) and eventually encryption. NETWORK IMMUNITY Authenticated Access COMMAND FROM THE CENTER Trusted Access

9 ProCurve ProActive Defense
Policy Control Statistics Alerts Business Validation Forensics Integrated Security and Infrastructure Management Proactive Access Control Adaptive Edge Architecture Policy-Controlled Intelligent Edge Defense Secure Network Devices Network ‘Immunity Response’ Utilizes Policy-Controlled Edge ACCESS CONTROL DEFENSE INFRA STRUCTURE COMMAND FROM THE CENTER LAN WAN WLAN GATE 37 Pilot Co-Pilot ProActive piece of strategy is about preventing problems proactively by providing an access control solution Adaptive Edge Architecture adapts to users and provides the appropriate level of access based on the user IDM solution provides the appropriate level of access based on policies set for user type, time of access, and location of access Defense piece of strategy is about securing the network infrastructure This is done by controlling who can configure switches and providing switch device authentication It is also done by making the network immune to threats by monitoring network activity to detect and respond to threats It may help to compare the ProActive Defense strategy to the experiences of a business traveler in an airport: Access control Checking the business traveler’s identify is analogous to user authentication X-raying of the business traveler is analogous to scanning a user’s PC for machine compliance (endpoint integrity checking to verify the user has the latest software operating system patches and latest anti-virus software) Giving the business traveler access to the appropriate part of the airport such as a particular terminal or gate is like providing the user access to only the part of the network which they are authorized to access Monitoring the network Business traveler behavior is continually monitored throughout the airport by security personnel and likewise on the network, users and devices are monitored for attacks, devices are authenticated to prevent unauthorized extension of the network, and secure management protocols are used to prevent unauthorized changes to switch configurations Any “offenders” – business traveler or users of the network alike – are dealt with by stopping their inappropriate behavior (i.e. in the case of the network, some of these would be MAC lockout, Quarantine VLAN, Limit bandwidth, Port lockout)

10 ProCurve Security Architecture
Prevent/ Protect Before a security breach During a security breach Mitigate a security breach Centralized Management Detect Respond The ProCurve security architecture is designed to prevent and protect the network before a security breach, detect attacks during a security breach and respond to a security breach when if happens. The ProCurve security architecture is designed with management tools that allow centralized management or “command from the center” of the network edge devices, allowing for more efficient use of IT resources.

11 Market Landscape and potential

12 Market Drivers Frequency of attacks Regulatory compliance
Increasing mobile workforce Limitations of existing firewalls and client anti-virus software While there are several security solutions available in the market today – from hardware appliances (firewalls, IDS/IPS and UTM appliances) to software-based NBAD (Network-Based Anomaly Detection) solutions – it is increasingly more apparent that network administrators need to adopt an all-encompassing approach to network security – point solutions are not enough. Market drivers to adopt a more holistic approach to security are: Frequency of attacks While a 2006 FBI survey indicated that overall security had improved and actual number of incidents were down since 2005, there are still a large number of attacks occurring. Regulatory compliance Due to legislation, many companies are being forced to prove to auditors that they are in control of their IT infrastructure and this is driving them to purchase network security solutions which offer specific reporting options built to track network attacks and the responses to them. Increasing mobile workforce Mobile workers continue to increase as laptops outsell desktop systems year-over-year. A mobile user is more apt to pick up a virus outside of the office and then unintentionally bring it in to the internal network where the virus can spread. Limitations of existing firewalls and client anti-virus software Firewalls and client anti-virus software can filter out many threats before they reach the inside of the network but they do not block all threats and without additional layers of security the network is still at risk. Firewalls are generally perimeter based – meaning they protect networks from outside, known threats. Client anti-virus software, while it does protect the network from internal threats, is reliant upon a list of known viruses that must be updated on a regular basis (and can be quick to become “outdated”).

13 What will Network Immunity solve?
ProCurve’s Network Immunity solution will solve internal threat management concerns including: Limitations in those protections currently available against internal network based attacks Lack of visibility to threat activity inside the network The need for tools to help maximize network uptime The need for assistance to meet new and changing regulatory compliance requirements Current solutions available are expensive and complex so customers haven’t deployed them Many customers have limited or no internal threat protection solutions Many customers are blind to internal threat activity inside the network Customers need tools to maximize network uptime An attack can cripple a network and take many hours to debug and resolve Customers need to prove to regulatory compliance auditors that they have IT controls in place to secure the network

14 What is the market potential?
According to a report published by Synergy Research Group, based in Reno, NV, the worldwide network security market increased six percent sequentially and grew ten percent in 2006 compared to 2005, approaching $5 billion According to an IDC report, vendors of Network Behavior Anomaly Detection (NBAD) and Security Information Management software (dubbed “Firedoor” products) could expect a $122 million dollar market for 2007 It is generally well-known that “security” is a hot topic and of growing concern amongst IT administrators across the range of vertical industries. No longer is one organization more concerned than another. At the same time, the number of different “security solutions” has increased. For those individuals selling security products and/or services – the market is RIPE. The total security market is, by one report, close to $5 “billion” dollars! Having any type of security offering is bound to get the attention of your customers and is not a hard sell. And for those individuals selling ProCurve products – the new Network Immunity solution is considered an NBAD solution which offers a comprehensive yet flexible solution that should certainly open doors to the estimated $122M NBAD market for you!

15 So – what is NBAD? Network Behavior Anomaly Detection (NBAD) is a method to detect viruses or worms based on the network traffic behavior Network traffic is monitored and a normal network usage profile is built When the current traffic flow deviates significantly from the established “normal usage” profile an attack alert is created So what exactly is this $122M “NBAD” market? First it is important to understand what NBAD products actually do. NBAD solutions do not use virus signature file matching like IDS/IPS appliances, they detect viruses or worms based on traffic behavior.

