Embed Size (px)
Citation preview
TippingPoint Intrusion Prevention Systems
The Platform For Unrivaled Security and Performance
Protection has never been more powerful. TippingPoint is the industry's leadingIntrusion Prevention System (IPS), unrivaled in security, performance, high availabilityand ease-of-use. As the only Intrusion Prevention System to receive the NSS Gold Awardand Common Criteria certification, among many other awards, TippingPoint is thedefining benchmark for network-based intrusion prevention.
Proactive Network SecurityIntrusion Detection Systems, by definition,only detect and do not block unwantedtraffic. The TippingPoint IPS operates in-linein the network, blocking malicious andunwanted traffic, while allowing goodtraffic to pass unimpeded. In fact,TippingPoint optimizes the performance ofgood traffic by continually cleansing thenetwork and prioritizing applications thatare mission critical. TippingPoint's highperformance and extraordinary intrusionprevention accuracy have redefined networksecurity, and fundamentally changed theway people protect their organization.
No longer is it necessary to clean up aftercyber attacks have compromised your serversand workstations. No more ad-hoc andemergency patching. No more out ofcontrol, rogue applications like Peer-to-Peerand Instant Messaging running rampantthroughout the network. Denial-of-Serviceattacks that choke Internet connections orcrash mission critical applications are a thingof the past.
TippingPoint solutions continuously decreaseIT security cost by eliminating ad-hocpatching and alert response, andcontinuously increase IT productivity andprofitability through bandwidth savings andprotection of critical applications.
Unparalleled PerformanceTippingPoint’s products are the bestperforming in the industry. Blocking cyber-attacks at multi-gigabit speeds withextremely low latency requires purpose-built
hardware, and only TippingPoint has takensuch a revolutionary architectural approachneeded for true Intrusion Prevention.Traditional software and appliance solutionsoperate on general-purpose hardware andprocessors and are simply unable to performwithout degrading network performance.Through rigorous third-party testing,TippingPoint has demonstrated IntrusionPrevention at multi-gigabit speeds, withextraordinary attack prevention accuracy.TippingPoint is proven in the industry as themost secure, highest performing platformfor Intrusion Prevention.
DATASHEET
Switch-Like Performance• Multi-Gigabit Per Second Attack Filtering
– TippingPoint 50 (50 Mbps)– TippingPoint 100E (100 Mbps)– TippingPoint 200 (200 Mbps)– TippingPoint 400 (400 Mbps)– TippingPoint 1200 (1.2 Gbps)– TippingPoint 2400 (2.0 Gbps)– TippingPoint 5000E (5.0 Gbps)
• Latency < 215 µsec• Real World TCP/UDP Traffic Mix• Two Million+ Simultaneous Sessions
– TCP/UDP/ICMP• 750,000+ Connections Per Second
Client and Server Protection• Prevent Attacks on Vulnerable Applications
and Operating Systems• Eliminate Costly Ad-Hoc Patching• Multi-Mode Attack Blocking
Network Infrastructure Protection• Protect Cisco IOS, DNS and Other
Infrastructure• Protect Against Traffic Anomaly, DoS, SYN
Floods, Process Table Floods• Access Control Lists
Traffic Normalization• Increase Network Bandwidth and Router
Performance• Normalize Invalid Network Traffic• Optimize Network Performance
Application Performance Protection• Increase Bandwidth and Server Capacity• Rate-Limit or Block Unwanted Traffic
– Peer-to-Peer/Instant Messaging• Guarantee Bandwidth for Critical
Applications
Digital Vaccine™ Real-Time Inoculation• Protection Against Zero-Day Attacks• Automatic Distribution of Latest Filters
Security Management System• Manage multiple TippingPoint Systems• At-A-Glance Dashboard• Automatic Reporting• Device Configuration and Monitoring• Advanced Policy Definition and Forensic
Analysis
High Availability and Stateful NetworkRedundancy• Dual-Power Supplies• Layer 2 Fallback• Active-Active or Active-Passive Stateful
Redundancy• Zero Power High Availability
“TippingPoint is a visionary inthe intrusion preventionmarket.”
Eric Ogren, Yankee Group
“From the moment TippingPointwas plugged into our network,and with minimal configuration,it began proactively blockingthreats against our cable modemaccess segments. This is a level ofprotection I never imagined wecould provide to all of ourbroadband cablesubscribers.”
