When we introduced our ProActive Defense security strategy a couple of years ago, we intended it to be a comprehensive, holistic approach to network security. We envisioned something solid enough to stand the test of time, but flexible enough to evolve and grow to meet ever-changing security demands.
With the announcement of important new security offerings, HP ProCurve is making good on these promises. We are extending our presence in the network security market while staying true to our successful ProActive Defense framework.
The highlights of the new offerings include the new HP ProCurve Threat Management Services (TMS) Module, which represents an entirely new class of security product for HP ProCurve; a new version of the HP ProCurve Manager Plus (PCM+) network management suite and its plug-ins; and greater integration of wireless products that we acquired with Colubris Networks, for enhanced mobile security.
The TMS Module, in particular, is noteworthy as our official entry into the firewall/VPN and IPS (intrusion prevention service) markets – and we expect this product to change the economics of network security through its price and performance characteristics.
All the enhancements to ProActive Defense are designed to prevent downtime from security or compliance failures by doing what HP ProCurve always does: improve performance while taking the cost and complexity out of networking, in this case security. Our new offerings will also help you meet the IT cost reduction targets you probably face in the current economic climate.
ProActive Defense, extended
HP ProCurve’s umbrella security strategy is the multi-layered, comprehensive ProActive Defense. It is the first and still only network security strategy that simultaneously combines both offense (access control) and defense (threat management) into a single holistic system.
The ProActive Defense strategy delivers a trusted network infrastructure that is immune to threats, controllable for appropriate use, and able to protect data and integrity for all users. It automates protection, detection, and response within this trusted network infrastructure.
The ProActive Defense strategy has three integrated aspects, and here’s a recap of what each does plus an overview of how each is enhanced with the new offerings:
Trusted infrastructure is visible, known, and reliable. It can be securely managed to maintain its integrity and enable policy automation.
The network foundation plays a critical role in any network security solution. HP ProCurve’s ProVision ASIC remains a fundamental component of our story, as it allows us to extend control to the edge – a capability crucial to our ProActive Defense strategy. The industry-standard sFlow monitoring technology, invented by HP Labs, provides complete network-wide visibility from the data layer to the application layer and is included at no extra cost in HP ProCurve products.
PCM+ 3.0, with its updated management plug-ins, allows for control from the network center and enables you to see and inventory what exists on your network today. PCM+ and its updated plug-ins enable mapping, configuring, monitoring, and reporting of both wired and wireless networks. The Windows-based software platform offers a single-pane view of network-wide management control, allowing you to securely add, customize, and restrict management access for users.
Our VPN solutions, now enhanced with TMS, provide secure communications through IPsec VPN with 300 Mbps throughput, as well as both manual and auto-key exchanges (IKE), digital certificate management (SCEP/CRL [Simple Certificate Enrollment Protocol/certificate revocation list] support), and network address translation (NAT) traversal.
The HP ProCurve Multi-Service Controller (MCM) helps fortify your wireless security, making sure your mobile users are integrated into your overall trusted infrastructure. The MCM is a network appliance that provides wireless authentication and access capabilities, including for guest access.
Access control proactively prevents security breaches by dynamically controlling what users and devices can gain access to wired and wireless networks, and what resources they can access once admitted.
Already, our integration of Microsoft NAP (network access protection) and ProCurve Identity Driven Manager (IDM) lets you authenticate to a RADIUS server and dynamically provision your network based on user/group, time, location, device ID, or client integrity status. When a rule match is found, an associated ‘Access Profile’ is invoked that sets a policy on the user’s port that can include access control lists (ACLs), virtual LANs (VLANs), quality of service (QoS), and bandwidth limitations.
PCM+ 3.0 lets you securely add, customize, and restrict network management access to users. IDM 3.0 enhances the ability of network administrators to dynamically provision network access to meet business policies as users and devices connect to the network. The MSM enables guest traffic management that scales from 25 to 2000 users.
Threat management detects and responds defensively to threats against your network. It applies appropriate security measures based on defined policies, while monitoring behavior to help network administrators maintain a high level of network availability and integrity.
The new TMS module enables a firewall with 3 Gbps aggregated throughput, 600k sessions, and zone-based firewall policies. It can filter traffic crossing switch VLAN boundaries, as well as provide authenticated network access, port triggers, and denial-of-service (DoS) attack protection. Additionally, it offers new intrusion detection and prevention system (IDS/IPS) functions that include signature-based detection and protocol anomaly-based detection, and it complements HP ProCurve’s existing wireless IPS solution to provide threat management services across both wired and wireless networks.
Network Immunity Manager (NIM) 2.0, a plug-in to PCM+ enhances its existing capabilities – internal threat detection using sFlow technology, threat mitigation and threat response with an NBAD engine as well as through the PCM+ policy-based automatic action engine – with better management of internal network threat detection and response in both wired and wireless environments.
ProCurve ONE partners
Bolstering HP ProCurve’s own new and enhanced product offerings, a number of ProCurve Open Network Ecosystem (ONE) partners are also fortifying our overall ProActive Defense security capabilities. ProCurve ONE best-of-breed security partners include McAfee, Microsoft, and InMon.
McAfee and HP ProCurve are building data center solutions that combine McAfee’s industry-leading network security products with HP ProCurve’s data center switching products. Working together under the ProCurve ONE alliance program, HP, ProCurve, and McAfee can help organizations address the near-term data center challenges of power consumption, availability, security, and compliance, while also enabling the evolution to next-generation data centers.
ProCurve ONE also combines Microsoft security and network access applications with HP ProCurve devices and solutions. Microsoft Network Policy Server (NPS), which is already integrated into HP ProCurve IDM, represents a strategic commitment by Microsoft and HP ProCurve to partner around Microsoft’s network applications and ProCurve’s networking expertise and equipment.
InMon develops traffic monitoring solutions for high-speed switched networks, for greater visibility into and control over network security operations. InMon and HP ProCurve are collaborating to incorporate InMon’s Traffic Sentinel software into HP ProCurve’s LAN/WLAN infrastructure through the ProCurve ONE Services zl Module.
A big leap forward
Putting it all together, this expansion of the HP ProCurve security strategy adds a number of powerful new tools to your multi-layered ProActive Defense possibilities. I think it’s a testament to the ProActive Defense strategy that we can not only add new products and capabilities under the ProActive Defense umbrellas, but also expand into new areas of the security market without having to fundamentally alter our strategic infrastructure.
I see this evolution of ProActive Defense as yet another concrete, real-world example of the benefits offered by HP ProCurve’s overall Adaptive Networks vision.
Mauricio Sanchez, MSEE, CISSP, is the Chief Network Security Architect for HP ProCurve. He is responsible for specifying ProCurve’s ProActive Defense security technology strategy across all product lines.