16 Network Immunity Manager (NIM) is an NBAD solution
Network Immunity Manager (NIM) has a built-in NBAD engine Zero-day virus attacks can be effectively detected by NBAD since they do not rely on virus signatures like IDS/IPS appliances do Typically NBAD systems use traffic flows (sFlow, netFlow, jFlow) or span ports to monitor for anomalous activity in the network Network Immunity Manager 1.0 uses sFlow Lancope, Arbor, Mazu and InMon are vendors who have NBAD products, many of their solutions are expensive and targeted towards enterprise customers and also cannot provide the rich set of response options that the Network Immunity Manager can provide.

17 What is the potential for resellers?
ProCurve’s Network Immunity Manager (NIM) Requires functionality already built in to ProCurve switches -- allowing you to strategically position the previous sale of ProCurve switches or the additional sale of ProCurve’s advanced edge products Creates opportunities to sell security and/or regulatory compliance services Engage the customer in high-touch security engagements Provide more security with less complexity

18 Products

19 Network Immunity explained
Network immunity is the ability of the network to detect and respond to internal threats. Analogy: Business traveler in airport – continues to be monitored by airport personnel even after securing a ticket and being allowed access to a specific gate Network Immunity – continues to monitor behavior of users and devices even after they have been granted access to network Returning to the analogy of a business traveler in the airport (slide 9) we can look at how network immunity functions by comparing it to the continued security applied to a business traveler who has already secured a ticket to board an airplane. In the case of this hypothetical traveler, he cannot just walk onto the airplane. Once he has gained access to his flight’s specific terminal or gate, he continues to be monitored by airport security personnel. The same sort of effort also applies to the Network Immunity Manager component of the ProCurve ProActive Defense strategy. Network Immunity Manager continues to monitor the behavior of the users and devices that have been granted access to the network and takes corrective action where necessary.

20 Network Immunity Manager (NIM) Solution
Addresses customer needs for a flexible internal threat solution that provides broad coverage with few components with advanced features such as: Wired and wireless support Location-based policy setting Detailed offender tracking reports ProCurve’s Network Immunity Manager provides an alternative to competing solutions that are expensive, complex and difficult to deploy and support

21 Solution Components ProCurve Network Immunity Solution is made up of the combination of the following ProCurve products: ProCurve Manger Plus 2.2 ProCurve Network Immunity Manager 1.0 ProCurve switches from the intelligent switch series Implemented together with third party UTM/IPS/IDS devices such as: Cisco IPS 4200 series (supported in May 2007) Fortinet UTM appliances (supported in Jun 2007) SonicWall Pro Series UTM appliance (supported in Jul 2007) The third party or “competitive” security appliances were chosen due to their market share and price, initially we want to support some low-end and high-end appliances with large installed bases.

22 Solution components The Network Immunity Manager 1.0 is a plug-in to PCM Plus (PCM+) version 2.2 and resides on the same server Bundled on the PCM+ 2.2 CD, the Network Immunity Manager is enabled with a separately purchased license key A 30-day Network Immunity Manager 1.0 trial is available at no charge with the purchase of PCM+ 2.2 To take full advantage of all the features of the NI solution switches need to have the following: sFlow traffic sampling Virus Throttle attack alerts Support for remote mirroring and a variety of response options (Block port, MAC lockout, Quarantine VLAN setting, port bandwidth limiting) The Network Immunity Manager is a plug-in to PCM Plus version 2.2 and resides on the same server. The NI solution requires switches that can provide attack alerts and sFlow (or XRMON) traffic and that can support the different response options and remote mirroring – in order to take full advantage of the complete solution.

23 What does the ProCurve Network Immunity Manager 1.0 provide?
Internal threat detection Threat mitigation/response Reporting Internal threat detection The Network Immunity Manager is a plug-in to PCM+ that is used to set security policy settings and monitor the network for internal threats such as virus attacks. It detects viruses by performing NBAD (Network Behavior Anomaly Detection) on sampled sFlow traffic and it accepts virus detection alerts from switches running Virus Throttle software, and from IDS/IPS/UTM security appliances. In this environment, each switch port becomes a security sensor that’s monitored for internal threats. By adding the Network Immunity Manager, customers can leverage their investment in PCM, and their ProCurve switches that support advanced technologies like sFlow, Virus Throttle and remote mirroring to unlock the power of these features providing advanced internal threat protection. Threat mitigation/response Network Immunity Manager can provide visibility into network threat activity and if desired can provide a fast automated response to network anomalies by taking action on the source port where the attack originated. Network Immunity Manager also detects zero day attacks (first attacks by a new virus) and known viruses, and protects against threats from inside the network such as an employee bringing an infected laptop in to work. Reporting Offender tracking reports can provide the MAC and IP address of the offender, with IDM installed additional information such as the user’s name can be reported for forensics. Produces security policy reports that can assist customers with regulatory compliance.

24 Regulatory compliance assistance
The following is a partial list of ProCurve software management reports planned for availability in Summer 2007 that are recommended to assist with regulatory compliance: Network Immunity Manager Reports Security Policy Action Report Security Events History Report Security Heat Map Report Offenders Tracking Report ProCurve Manager Plus Reports Device Security History Report Device Access Security Report Port Access Security Report Password Policy Compliance Current credentials Report Identity Driven Manager Reports User Unsuccessful Login Report User Session History User MAC address Report For a full list of reports planned for availability in Summer 2007, please refer to the list of On the previous slide we mentioned that NIM can provide reports that can aid customers in regulatory compliance. The addition of these new NIM reports further assist customers to demonstrate control of their network to auditors. It is important to note that “regulatory compliance” covers a broad area and that while these ProCurve products provide extensive reporting, ProCurve itself does not guarantee compliance.

