2 ways to coordinate application, information and network security

by Norm Follet, Director of Solutions Design and Demo Group

 

 

 

Overview.pngAs the cyber threat landscape continues to steadily evolve, enterprise security teams face a growing realization that siloed security tools are no longer adequate to protect their complex IT environments.

Enterprise security is better able to adapt to shifting threats when tools are coordinated across the domains of Information Management Security, Application Security and Network Security.

How does this work in practice? Here is an explanation of how a suite of HP Enterprise Security products—including TippingPoint, ArcSight and Fortify—work in concert to provide a defense in depth solution.

 


To watch the demo, click the image:

video-Glover.png

 



Use Case 1

Slide1.png


As Internet traffic passes through the firewall, events are logged into the ArcSight console, providing visibility into where users are going, and what they are attempting to do.

One enhancement to the ArcSight console is an integration with Reputation Security Monitor (RepSM). RepSM pulls in information from TippingPoint DVLabs, a premier research organization for vulnerability analysis and discovery that allows for preemptive protection for vulnerabilities and zero day issues. The DVLabs list contains all known bad command-and-control (C&C) botnet servers, or suspicious browsing, malware hosts, etc.

The ArcSight console uses this list to create rules and alerts for insecure browsing activity. When an alert is triggered, it generates a packet that goes to Tipping Point Policy Management Server, which causes a policy to be pushed out to IPS sensors that blocks the traffic.

Because it is all fully automated, access to insecure sites is immediately blocked as browsing occurs, providing effective protection against malicious intent or unsuspecting user error.

 


Use Case 2

Slide2.png
In a typical corporate environment, a web farm serves up applications to both internal and external users, and the Tipping Point IPS protects external access. But these applications occasionally have vulnerabilities, like buffer overflow.

Through a combination of Application Security Monitor (AppSM), and Fortify’s Real-TIme Analysis (RTA) component, security teams can see what those applications are doing to backend databases. For example, AppSM looks for connections to SQL servers, and specifically SQL injection attacks, cross-site scripting attacks and anything trying to pull data out of databases.

Another component is WebInspect, which will scan applications on the web servers and look for vulnerabilities. WebInspect and AppSM generate vulnerability reports that are sent to DVLabs, which then pushed out fixes to the IPSs and in essence, virtually patching applications at the IPS layer.

On the backend, AppSM and RTA monitor traffic connections between web servers and the databases. This log information is shared with the ArcSight Console where you can pull reports. ArcSight also generates rules based on that type of attack, which cause policies to be implemented in TippingPoint and RTA.

 


Better together

Slide3.png

Automating coordinated responses across Security Intelligence, Network Security and Application Security tools helps to ensure that an enterprise is able to protect itself in real-time from new cyber threats. Moreover, integration with TippingPoint DVLabs benefits not just the enterprise, but it also helps to identify new threats and share that information with other enterprises around world.

Find out more
Discover how to develop an advanced and comprehensive enterprise security strategy at the HP Enterprise security website.

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
Showing results for 
Search instead for 
Do you mean 
About the Author
This account is for guest bloggers. The blog post will identify the blogger.
Featured


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.