Andre Foster, Vice President of IT
Cable Bahamas
Threat Suppression EngineTippingPoint’s ASIC-based Threat SuppressionEngine (TSE) is the underlying technologythat has revolutionized network protection.Through a combination of pipelined and
massively parallel processing hardware, theTSE is able to perform thousands of checkson each packet flow simultaneously. The TSEarchitecture utilizes custom ASICs, a 20 Gbpsbackplane and high-performance networkprocessors to perform total packet flowinspection at Layers 2-7. Parallel processingensures that packet flows continue to movethrough the IPS with a bounded latency ofless than 215 microseconds, independent ofthe number of filters that are applied.
The TSE architecture also enables trafficclassification and rate shaping. Sophisticatedalgorithms baseline "normal" traffic allowingfor automatic thresholds and throttling sothat mission critical applications are given ahigher priority on the network.
Complete SecurityBuilt on outstanding performance,TippingPoint delivers uncompromising
security. TippingPoint performscomprehensive total packet flow inspectionthrough Layer 7 to continually cleanseInternet and Intranet traffic and accuratelyeradicate attacks (worms, viruses, Trojans,blended threats, DoS, DDoS, Backdoors,Walk-in Worms*, Bandwidth Hijacking)before damage occurs. TippingPoint protectsnetwork infrastructure by blocking attacksagainst routers, switches, DNS and otherinfrastructure equipment.
*Walk-in Worm: a Worm that spreads from withinan organization by "walking in" on a laptopcomputer.
TippingPoint provides statistical, protocol andapplication anomaly protection to protectagainst traffic surges, buffer overflows,unknown attacks and unknownvulnerabilities. TippingPoint delivers trafficnormalization to eliminate malformed orillegal packets, and performs TCP reassemblyand IP defragmentation, thus increasingnetwork bandwidth and protecting againstevasion techniques. TippingPoint can also actas an access control firewall that can replaceCPU intensive router and switch accesscontrol lists. Additionally, by rate limiting orblocking unwanted traffic, TippingPointconserves bandwidth and server capacity toprovide complete application protection.Comprehensive features include:
World-Class VulnerabilityAssessmentThe security team at TippingPoint leads theindustry in vulnerability analysis. TippingPointis the primary author of the SANS @RISKnewsletter, containing the latest informationon new and existing network securityvulnerabilities, with a subscriber base of nearly 300,000 network security professionalsworldwide. Coordinated by the SANSInstitute and delivered every Thursday, the
TIPPINGPOINT INTRUSION PREVENTION SYSTEMS
“TippingPoint was soeffective at blocking theSobig virus (whileevaluating the product)that we immediatelypurchased several systemsin order to protect ourentire network.”
John Oberlin, Associate Vice Chancellor for ITUniversity of North Carolina
SANS @RISK newsletter summarizes newlydiscovered vulnerabilities, details their impactand informs of actions large organizationshave taken to protect their users. The SANS@RISK newsletter is available for free athttp://www.sans.org/newsletters/risk/.
Digital Vaccine Real-Time InoculationEnsuring total security, TippingPoint offersongoing threat prevention against emergingvulnerabilities. In providing the vulnerabilityanalysis for SANS every week, the TippingPointsecurity team simultaneously develops newattack filters to address the vulnerabilities andincorporates these filters into Digital Vaccines.Vaccines are created not only to address specificexploits, but also potential attack permutations,protecting customers from Zero-Day threats.Digital Vaccines are delivered to customersevery week, or immediately when criticalvulnerabilities emerge, and can be deployedautomatically with no user interaction required.
This unique and valuable service allowscustomers to restore efficiency to the securitypatching process. The burden of emergencyand ad-hoc vulnerability patching is alleviated,as IT personnel can apply patches only asrequired and at regularly scheduled times.
Enterprise ManagementTippingPoint delivers best-of-breedmanagement capabilities that are simple touse and extremely powerful. TheTippingPoint Security Management System(SMS) is a hardened appliance that providesglobal vision and control for multipleTippingPoint systems. The SMS is responsiblefor discovering, monitoring, configuring,diagnosing and reporting for up to 1,000TippingPoint systems. The TippingPoint SMS isa rack mountable appliance that features astate-of-the-art secure Java client interfacethat enables "big picture" analysis withtrending reports, correlation and real-timegraphs on traffic statistics, filtered attacks,network hosts and services, and IPS inventoryand health.