25 NIM solution in action The Network Immunity Manager solution can be activated in three (3) usage models: Broad coverage / standalone NIM1.0 + PCM2.2 – no IDS/IPS appliances used Leverage IDS appliance throughout the network NIM1.0 + PCM2.2 + IDS appliance in monitor mode Deploy IPS in-line NIM1.0 + PCM2.2 + IPS appliance on switch uplinks Broad coverage -- NIM1.0 + PCM2.2 – no IDS/IPS appliances used Uses sFlow sampling and virus throttle alerts from the switches to kick-off security policies created PCM Automation Manager Leverage IDS appliance throughout the network -- NIM1.0 + PCM2.2 + IDS appliance in monitor mode Uses sFlow sampling and virus throttle alerts from anywhere in the network to initiate traffic mirroring and inspect the suspect traffic with the IDS appliance Deploy IPS in-line -- NIM1.0 + PCM2.2 + IPS appliance on switch uplinks The IPS appliance sits between the switches and NIM and PCM inspecting traffic as it goes by. The IPS appliance can take action independent of NIM or PCM and also alert NIM and PCM as to what has taken place for additional actions to be made by NIM and PCM

26 Network Immunity Manager Usage model #1 -- Broad coverage
Virus Detection Methods Duplicate IP IP spoofing IP fan out Packet size deviation used Protocol anomalies TCP/UDP Fan out ProCurve Manager Plus 2.2 Network Immunity Manager NBAD/sFlow based virus alert sFlow samples Virus Throttling alert Per port response, Reconfiguration of switch The Network Immunity (NI) Manager is a plug in to PCM+ 2.2 and resides on the server Virus detection The ProCurve switches send sampled traffic using sFlow technology to the NI Manager which runs NBAD (Network Behavior Anomaly Detection) on the data to detect virus attacks The NI Manager can also accept virus alerts from switches running Virus Throttle Response The Network Immunity Manager can respond to a virus attack by reconfiguring the switch to take the actions listed on the slide on the source port of the attack Virus Response Methods Quarantine VLAN Offender MAC lockout Offender port shutdown Offender port rate limiting Offender port mirroring for deeper analysis Enable sflow at the offender port notification Network switches

27 Network Immunity Manager with IDS/UTM Appliance Usage model #2 -- Leverage IDS across the network
Virus Detection Methods Duplicate IP IP spoofing IP fan out Packet size deviation used Protocol anomalies TCP/UDP Fan out ProCurve Manager Plus 2.2 Network Immunity Manager sFlow samples NBAD/sFlow based virus alert Virus Throttling alert IDS alert IDS/UTM Per port response, Reconfiguration of switch Suspect Traffic The Network Immunity (NI) Manager is a plug in to PCM+ 2.2 and is on a server Virus detection The ProCurve switches send sampled traffic using sFlow technology to the NI Manager which runs NBAD (Network Behavior Anomaly Detection) on the data to detect virus attacks The NI Manager can also accept virus alerts from switches running Virus Throttle Response The Network Immunity Manager can respond to a virus attack by reconfiguring the switch to take the actions listed on the slide on the source port of the attack The NBAD software detects viruses but it does not detect the virus using virus signature file matching like and IDS/IPS security appliance An IDS/IPS virus signature file match provides a high confidence a known virus is present and it provides the name of known viruses while NBAD software provides broad coverage and detection of zero day attacks (new viruses) If a virus signature file match is desired for known viruses, a customer has the option to have the NI Manager configure the switch to remotely mirror suspect traffic as identified by the NBAD software to an IDS/IPS/UTM security appliance that can perform a virus signature file match and then generate a virus alert to the NI Manager that will then respond (the security appliance must be in IDS mode and be connected to a ProCurve switch that supports remote mirroring) A IDS/IPS appliance is in IDS (intrusion detection system) mode if it is just monitoring traffic that’s mirrored to it to detect viruses, it’s in IPS (intrusion prevention system) mode if it’s inline as a bump in the wire to detect viruses and then block traffic to prevent the spread of the virus. Virus Response Methods Quarantine VLAN Offender MAC lockout Offender Port shutdown Offender Port rate limiting Offender Port Mirroring for deeper analysis Enable sflow at the offender port notification Network switches

28 HP Confidential – Under NDA Only
Network Immunity Manager with IDS/UTM Appliance Use Model #3, deploy IPS appliances inline Detection Analysis Duplicate IP IP spoofing IP fan out DNS tunneling Packet size deviation used Protocol anomalies TCP/UDP Fan out ProCurve Manager Network Immunity Manager IPS alert IPS/UTM Per port response, Reconfiguration of switch Virus Response Methods Quarantine VLAN Offender MAC lockout Offender port Shutdown Offender port rate limiting Offender port mirroring for deeper analysis Enable sflow at the offender port notification The Network Immunity (NI) Manager is a plug in to PCM and is on a server Virus detection The inline IPS sends and alert to NI Response The Network Immunity Manager can respond to a virus attack by reconfiguring the switch to take the actions listed on the slide on the source port of the attack Network switches HP Confidential – Under NDA Only

29 Usage Model Summary Broad coverage
ProCurve Network Immunity Manager can standalone and detect viruses Fewest components and lowest cost of 3 modes Leverage IDS appliance throughout the network This use model provides virus signature file matching for high confidence detection of known viruses and the name of the virus Broad coverage with few components and moderate cost Deploy IPS in-line The ProCurve Network Immunity Manager can accept virus attack alerts from select 3rd party inline IDS/IPS/UTM appliances and provide many response options and offender tracking information Focused coverage with many components and higher cost The Network Immunity Solution provides the IT administrator with flexibility and choice: Network Immunity Manager can be used by itself The administrator can choose to take no automated action and just benefit by gaining visibility into threats inside the network or he/she can choose from a rich set of response options Network Immunity Manager can be used with an IDS/IPS/UTM appliance in IDS monitoring mode to accept remotely mirrored suspect traffic for virus signature file matching if this is desired Network Immunity Manager can take alerts from IDS/IPS/UTM appliances in inline mode It is expensive to deploy an inline IDS/IPS/UTM appliance to monitor just the traffic flowing through it Customer may even want to deploy two appliances inline to protect key assets like a data center The appropriate use model can be deployed based on the IT administrator’s security coverage objectives

