HP TippingPoint ATA Network and HP TippingPoint ATA Mail
One of the most pressing security issues today is Extended Persistent Threats (APT). Traditional solutions to protect networks are not always able to prevent an invasion in time and eliminate its results. HP TippingPoint Advanced Threat Appliance products will effectively neutralize the attack at the very beginning.
Targeted attacks use various methods, such as infecting mobile devices, malicious delayed-action software, hidden workloads, and other ways to penetrate familiar security solutions. Detect threat allows the simultaneous use of multiple scanning methods. HP TippingPoint Advanced Threat Appliance (ATA) uses unique software developed by the Hewlett-Packard and Trend Micro consortium to help find malware that is not immediately active. A secure test environment is used to identify advanced threats. When any suspicious object enters the network, the detection technology checks its operation in a test virtual machine, monitors for suspicious behavior and reports this. Quickly react and localize the source of the threat, preventing the spread of viruses and neutralizing the attack at the initial point of infection will help coordinate with the tools TippingPoint Next-Generation IPS and NGFW.
')
The HP TippingPoint ATA family includes two solutions — HP TippingPoint ATA Network — for networks and HP TippingPoint ATA Mail — for mail. The network security product detects APT threats by monitoring a wide range of ports and protocols across a wide range of operating systems. Pochtar works with the mail gateway to detect and block malicious emails, including phishing emails, which are often the initial stage of targeted attacks. It forms an additional “layer” of verification to detect malicious content, attachments, and URLs that pass unnoticed through standard email security tools.
On guard network
As already mentioned, to protect HP TippingPoint ATA networks, they use a customizable test environment — an isolated sandbox fully compliant with the customer’s network configuration. Emulation of the system allows you to identify threats and promptly and react to them accordingly. Since ATP threats use a wide range of network penetration methods, HP TippingPoint ATA uses various detection algorithms, special tracking functions, and correlation rules to identify all the characteristics of a threat associated with malware. The system monitors all ports and more than 80 protocols to detect attacks anywhere on the network. In addition, the detection of threats occurs regardless of the operating system of the devices, whether it is Android, Linux, Mac OS X, Windows or any other OS.
Of course, identifying a threat is only half the battle. The second half - the implementation of actions to neutralize it. The integration of TippingPoint ATA with the HP TippingPoint Security Management System (SMS) provides rapid awareness of the severity of the threat by assessing the impact on user data, geographic location, and reputation of the source based on ThreatLinQ databases, bringing all the information into a single console. This allows you to create new rules for blocking existing and potential attacks by coordinating them with HP TippingPoint NGFW and IPS tools to respond to threats using the HP TippingPoint Threat Digital Vaccine (ThreatDV) service.
The principle of protection itself is quite simple. TippingPoint ATA creates a test environment with virtual machines repeating typical configurations of user computers within the company. In the event of penetration of malicious software, it “detonates” on the ATA device inside one of the virtual machines by infecting “patient-zero”. Also, inside the sandbox, the time is compressed 10-100 times until a faster response is obtained and an infected object is detected. After the threat is detected, the ATA device sends the event information to the HP TippingPoint SMS security management system. In turn, SMS updates security policies and blocks the threat, infected hosts and the source of the invasion itself.
1) Malware detonates on an ATA device, infecting patient-zero
2) ATA sends event to TippingPoint SMS
3) SMS updates policies, blocking threat, infected hosts and intrusion source
In terms of numbers
The HP TippingPoint ATA line was developed in close collaboration with Trend Micro, the leader in advanced persistent threats. In the Breach Detection Tests tests for 2014, NSS Labs, a well-known independent laboratory, showed the industry’s highest detection rate of 99.1% with zero false positives. In addition, the lowest total cost of ownership was noted - 25% lower than the average for all tested products.
Mail under control
HP TippingPoint ATA for mail allows you to detect and neutralize threats that can penetrate the network through the mail gateway. The solution tracks email attachments using various detection engines and a test environment. The range of attachments being analyzed includes Windows executables, Microsoft Office, PDF, web content and compressed files. Specialized detection tools allow you to identify malicious programs and exploits in ordinary office documents.
In addition to attachments, URLs are also analyzed in emails. As tools for this, reputation of sources, analysis of the content of the pages and, traditionally, a sandbox are used. In addition, the system unlocks password-protected files and archives using heuristics and the provided keywords.
HP TippingPoint ATA line
| ATA - Network 250 | ATA - Network 500 | ATA - Network 1000 | ATA - Network 4000 | ATA - Mail 6000 | |
| Performance | 250 Mbps | 500 Mbps | 1 Gbps | 4 Gbps | 400,000 letters / day |
| Form factor | 1U, 48.26 cm (19 ') | 2U, 48.26 cm (19 ') | 1U, 48.26 cm (19 ') | ||
| Weight (max.) | 16.78 kg | 23.6 kg | 16.78 kg | ||
| Dimensions | 43.47x69.85x4.32 cm | 44,55x67,94x8,73 cm | 43.47x69.85x4.32 cm | ||
| Ports | 10/100 / 1000BASE-T RJ45x4 | 10/100 / 1000BASE-T RJ45x4, 10GbE SFP + x2 | 10/100 / 1000BASE-T RJ45x4 | ||
| Input voltage | From 100 to 120 V, from 200 to 240 V | ||||
| Input current | 2.78 A (100 V) to 1.15 A (240 V) | From 4.58 A (100 V) to 1.88 A (240 V) | 2.78 A (100 V) to 1.15 A (240 V) | ||
| Hard drives | 600 GB SASx2 | ||||
| RAID configuration | RAID 1 | RAID 10 | RAID 1 | ||
| Power (hot swap) | 500 watts | 800 W | 500 watts | ||
| Power consumption (max.) | 276.9 watts | 456.1 watts | 276.9 watts | ||
| Heat dissipation (max.) | 944 BTU / hour | 1,556 BTU / hour | 944 BTU / hour | ||
| Frequency | 50/60 Hz | ||||
| Working temperature | 10 - 35 ° C (50 - 95 ° F) | ||||
Distribution of HP decisions in Ukraine , Georgia , Tajikistan , CIS countries .
Training courses on HP technologies in Kiev (TC MUK)
MUK-Service - all types of IT repair: warranty, non-warranty repair, sale of spare parts, contract service
Source: https://habr.com/ru/post/266907/
All Articles