HP today took the wraps off its Next-Generation Firewall line designed to exert application-level controls and visibility over all traffic related to the enterprise, including mobile devices used in public WiFi settings and traffic from cloud services.
The TippingPoint Next-Generation Firewall (NGFW) appliances are offered as five models that reach 1G to 10Gbps with all intrusion-prevention and application-control capabilities turned on, according to Frank Mong, HP vice president and general manage. The company will continue selling the HP TippingPoint intrusion-prevention system (IPS).
HP joins the likes of Palo Alto Networks, Cisco, and Check Point in providing products that go beyond traditional port-based controls to allow for granular application controls and intrusion-prevention.
HP's five TippingPoint Next-Generation Firewall models are branded as the S1050F supporting 250,000 concurrent connections and intended for use in branch network deployments; the S301F and 3020F with up to 1 million concurrent connections for branch and campus network deployments; and the S8005F and S8010F with up to 20 million concurrent connections, designed for use in core and data center network environments.
How will cloud, virtualization and SDN complicate future firewall security?
"This gives them a foot in the door," says Greg Young, security analyst at Gartner. In the scope of the entire $8 billion firewall market, NGFW is now tracking at about 15% according to Gartner estimates.
What HP has come out with is basically their first firewall -- "it has zero dollars in this market," Young notes -- and it has to be viewed carefully as a "version 1.0" product. Young said the TippingPoint NGFW can certainly be regarded as a replacement for the HP TippingPoint IPS.
HP is taking an approach similar to what Sourcefire, recently acquired by Cisco, did as Sourcefire expanded from IPS into NGFW. The NGFW market that HP is now breaking into is competitive but HP has good prospects as it starts by reaching out to its installed base. HP is clearly "going after the enterprise," Young says.
HP, which timed its announcements for its annual HP enterprise security event known as HP Protect in Washington, D.C., also said it is working on a new cloud-based service to provide threat intelligence.
The service, still in the early stages, is called HP Threat Central. Basically it lets customers using the HP ArcSight security and information event management (SIEM) product take detected anomalies that raise red flags and submit them to the HP Threat Central cloud for analysis.
Any detected anomalies that are questioned, including possibly a code sample, would not only be reviewed by HP security staff but also shared with the Threat Central community of users, though the identity of the submitter would be removed for privacy reasons. The alert information about certain findings would be shared with all other SIEM users, says Mong in what is a kind of crowdsourcing of threat intelligence.
HP says it wants Threat Central to go beyond just its ArcSight user base to work with other SIEM equipment by supporting open information-sharing standards to do this, Mong says. There's no announced general availability for the Threat Central service but the beta is being ramped up now.
Other announcements about HP products and managed security services made today include:- The ArcSight SIEM has been integrated with HP Fortify in a way that the application vulnerability information tracked by Fortify on IT assets can be shared and correlated beyond just log sharing for analysis of application behaviors and threats. The capability is marketed as the ArcSight Application View module.- A dashboard-style view into ArcSight that's called ArcSight Risk Insight can present information and reports intended for business managers so they can get a understanding of security issues to the organization.- In terms of managed security services, HP says it will expand the type of largely automated continuous monitoring service it offers to the federal government today to commercial business as well.- HP says it's teaming with Akamai in a service provided by security analysts to assist organizations with detecting and mitigating distributed denial-of-service attacks and web-application attacks.- HP is providing a service for tracking and reporting on suppliers allowed entry into an organization's networks. The HP Supplier Security Compliance Solution is aimed at managing partner relationships and auditing the security controls in a supplier's network.- The HP Security Risk and Controls Advisory Service for Mobility involves advising in a "product-agnostic" manner how to establish policy and controls for managing employee-owned devices in the enterprise.
Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: MessmerE. E-mail: emessmer@nww.com
Read more about wide area network in Network World's Wide Area Network section.