30 Product positioning within ProCurve family
Network Immunity Manager is an application that unlocks the power of ProCurve intelligent switch series to provide enhanced internal threat protection Customers can leverage their investment in PCM+ 2.2 and ProCurve switches that support advanced technology like sFlow, Virus Throttle and remote mirroring by adding the Network Immunity Manager Solution The ProCurve Network Immunity Manager offers ProCurve customers a new level of internal network threat detection and response. This product accepts threat alerts such as virus attack alerts from the Virus Throttle software in select ProCurve switches and also runs Network Behavior Anomaly Detection (NBAD) on sFlow data from select ProCurve switches as another means of generating internal network threat alerts. The product can then provide a response to the port where the source of the threat originated such as blocking the MAC address of the user.

31 Just 5300!

32 Features & benefits Feature Benefit Total network security visibility
Monitor’s network traffic for both wired and wireless – ease of management Multiple detection methods Not dependent on one technology for network security, uses appropriate detection methods for specific problems – increased security and flexibility Network Behavior Anomaly Detection (NBAD) Detects Zero-day viruses and attacks – reduce network vulnerability Offender Tracking Identify and track network activity of offending users – regulatory compliance, ease of troubleshooting Leverage Remote Port-Mirror Cover the entire network with a few IDS systems – cost and resource savings Third-Party Integration Take attack mitigation action based on third-party IDS/IPS/UTM events – leverage current investments Threat defense at the edge of the network Discover and mitigate threats at the individual port where they originate, turns all ports into mini-IPS systems – reduced vulnerability Context sensitive attack response Customize threat mitigation actions based on location and time of day – flexible security Multiple responses to one threat Can configure a chain of actions, if first action fails to correct the problem, next action is attempted – reduced vulnerability

33 Features & benefits Feature Benefit Security Policy management
Use Automation Manager to configure policies based on multiple criteria - granular management policies Event Collection and Suppression Collect alerts from multiple locations, take one action to address a flood of alerts – more efficient use network resources Security Dashboard Keep track of threats detected, actions taken and offender details in real-time – regulatory compliance White List Define known systems/equipment that are exempt from monitoring, reduce false positives - more efficient use of IT resources Configuration Cleanup Auto-rollback of automated configurations once the threat is neutralized - more efficient use of IT resources Audit Logging Track configuration changes and threat responses using PCM - regulatory compliance Wireless threat protection Attack response can be based on attacker’s MAC address, providing protection from non-wired clients – reduced vulnerability Security Heat Map Pinpoint security violations visually – ease of troubleshooting Data Mining/Custom Reports Create security reports based on multiple criteria and levels of detail - regulatory compliance

34 Target Customers

35 Target customers Target customers for the Network Immunity Solution will be large enough to invest in intelligent network management and want/need: an internal threat detection and response solution per port security against internal threats network intelligence that automatically acts to control outbreaks a solution for zero-day attacks These customers typically have some mechanism to control virus propagation for known threats but have limited staff and to monitor and contain malicious outbreaks They either cannot afford or are investment conscious enough not to want to purchase an IDS/IPS appliance for every switch uplink, but need similar or better functionality

36 Vertical markets Education Public Sector Government Corporate (campus)
Higher Education Public Sector Government Corporate (campus) Retail (branch offices) Healthcare Financial

37 Benefits for K-12 and Higher Ed
Virus/threat protection NBAD support is key in an uncontrolled environment Multiple action triggers protect against a variety of threats Third-party integration for deeper packet inspection Security for uncontrolled homogenous client environment Clientless network-based detection Protects the network when admin has little or no control over client hardware Resource economy Tools automate reaction to threats Quick, clear view of threatened areas Education Customers – .

38 Benefits for Commercial market
Virus/threat protection Multiple alert triggers and actions protect against a variety of threats Ensures maximum uptime for critical systems – directly effects profit Protects intellectual property from external and internal hacking Resource economy Tools automate reaction to threats Automatic roll-back once threat is addressed Quick, clear view of threatened areas Customizable reports for regulatory compliance

39 Benefits for Healthcare
Virus/threat protection Network-based anomaly detection requires no client integration – important for doctors who serve more than one site Protects both wired and mobile users – increasingly important in healthcare environments Resource economy Tools automate reaction to threats Automatic roll-back once threat is addressed Quick, clear view of threatened areas Customizable reports for patient security and regulatory compliance

40 Benefits for Financial Companies
Virus/threat protection Ensures maximum uptime for critical systems – directly effects profit Multiple alert triggers and actions protect against a variety of threats Extra layer of protection for customer property and funds are from external and internal hacking Resource economy and speed of response Tools automate reaction to threats Automatic roll-back once threat is addressed Customizable reports for regulatory compliance