Because the TippingPoint SMS provides ascalable, policy-based operational model, itenables straightforward management oflarge-scale IPS deployments. A typicalnetwork-wide TippingPoint deploymentconsists of SMS Clients (secure Java), acentralized Security Management System
(SMS), and multiple TippingPoint systems.
A very effective component of TippingPoint’sSMS is the SMS dashboard. The dashboardprovides at-a-glance monitors and launchcapabilities into targeted managementapplications. The SMS dashboard displays anoverview of current performance for allTippingPoint systems in the network,including notifications of updates andpotential problems that may need attention.
Additionally, every IPS is shipped with anembedded Local Security Manager (LSM)and Command Line Interface (CLI). The LSMis a Web GUI management application thatprovides administration, configuration andreporting capabilities in an easy-to-use,secure Web interface.
TIPPINGPOINT INTRUSION PREVENTION SYSTEMS
“The management systemis powerful and flexible,yet easy and intuitive touse. The profile editor isthe best we have seen onany IPS/IDS device.”
Bob Walder, PresidentThe NSS Group
Easy to DeployThe TippingPoint IPS is designed for networktransparency:
• The TippingPoint IPS is deployed seamlesslyinto the network with no IP address or MACaddress, and immediately begins filteringout malicious and unwanted traffic.
• The extremely high speed and low latencycapabilities of theIPS enabledeployment at thenetwork edge orcore, protecting from external aswell as internalthreats.TippingPointenables trafficshaping to supportcritical applicationsand infrastructure,as well as providesattack isolation
and network discovery of vulnerabledevices.
• State of the art “Recommended Filter”settings allow instant deployment out-of-the-box with no tuningrequired.
High AvailabilityTippingPoint Intrusion PreventionSystems are unparalleled in HighAvailability. TippingPoint’s IPS isdesigned to guarantee that networktraffic always flows at wire speed in the
event of network error, internaldevice error or even completepower loss. Two complementaryHigh Availability modes of operation -Intrinsic High Availability and StatefulNetwork Redundancy - ensuremaximum uptime and availability.
Several built-in features of the IPSenable Intrinsic High Availability. First,
all TippingPoint IPS devices have dual hotswappable power supplies. Secondly,watchdog timers continuously monitor thesecurity and management engines. If aninternal error is detected, TippingPoint canautomatically or manually fall back to asimple Layer 2 device, configurable persegment. Additionally, TippingPoint offers aZero Power High Availability (ZPHA) optionfor copper interfaces. In the event of full datacenter power loss, the interfaces can switchover to the ZPHA external relay to pass alltraffic.
Stateful Network RedundancyTwo TippingPoint IPS’s can be provisioned tooperate in a transparent High Availabilitymode. Because the IPS is a "bump in thewire," does not have an IP address and doesnot participate in routing protocols, pairs ofTippingPoint systems can be deployed inexisting high availability network designswithout changing the network configuration.High availability routing protocols such asVirtual Router Redundancy Protocol (VRRP),Open Shortest Path First (OSPF), and Cisco HotStandby Router Protocol (HSRP) are passedtransparently by the TippingPoint IPS andtherefore operate equally well with a
TippingPoint IPS in-line. The pair ofTippingPoint systems can be configured ineither Active-Active or Active-Passive modesto appropriately share state information sothat attack protection is fully maintainedduring and after network outages.
Copyright © 2005 3Com Corporation. 3Com, 3Com logo, TippingPoint Technologies, the TippingPoint logo and Digital Vaccine are registered trademarksof 3Com Corporation. All other company and product names may be trademarks of their respective holders. 400917-001 06/05
TIPPINGPOINT INTRUSION PREVENTION SYSTEMS
Corporate Headquarters:7501B North Capital of Texas Hwy.Austin, TX 78731+1 512 681 8000+1 888 TRUE IPSwww.tippingpoint.com
International Headquarters:World Trade Centre AmsterdamZuidplein 36, H-Toren1077 XV AmsterdamThe Netherlands+31 20 799 7629
“It was a test by fire.During severe weatherevents, site traffic candramatically increase, andwe want to make sure anynetwork or infrastructureequipment we put in canscale to handle thatload.”
Dan Agronow, VP of Technology, Weather.com
