Embed Size (px)
Citation preview
ProCurve Networking
ProCurve and Fortinet Unified ThreatManagement Security solution brief
IntroductionInternet traffic is rapidly evolving from simple Web
and e-mail applications to real-time and rich media
applications such as Multimedia Messaging Service
(MMS), Voice over IP (VoIP) and video services. These
new applications and services provide valuable
business benefits as well as create new opportunities
for cyber attacks that can result in a loss of
productivity, confidential information, and revenue.
Next-generation security solutions must have the
flexibility and performance to dynamically protect
against network-level threats and threats contained
within actual content.
As security threats move higher up the OSI stack,
network safeguards must move from basic packet
inspection to complete content protection. Scalable
computing power and network throughput are
required to meet these increased demands. This is
driving the need for purpose-built Unified Threat
Management (UTM) security solutions that utilize
enhanced operating systems capable of providing
complete content-level protection without
compromising network availability.
Point products offering one security service do not
provide adequate protection from blended threats and
attacks that utilize a multitude of attack vectors.
Furthermore, assembling an array of point products is
costly and requires significant expertise to engineer,
maintain, and manage.
The combination of ProCurve Network Immunity
Manager and Fortinet FortiGate multi-threat security
appliances provides a unified network security
architecture that allows customers to improve their
overall internal network security in a cost-effective
way.
ProCurve and FortinetFortinet is a solution partner in the ProCurve Alliance
Partner Program. Solution partners play an important
role in the broader ProCurve family, giving ProCurve
customers choice and flexibility in deciding which
applications to deploy with ProCurve infrastructure
products. ProCurve and Fortinet’s product lines are
complementary and comprehensively meet a
customer’s needs for both network infrastructure and
security.
Completecontent-levelinspection
(Intrusion prevention)
Firewall inspection/VPN
Content level
Pro
cess
ing
pow
er r
equi
red
1990 1995 2000 2005 2007+
Viruses
MMS malware
E-mail spam
Spyware
Phishing/Pharming
Inappropriate Web content
Sophisticated worms
Basic worms
Intrusions
Network eavesdropping
DOS/DDOS
Network levelIPS
The evolution of Detection TechnologyHeader
Network security evolution
File Packet File Across layers
Statefulinspection
Applicationinspection
Deep-packetinspection
Full contentinspection
Activityinspection
Presentation
Application
Session
Transport
Network
Data link
Physical
Contentinspectionlevel
2
ProCurve—leader in LAN networkingProCurve Networking offers a complete portfolio of
network platforms that leverage its ProVision ASIC
family architecture, developed by ProCurve in
collaboration with HP Labs and drawing on more than
25 years of networking innovation and technology
development. The ProVision ASIC family provides
advanced protocols, security capabilities, and
programmability in a highly integrated architecture.
The result is predictable performance and behavior
throughout the network.
ProCurve’s common network management solution is
based on ProCurve Manager Plus, a secure, advanced
Microsoft® Windows®-based network management
tool. It allows administrators to configure, update,
monitor, and troubleshoot ProCurve devices centrally
and efficiently. ProCurve Manager Plus also can be
enhanced with plug-in modules, such as ProCurve
Identity Driven Manager and Network Immunity
Manager, to provide additional mobility, security, and
convergence management capabilities. (A free
downloadable version of basic ProCurve Manager also
is available.)
Fortinet—the Leader in UTM securityFortinet is the pioneer and a market-leading provider
of ASIC-accelerated Unified Threat Management (UTM)
systems, which are used by enterprises and service
providers to increase their security while reducing
total operating costs.
By leveraging a custom ASIC, purpose-built security
operating system and unified management, logging,
and reporting, Fortinet solutions offer advanced
security functionality that scales from remote office to
chassis-based solutions.
Benefits of the ProCurve/Fortinet solution• Visibility into network threat activity
• Improved network availability
• Broad coverage at an affordable price
• Network behavior anomaly detection (NBAD) and
deep packet inspection detection capabilities
• Enhanced current investment in ProCurve switches
• Offender tracking for forensics
• Capability to respond to threats automatically by
controlling attacker’s network access
Comprehensive securitysolutionsThe combination of Fortinet’s FortiGate multi-threat
security appliances and ProCurve Network Immunity
Manager provides a unified network security
architecture that allows customers to cost-effectively
improve their security posture.
Complete Unified Threat Management (UTM)Fortinet FortiOS™ is a security-hardened, purpose-built
operating system that provides a complete suite of
modular UTM security services that power FortiGate
multi-threat network security platforms.
FortiOS leverages the hardware acceleration provided
by FortiASIC™ content and network processors to
provide real-time content inspection and packet
scanning for advanced threat protection. Ongoing
updates from the FortiGuard™ Network help ensure
that security subscription services and the FortiOS
operating system are always up to date.
Hardware Accelerated PerformanceUTM and complete content protection requires massive
amounts of processing power. FortiASIC Content and
Network processors, using Fortinet’s patent-pending
Content Pattern Recognition Language (CPRL), has been
designed to deliver the highest levels of performance
whether providing a single service or an entire suite of
UTM security services. Alternatives that cobble
together various OEM software elements delivered on
traditional server architectures and networking
appliances struggle to deliver the processing power
required in order to avoid impacting overall network
performance.
Integrated management, logging,and reporting
Unified Threat Management (UTM)
Hardware accelerated network/content processing
Traffic shaping
Antispam
Web filtering
Antivirus/Antispyware
IDS/IPS
Firewall
IPsec/SSL VPN Com
plet
e co
nten
t pr
otec
tion
Mul
ti-la
yere
d se
curity
3
FortiASIC processors include unique technology that is
tightly integrated with FortiOS to deliver ultra-high-
performance, flexible scalability and UTM security at a
low total cost of ownership.