41 What to ask Your Customers

42 Protection in the LAN Question to customer Issues customer may face
What steps have you taken to protect yourself from security threats occurring inside the LAN? Issues customer may face Traditionally, LANs are unprotected and customers have no idea what is on them Wireless LANs may have some protection, but often separate from wired LANs Most protection (firewall, IDS/IPS) has been deployed at the WAN perimeter and does not secure the internal LAN Lead to ProCurve solution ProCurve’s ProActive Defense strategy is to enforce security policies as close to the connected user as possible The Network Immunity Manager effectively enhances every wired and wireless LAN edge port to become part of a distributed IDS/IPS Through the most advanced ProCurve edge devices and the Network Immunity Manager you can maximize the return on investment from your existing WAN perimeter security Question to customer: What are you doing to protect yourself from security threats occurring inside the LAN? Issues customers may face To make LANs easy to manage, they have been historically deployed open, unsecured and plug-and-play. With the proliferation of laptops, guests, contractors and non-PC network devices, network managers have no idea what is connected to the LAN and where it has been. These ‘uncontrolled’ end-points may likely carry viruses or other malware that can put the entire network at risk. In addition these ‘uncontrolled’ end-points are hard to work into an access control system where their integrity might be validated before access is granted. However, they still need network connectivity without having to call the help-desk every time they enter the building and get work done. Because of the inherent insecurities in wireless networking, enterprise deployments of wireless LANs brought attention to securing this part of the network. The pre-existing wired LAN, however, was or is often considered physically secure and nothing was considered or implemented for this part of the network. To truly increase productivity, wired and wireless networking should be seamless and consistently managed. Some of the techniques used to secure the wireless LAN are not applicable to the existing wired LAN either because the Ethernet switches don’t support the necessary features or the security technique does not support Ethernet performance levels. 98% of enterprises have a firewall at the WAN perimeter and a significant number of them also use an IDS/IPS at the WAN perimeter. Both firewalls and IDS/IPS devices are inline devices that both detect security incidents and perform enforcement to mitigate them (e.g. drop packets). For them to work all traffic must flow through them. Since these devices typically sit at the WAN perimeter, only traffic going in and out of the WAN will be checked. Traffic flowing between internally LAN connected devices is not processed by these security devices so viruses may propagate and bring down critical internal services and systems.

43 Making Security Easier
Question to customer How confident are you with your network security today? Issues customer may face A lot of expense has been put into systems with overwhelming complexity and difficulty in measuring ROI Competitors often require expensive network upgrades in order to implement their security system Traditional security devices are known for generating ‘false positives’ and having limited zero-day protection Lead to ProCurve solution ProCurve’s ProActive Defense leverages the existing network infrastructure and can be deployed without requiring significant network upgrades Combining the anomaly based Virus Throttle and sFlow technology with signature based IDS/IPS technology, the Network Immunity Manager and ProVision based Edge switches minimize false positives and protect against zero-day attacks

44 Assistance with Regulatory Compliance
Question to customer How are you addressing the need to demonstrate control of your IT infrastructure for audits and regulatory compliance? Issues customer may face An increasing number of business compliance regulations from both government agencies and supply chain partners are pressuring customers to be able to demonstrate compliance Forensic and audit information comes from many sources and is complex and expensive to correlate Many customers have no idea who is on there network doing what and have no visibility to network based security incidents Lead to ProCurve solution NIM and IDM pull information together from PCM Plus 2.2 to generate pre-defined reports helpful to demonstrate compliance The PCM database of network resources and events is stored in a standard open database can be mined for more in-depth reporting NIM and IDM provide visibility and logging of security incidents and who is on the network, where and when

45 ProCurve Network Immunity Solution Deployment Scenarios

46 NI Solution Deployment
NI Manager Internet Data Center IDS Alerts Enable sFlow Virus Throttling Alerts Employee Cubicles Third party security device Remote Monitoring The primary goal of the Network Immunity Manager 1.0 is to provide internal threat protection but it can take IPS alerts from appliances at the peripheral of the network. In this deployment example, traffic is monitored by enabling sFlow within the network. When suspicious activity is detected, third-party security devices and switches with virus throttle capabilities send alerts to ProCurve Network Immunity manager which then will take a specific action based on a pre-configured policy. In this example, the policy includes an action that configures remote monitoring, where a copy of the suspect traffic is forwarded to the IDS system for more in-depth analysis, such as virus signature matching (NOTE: In order to do this, the switches between the monitoring switch and the IDS MUST have jumbo frames configured). Based on all this input, Network Immunity Manager, through ProCurve Manager Plus will take some corrective or mitigating action at the specific port or ports where the threat originated. Conference Rooms Visitor Lobby Traffic Flows (sFlow) Attack Alerts Mirrored Traffic NI Threat Mitigation

47 NI Solution in Wireless Environment
Internet Third party security device NI Manager Data Center Enable sFlow Employee Cubicles ProCurve Wireless Edge Module Wireless IDS The NI Manager can work in wireless environments as well. sFlow data is taken from the wired switch higher in the topology than the radio port controlled by the 5300xl WESM. NI Manager performs NBAD on the sFlow data from the switch. If an attack is detected, the NI Manager, through the 5300xl WESM, configures a MAC lockout of the offending system. (Support for the 5400 WESM is under development and is planned for support in July 2007.) Conference Rooms With wireless access Conference Room With wireless access Visitor Lobby Traffic Flows (sFlow) Wireless Traffic NI Threat Mitigation

48 NI Solution Deployment – IDM Interoperability
NI Manager Internet Third party security device Data Center IDM Employee Cubicles ProCurve Network Immunity Manager can be used together with IDM. In this example, IDM is providing access control to the network, and ProCurve NI Manager is providing the ongoing monitoring of behavior within the network after access is granted. Conference Rooms Visitor Lobby IDM Access Control NI Internal Threat Defense

49 Business benefits Customer IT Reseller

50 ProCurve Network Immunity Solution meets customer business needs
Detects and respond automatically to protect the network from internal threats, ensuring maximum uptime Maximum Availability Create policies to assist with network control and reporting to comply with new regulations Threat detection and action reports can be used to satisfy network auditing requirements Regulatory Compliance = Makes use of functionality already built into ProCurve Intelligent switches allowing customers to use their existing architecture without having to retool completely Investment Protection Eliminate the need to purchase multiple, expensive, hard to manage IDS/IPS/UTM products. When NI Manger is used in combination with a single IDS/IPS/UTM product, each network switch port acts as a network security sensor Cost Effective

