Last Updated on Sunday, 26 April 2009 11:06
Written by jj
Monday, April 27th, 2009
After a week at RSA and many recent days and evenings devoted to planning and preparation for our (CAD’s) 7th Annual IT Hot Topics Conference, I wanted to take a few minutes to share a quick peek at ProCurve’s new security suite offering.
The new products, announced today and available for ordering in just a few weeks, are ProCurve’s first real foray into the world of holistic network security solutions. Yes- I said holistic- get over it. I say holistic because it’s the most accurate word. By holistic, we mean a solution that integrates all aspects of a system for a totally interdependent ecosystem. Holism comes from the Greek work holos, meaning “all, entire, whole.”
I’ve been a proponent of holistic technology systems since I stepped into the IT world. Just as in holistic health, in holistic security, we address underlying issues and integrate pieces of the infrastructure to remedy the problem instead of treating various symptoms individually.
Today, ProCurve Networking by HP is announcing its expanded security offering, including the very new ProCurve Threat Management Services Module, the ProCurve RF Manager and full version revisions of the ProCurve PCM+ and ProCurve NIM (Network Immunity Manager) software.
ProCurve Threat Management Services Module
This fun little piece of engineering is ALL new. It’s a physical module that plugs into the zl switch family (ProCurve’s 5400, 8212), hosts a high-throughput firewall (3+Gbps) and related services (IDS/IPS, VPN). The module could be used on the outside edge/WAN in competition with today’s leading firewall vendors such as Cisco, Juniper and Checkpoint, but I really see its sweet spot in the internal threat detection market, taking the place of expensive layered internal IDS/IPS sensors in the LAN. The sticker price of around $17k list might make you gasp, but it’s a small price in comparison to current LAN-based sensors available today.
In addition to the obvious advantages customers will get from firewall features, internal network zoning, IDS/IPS signature analysis and VPN support for remote offices or users, the TMS’s integration into the switching infrastructure gives it some unique use cases. The chassis integration means you can assign as many ports as you want to various firewall zones and push those zone rules out to other pieces of the infrastructure. Its high throughput processing power attached to the switch backplane means super-fast traffic analysis without the limitations of external connections (ie Gig links on interfaces).
Overall, the TMS Module offers great promise to customers and security integrators. If implemented properly, it will provide the firewall zoning functions and signature based threat detection many customers are seeking in their networks. I haven’t put my hands on the module yet, so I’ll stop here before attempting any further technical review.
ProCurve NIM (Network Immunity Manager) 2.0
This software plug-in to ProCurve’s PCM+ management platform is probably one of my favorites. NIM provides flow analysis from sFlow and uses a finely tuned anomaly engine to provide NBAD (network behaviour anomaly detection) analysis.
NIM 1.0 had a lot of potential, but, being version 1.0, it obviously also had room for improvement. In 2.0, it seems HP took all the technical and user interface feedback they received and put that into the MUCH improved PCM+ 3.0 platform.
The user interface, menus and dashboards in NIM 2.0 are leaps and bounds beyond what we saw in 1.0. Not only has the GUI been enhanced, but both the anomaly engine on the back end and the event analysis wizards on the front end have been improved greatly. Users less familiar with the threat types and anomalies can now easily walk through detailed wizard-driven analysis, explanation and recommendation processes. The result is a more user-friendly system with the intelligence built in to assist with smart decision-making for customization and training.
Oh yeah, and NIM integrates with the ProCurve TMS Module (as well as 3rd party Alliance Partner firewall/IDS solutions) for full IDS-based threat analysis. With this system, we have the power to examine traffic on the network and identify anomalous behaviour in addition to signature-based threats.
ProCurve RF Manager
To round out today’s security suite review, we have ProCurve’s RF Manager, a solution tweaked and updated from the legacy Colubris product line they purchased last year. Our experience so far with the wireless line (including the Colubris controllers and access points) has been great. We’re using it in our labs and offices and have transitioned a variety of customers to the new platform.
The new RF Manager offers complete wireless IPS capabilities including rogue AP detection (by 14 unique methods), protection against attacks on WEP, MAC address spoofing identification, spoofed SSID discovery and a suite of reporting options and location-based tracking.
Be on the lookout for more information - including screenshots and lab reviews - of the various security suite offerings. So far, I’m quite impressed with what I’ve seen – especially the new PCM+ 3.0 and NIM 2.0 software. Check back soon for more on the Threat Management Services Module and wireless ‘stuff’.
# # #