Security update services The FortiGuard global network of distribution servers
deliver real-time system software updates and security
updates for antivirus, Web filtering, antispam, and
intrusion prevention (IPS) services.
FortiGuard services are updated by global threat
research teams working around the clock and around
the world to detect and react to the latest threats.
ProCurve Network Immunity ManagerProCurve Network Immunity Manager (NIM) is an
intelligent security management software
application—a plug-in to ProCurve Manager Plus
network management software—that automatically
detects and responds to threats such as virus attacks.
ProCurve Network Immunity Manager is part of the
Defense portion of the ProActive Defense security
strategy. The term “network immunity” refers to the
ability of the network to be resilient in the face of an
attack, similar to how the human body uses its
immune system to thwart a biological virus attack.
Similarly, network immunity is the ability of the
network to detect and respond to internal threats such
as network virus attacks.
ProCurve Network Immunity Manager monitors access
points and switch ports throughout the network for
internal network threats using NBAD analysis and
allows network administrators to set security policies
to both detect and respond to those threats. By
analyzing information from multiple sources such as
third-party security appliances that perform deep
packet inspection and ProCurve network devices,
ProCurve Network Immunity Manager helps provide
protection against zero-day and known virus attacks in
both wired and wireless networks. It also provides
comprehensive reporting to assist enterprises with
their regulatory compliance efforts as part of an overall
network security solution.
Network deployment exampleProCurve Network Immunity Manager is a security
management tool that monitors networks for security
threats using NBAD. It allows administrators to set
security policies for threat detection and dynamic
response at the edge of the network. Network
Immunity Manager can accept security alerts from
Fortinet FortiGate UTM appliances and remotely
mirror suspect traffic identified by its various NBAD
engines to Fortinet FortiGate UTM appliance for deeper
inspection. The following is a high-level overview of
how ProCurve Network Immunity Manager and
Fortinet security solutions are deployed in the network.
FortiGuardAntivirus
Antispyware
FortiOS™operating system
Antiviruswith antispyware
Intrusiondetection/prevention
Webcontentfiltering
Antispam
Firewall VPN
Virtualdomains
FortiGuard subscription services
Trafficshaping
FortiASIC™content processor
FortiGuardWeb
Filtering
FortiGuardIPS
FortiGuardAntispam
FDS CANADA
FDS UNITED STATES
FDS UNITED KINGDOM
FDS CHINA
FDS TAIWAN
FDS JAPAN
FDSSINGAPORE
Servers
Desktop PCs
Mobile usersFortiGuard Network
7
Internet
1
5
6
Switch
HP ProCurveNetwork Immunity Manager
2
3
3
44
© 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change withoutnotice. The only warranties for HP products and services are set forth in the express warranty statementsaccompanying such products and services. Nothing herein should be construed as constituting an additionalwarranty. HP shall not be liable for technical or editorial errors or omissions contained herein.
Microsoft and Windows are U.S. registered trademarks of Microsoft Corporation.
4AA1-9219ENW, April 2008
For more information
To learn more about ProCurve Networking, please visit www.procurve.com
1. Network attack is launched.
2. ProCurve Network Immunity Manager analyzes
traffic and applies security policies.
3. If needed, ProCurve Network Immunity Manager
forwards suspect traffic identified by its NBAD
engines to a Fortinet FortiGate for deeper inspection.
4. Fortinet FortiGate analyzes traffic and, if a threat is
detected, sends a “Security Alert” to ProCurve
Network Immunity Manager, which enforces
appropriate security policy.
5. If a new threat is detected, FortiGate sends
information to FortiGuard Network.
6. Fortinet engineers replicate and characterize threats,
develop an updated signature, and upload it to
FortiGuard Network.
7. The FortiGuard Antivirus Service automatically
pushes an update to the FortiGate security platforms.
SummaryThe combination of ProCurve Network Immunity
Manager and Fortinet’s FortiGate multi-threat security
appliances provides a unified network security
architecture that allows customers to improve their
overall internal network security in a cost-effective
way. Furthermore, Fortinet’s security appliances can
also be used at the WAN perimeter to provide external
network security. All Fortinet security platforms are
capable of providing a complete UTM suite, including
content inspection firewall, IPsec and SSL VPN,
intrusion prevention, Web filtering, antispam,
antivirus, antispyware, IM and peer-to-peer (P2P)
controls and traffic shaping.
ProCurve and Fortinet are continuing to develop the
best security solutions possible to protect your
business. Through our joint collaboration, ProCurve
and Fortinet are providing customers with the highest
level of threat protection and security services at the
lowest total cost of ownership.
More informationMore information on HP ProCurve Network Immunity
Manager and Fortinet UTM security solutions can be
found at the following references.
ProCurve Network Immunity Manager• ProCurve Network Immunity Manager overview
www.hp.com/rnd/products/management/
ProCurve_Network_Immunity_Manager_1.0/
overview.htm
• ProCurve Network Immunity Manager data sheet
www.hp.com/rnd/pdfs/ProCurve_Network_
Immunity_Manager1_0.pdf
• ProCurve Networking by HP reference library
www.hp.com/rnd/library/view_by_product.htm#
Immunity
ProCurve Networking Design Center• www.hp.com/rnd/design_center/index.htm
ProCurve/Fortinet announcements• ProCurve Alliance
www.hp.com/rnd/itmgrnews/procurve_alliance.
htm?jumpid=reg_R1002_USEN
• HP Fortifies Security with ProActive Defense
Solutions
www.hp.com/rnd/news/hp_fortifies_security.htm?
jumpid=reg_R1002_USEN
Fortinet• www.fortinet.com
• www.fortinet.com/products/fortigate_
overview.html