51 ProCurve Network Immunity Solution meets customer IT needs
Internal Threat Detection Detects both zero-day attacks and known viruses inside the network by performing NBAD (Network Behavior Anomaly Detection) analysis on sampled traffic using sFlow technology built-in the switch Accepts virus attack alerts from Virus Throttle software running at L2 or L3 inside the 3500/5400/6200 switches Proactive Threat Management = Provides a rich set of automated responses to internal attacks including: assignment of a Quarantine VLAN, MAC Lockout of the offender, port shutdown or rate limit and notification to the administrator Displays the offending user’s MAC Address, IP address, DNS name which can be used to identify the port where the attack originated If IDM is installed, the Username and network access details will be available as well Offender Tracking

52 ProCurve Network Immunity Solution reseller business benefits
Initial implementation of the NIM requires expertise that customers may lack -- qualified resellers will be able to generate revenue and build trust with successful implementations Implementation Consulting Services In order to implement all of the valuable features of this solution, customers must have switches equipped with the powerful ProVision ASIC (5400, 3500, 6200). This represents an opportunity for resellers to upgrade existing ProCurve customers or to replace competitors with a ProCurve-centric solution New Switch Sales Assessing customers networks and providing them with the tools for the detailed planning and record keeping required for regulatory compliance = revenue opportunity for qualified resellers Compliance Consulting

53 Competition

54 Competitor’s Solutions
Network Vendors Lots of expensive IPS appliances Detection at the core switch, not monitoring the edge Lack of scalable solutions Security Vendors Limited per port response options Network vendors such as Cisco and 3Com have IDS/IPS and UTM security appliances that are bolted on to the network. They have core switch security blades used to protect against external threats, however they reside at the core of the network - it’s like having a security guard at the middle of a building instead of at the door of the building. If these same blades are used for internal threat protection, they are not as effective as they are being used to perform a function for which they were not originally built, and it adds more work at the core of the network. Neither network vendors nor security appliance vendors provide scalable solutions. Many security appliances are required to achieve broad coverage. The security appliance vendors provide limited response options when compared to a network vendor.

55 The ProCurve Network Immunity Solution is Unique
Scalable solution unlike currently available solutions PCM+ offers tiered levels Compatibility with UTM/IDS appliances for advanced-level of virus detection Zero day attack detection unlike Anti-virus software Virus signature file matching and full behavioral anomaly detection unlike firewalls Broad coverage with few components unlike inline IPS strategy Detection and response at the distribution layer and edge layer unlike most competitor’s solutions Many response options unlike security vendors The NI manager is scalable It can be used standalone without a security appliance and it can provide broad coverage at an affordable price It can use used with a security appliance so the appliance can be leveraged across the entire network The NI Manager can accept virus alerts from security appliances that are in both IDS mode and IPS mode The NBAD capability in the NI manager is effective against zero-day attacks (attacks from new previously unknown viruses) Firewalls just block certain types of traffic flows and do not provide NBAD or IDS capabilities IPS appliances only cover the traffic flowing through them, they do not provide broad coverage of the network like NI and it’s expensive to deploy a lot of appliances to get broad coverage Network vendors core switch security blades don’t provide internal threat protection, their IDS/IPS appliance do not detect viruses at the edge switch directly like NI using sFlow/NBAD and the security vendors have limited response options

56 Competition Cisco Systems Inc. – Cisco Security Monitoring, Analysis and Response System (MARS) Lancope Security Watch Management Console and Xe/NC appliances 3Com/TippingPoint All three of these competitors are attempting to provide security from internal threats. They all take information from the network and try to respond to it in a way that mitigates the effect of threats to the network. Cisco’s MARS solution is a software suite that takes security information from a multitude of Cisco and 3rd party devices and correlates it in order to provide appropriate network response to perceived threats. Lancope (as well as others such as Arbor, Mazu and InMon) is a vendor who has an NBAD product, the most comparable to the Network Immunity Manager solution. While it is similar to the NIM solution it cannot provide the rich set of response options that the Network Immunity Manager can provide. 3Com/TippingPoint is an Intrusion Prevention System (IPS) or inline solution – a device that must be physically inserted onto the network in order to provide the threat protection (which is provided via software in the aforementioned and NIM solutions).

57 Cisco Security MARS ProCurve Differentiators
ProCurve Network Immunity Manager detects and responds to wireless threats leveraging sFlow traffic from wireless services devices The ProCurve Network Immunity Manager has a rich set of virus attack response and offender tracking capabilities Gotchas Cisco Security MARS supports a wider array of third-party devices (nearly 40) Cisco Security MARS has more pre-defined reports than Network Immunity Manager to assist with regulatory compliance ProCurve Differentiators The ProCurve Network Immunity Manager detects and responds to wireless virus attacks Unlike Cisco MARS, the ProCurve Network Immunity Manager can respond to wireless virus attacks by taking actions such as blocking the MAC address of the offender. The ProCurve Network Immunity Manager has a rich set of virus attack response and offender tracking capabilities. Cisco MARS can only take action at the Cisco IOS IPS device level, unlike the ProCurve Network Immunity Manager that can provide a response at the port level - even on an individual port Cisco MARS does not have the ability to use location as a variable to customize a response to a virus – theirs is a “one size fits all” response – meanwhile ProCurve allows customization based on location and time, giving more options and flexibility when responding to attacks. Cisco MARS does not have the offender tracking capabilities of ProCurve Network Immunity Manager, making it more difficult to troubleshoot the offending parties Gotchas Cisco Security MARS supports a wider array of third-party devices (nearly 40) Despite the sheer number of third-part devices MARS supports, it cannot use a single IDS appliance to automatically cover the entire network like the Network Immunity Solution can Cisco Security MARS has more pre-defined reports than Network Immunity Manager to assist with regulatory compliance ProCurve has designed the pre-defined reports that are the most crucial for maintaining regulatory compliance and more will be forthcoming in future releases

