HP Rolls Out Next-Gen Firewall Line, Threat-Detection Service
HP today took the wraps off its Next-Generation Firewall line designed to exert application-level controls and visibility over all traffic related to the enterprise, including mobile devices used in public WiFi settings and traffic from cloud services.
Tue, September 17, 2013
Network World — HP today took the wraps off its Next-Generation Firewall line designed to exert application-level controls and visibility over all traffic related to the enterprise, including mobile devices used in public WiFi settings and traffic from cloud services.
The TippingPoint Next-Generation Firewall (NGFW) appliances are offered as five models that reach 1G to 10Gbps with all intrusion-prevention and application-control capabilities turned on, according to Frank Mong, HP vice president and general manage. The company will continue selling the HP TippingPoint intrusion-prevention system (IPS).
HP joins the likes of Palo Alto Networks, Cisco, and Check Point in providing products that go beyond traditional port-based controls to allow for granular application controls and intrusion-prevention.
HP's five TippingPoint Next-Generation Firewall models are branded as the S1050F supporting 250,000 concurrent connections and intended for use in branch network deployments; the S301F and 3020F with up to 1 million concurrent connections for branch and campus network deployments; and the S8005F and S8010F with up to 20 million concurrent connections, designed for use in core and data center network environments.
"This gives them a foot in the door," says Greg Young, security analyst at Gartner. In the scope of the entire $8 billion firewall market, NGFW is now tracking at about 15% according to Gartner estimates.
What HP has come out with is basically their first firewall -- "it has zero dollars in this market," Young notes -- and it has to be viewed carefully as a "version 1.0" A product. Young said the TippingPoint NGFW can certainly be regarded as a replacement for the HP TippingPoint IPS.
HP is taking an approach similar to what Sourcefire, recently acquired by Cisco, did as Sourcefire expanded from IPS into NGFW. The NGFW market that HP is now breaking into is competitive but HP has good prospects as it starts by reaching out to its installed base. HP is clearly "going after the enterprise," Young says.
HP, which timed its announcements for its annual HP enterprise security event known as HP Protect in Washington, D.C., also said it is working on a new cloud-based service to provide threat intelligence.
The service, still in the early stages, is called HP Threat Central. Basically it lets customers using the HP ArcSight security and information event management (SIEM) product take detected anomalies that raise red flags and submit them to the HP Threat Central cloud for analysis.
Any detected anomalies that are questioned, including possibly a code sample, would not only be reviewed by HP security staff but also shared with the Threat Central community of users, though the identity of the submitter would be removed for privacy reasons. The alert information about certain findings would be shared with all other SIEM users, says Mong in what is a kind of crowdsourcing of threat intelligence.