58 Lancope Stealthwatch System
ProCurve Differentiators ProCurve Network Immunity Manager provides location-based policy enforcement unlike Lancope Stealthwatch Policy can be set for threat detection and response options for all ports grouped by physical or logical location (for example “the finance department”) ProCurve Network Immunity Manager can remotely mirror suspect traffic to a 3rd party security appliance for virus signature analysis unlike Lancope Stealthwatch Gotchas The ProCurve Network Immunity Manager does not perform deep Packet Inspection (Layer 4-7) The ProCurve Network Immunity Manager does not perform Peer-to-Peer activity monitoring The ProCurve Network Immunity Manager cannot deploy an ACL in response to a virus attack ProCurve Differentiators The ProCurve Network Immunity Solution has detection and response capabilities that Lancope's Stealthwatch appliances cannot provide NIM can perform location based policy enforcement so one policy can be set for virus response options for all ports grouped by location, Lancope's Stealthwatch solution cannot NIM includes wireless virus detection and response support, Lancope's Stealthwatch solution does not The Network Immunity Solution includes the collection of virus attack alerts from select third party IDS/IPS/UTM devices, Lancope's Stealthwatch is a proprietary solution Gotchas The ProCurve Network Immunity Manager does not perform deep Packet Inspection (Layer 4-7) It can, however respond to alerts from third-party IDS/IPS/UTM devices that can perform deeper inspection of packets The ProCurve Network Immunity Manager does not perform Peer-to-Peer activity monitoring The ProCurve Network Immunity Manager can not deploy an ACL in response to a virus attack

59 3Com/TippingPoint Security Management System
ProCurve Differentiators The ProCurve Network Immunity Manager has a richer set of virus response options than the Tipping Point Security Management System Gotchas TippingPoint has an established security reputation ProCurve Differentiators The ProCurve Network Immunity Manager has a richer set of virus response options than the TippingPoint Security Management System TippingPoint can only respond to a virus attacks by quarantining PC's on a VLAN or by bandwidth limiting types of traffic that are impacting network availability TippingPoint cannot perform an offender MAC address block, or offender port block like the ProCurve Network Immunity Manager The TippingPoint Security Management System cannot perform an offender port bandwidth limitation like the ProCurve Network Immunity Manager Gotchas TippingPoint has an established security reputation However, TippingPoint can only be used within a 3Com infrastructure Customers are looking not only for the most secure infrastructure, but also the most reliable ProCurve has held the #2 position in the networking market since 2003 based primarily upon its ability to deliver a reliable network infrastructure

60 Key Differentiators

61 Top Differentiators Network Immunity Solution (Defense)
Through a software plug-in to ProCurve Manager Plus 2.2, the Network Immunity Manager effectively enhances every wired and wireless LAN edge port to become part of a pervasive managed distributed IDS/IPS Cost effective way to deploy traditional security Non-intrusive consideration for those having trouble implementing NAC Providing location-based policy setting Supplies more security with less complexity HP / ProCurve industry leading warranty and support

62 Warranty and support No-cost lifetime phone support
90-day media warranty Lifetime free phone support is a unique value to our ProCurve customers A 90 media warranty is standard in the industry

63 Addressing customer questions, concerns or objections

64 Customer questions/concerns/objections and ProCurve responses
Question/concern/objection: The ProCurve Network Immunity Manager does not include the virus signature file matching capability of an IDS/IPS/UTM appliance and therefore can not provide 100% confidence in detecting known viruses. Answer: The ProCurve Network Immunity Manager has the ability to remotely mirror traffic it has identified as suspect from select ProCurve switches to a single IDS/IPS/UTM appliance to obtain a virus signature file match for known viruses. This gives the ability to detect known viruses and reduces the number of IDS/IPS/UTM appliances required.

65 Customer questions/concerns/objections and ProCurve responses
Question/concern/objection: The ProCurve Network Immunity Manager only supports ProCurve devices. Answer: ProCurve Network Immunity Manager can be used in a multi-vendor environment. If a virus originates on a non-ProCurve switch, it will be detected using sFlow data from a ProCurve switch, as long as the sFlow capable ProCurve switch resides between the offending switch and Network Immunity Manager. Ways to address potential objections:

66 Customer questions/concerns/objections and ProCurve responses
Question/concern/objection: Security solutions to protect against external threats are too expensive and too complex to deploy in mid-size businesses. Answer: The ProCurve Network Immunity Manager can simplify the deployment of internal threat protection by providing affordable coverage with fewer components. The Network Immunity Manager uses security traffic monitoring technologies such as Virus Throttle and sFlow that are built into the switch you already own. If virus signature file matching of known viruses is desired, your ProCurve switches can be configured by the Network Immunity Manager to remotely mirror suspect traffic to an IDS/IPS/UTM appliance for deeper inspection and a virus signature file match thus leveraging one IDS/IPS/UTM appliance across the network. In other words, this solution can actually leverage a lot of the hardware you already own. Note: This is assuming the customer has ProVision based switches (5400, 3500 and 6200) in place.

67 Customer questions/concerns/objections and ProCurve responses
Question/concern/objection: The fast, automated per-port response that ProCurve Network Immunity Manager provides is too aggressive. Answer: Some customers are comfortable taking aggressive action when threats are detected such as blocking ports or locking out an offender’s MAC address. ProCurve Network Immunity Manager provides visibility into internal network threat activity allowing the network administrator to set response policies. The administrator has the option to take no action, or to put the user on a quarantine VLAN, limit bandwidth to the offender’s port or take aggressive actions such as blocking the port or locking out the MAC address of the offender entirely. Note: This is assuming the customer has ProVision based switches (5400, 3500 and 6200) in place.

68 Customer questions/concerns/objections and ProCurve responses
Question/concern/objection: ProCurve Network Immunity Manager has limited 3rd party IDS/IPS/UTM appliance vendor support Answer: Generally speaking this statement is true. At first release the ProCurve Network Immunity Manager will support three industry leading IDS/IPS and UTM 3rd party vendors. The NIM is a valuable tool and the release was not delayed to accommodate additional 3rd party support at introduction. Additional 3rd party support is planned for future releases. Note: This is assuming the customer has ProVision based switches (5400, 3500 and 6200) in place.

69 Customer questions/concerns/objections and ProCurve responses
Question/concern/objection: How does the Network Immunity Manager compare with IDS/IPS solutions? Answer: An IDS/IPS strategy involves deploying multiple IDS/IPS appliances at strategic points in the network. Good coverage with an IDS/IPS strategy is expensive. NIM has the flexibility of looking at bad traffic at all levels of the network topology using security traffic monitoring features embedded in ProCurve switches such as sFlow, Virus Throttle and remote mirroring. If desired, suspect traffic can be remotely mirrored to an IDS/IPS appliance, thus leveraging the appliance across the network and alerts can be accepted from inline IPS appliances. Note: This is assuming the customer has ProVision based switches (5400, 3500 and 6200) in place.

70 ProCurve Value Proposition and Adaptive EDGE ArchitectureTM fit

71 Continuing to deliver ProCurve value
Affordable technology ProCurve Network Immunity Manager can be implemented in several different ways, providing broad coverage with minimum capital expenditure on monitoring hardware Reduced complexity The initial set up of Network Immunity Manager is very straight forward and connecting it to a third-party IDS/IPS/UTM is easily accomplished, making the Network Immunity Solution one of the most easily implemented internal network security solutions in the industry Trusted ProCurve Network Immunity Manager combines with advanced ProCurve switches and other infrastructure devices to ensure the security of a customer’s internal network Reliable The Network Immunity Solution takes advantage of the advanced features already built into ProCurve intelligent edge switches. These switches have proven reliability and used in combination with Network Immunity Manager, provide a highly effective shield against internal network threats Choice & flexibility The Network Immunity Solution gives customers the choice of several different IDS/IPS/UTM products to access for high-confidence virus signature matching, giving the customer the opportunity to choose the one that works best for them

72 Continuing to deliver on the ProCurve Adaptive EDGE Architecture™
Command from the center/control to the edge The ProCurve Network Immunity Solution may be the best example yet of the Command from the Center/Control to the Edge paradigm of the Adaptive EDGE Architecture. It takes input from ProCurve Intelligent EDGE switches correlates it to known NBAD cues and enforces security polices on the effected switches right at the port level Security The ProCurve Network Immunity Solution allows customers to take fuller advantage of the abilities of ProCurve Intelligent Edge switches and the ProVision ASIC, leveraging their advanced monitoring and response capabilities to provide protection from numerous types of internal threats

73 Summary In this training, you have learned how to:
Identify the market potential for this solutions Describe the Network Immunity Solution Position the Network Immunity Solution within the ProCurve family Describe the key features and benefits of the Network Immunity Solution Target potential customers by work environments and needs Articulate Customer business benefits IT benefits Reseller business benefits Review the competition Identify the ProCurve Network Immunity Solutions key differentiators Address customer objections/concerns Emphasize the ProCurve EDGE ArchitectureTM and value propositions fit

74 Additional Resources

75 Internal ProCurve resources
For training: ProCurve Sales Resource Center For Collateral: ProCurve Intranet Security resources available: Network Security Sales primer Network Immunity Solution Sales Guide Network Immunity Solution White Paper Network Immunity Solution data sheet Network Immunity Technical brief Regulatory Compliance paper Network Immunity Solution technical training

76 External ProCurve Resources
To access all the most up to date white papers, datasheets and training information, please visit: For specific information on Procurve security solutions, please visit: Add any specific white paper titles to this slide when available.

77 The ProCurve Networking Adaptive EDGE ArchitectureTM makes your future applications possible

78

Download ppt "ProCurve Network Immunity Solution NPI Sales Training Pervasive intelligent threat defense for a highly available network Presenter Date."

Similar presentations

Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
The State of Security Management By Jim Reavis January 2003.

The State of Security Management By Jim Reavis January 2003.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Data Centers and IP PBXs LAN Structures Private Clouds IP PBX Architecture IP PBX Hosting.

Data Centers and IP PBXs LAN Structures Private Clouds IP PBX Architecture IP PBX Hosting.
Network security policy: best practices

Network security policy: best practices
Wireless Network Security. Access Networks Core Networks The Current Internet: Connectivity and Processing Transit Net Private Peering NAP Public Peering.

Wireless Network Security. Access Networks Core Networks The Current Internet: Connectivity and Processing Transit Net Private Peering NAP Public Peering.
CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,

CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Confidential 1 MAP Value Proposition.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Confidential 1 MAP Value Proposition.
1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now.

1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now.
1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.

1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.
Net Optics Confidential and Proprietary Net Optics appTap Intelligent Access and Monitoring Architecture Solutions.

Net Optics Confidential and Proprietary Net Optics appTap Intelligent Access and Monitoring Architecture Solutions.
Dell Connected Security Solutions Simplify & unify.

Dell Connected Security Solutions Simplify & unify.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
1 CISCO SAFE: VALIDATED SECURITY REFERENCE ARCHITECTURE What It Is Business Transformation Top Questions To Ask To Initiate The Sale Where It Fits KEY.

1 CISCO SAFE: VALIDATED SECURITY REFERENCE ARCHITECTURE What It Is Business Transformation Top Questions To Ask To Initiate The Sale Where It Fits KEY.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.

Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
1 © 2001, Cisco Systems, Inc. All rights reserved. Cisco Info Center for Security Monitoring.

1 © 2001, Cisco Systems, Inc. All rights reserved. Cisco Info Center for Security Monitoring.
Chapter 5: Implementing Intrusion Prevention

Chapter 5: Implementing Intrusion Prevention
Switch Features Most enterprise-capable switches have a number of features that make the switch attractive for large organizations. The following is a.

Switch Features Most enterprise-capable switches have a number of features that make the switch attractive for large organizations. The following is a.

Similar presentations

Ads by Google