Está en la página 1de 4

TippingPoint Intrusion Prevention System (IPS)

IPS-Secured Networks Datasheet – IPS

TippingPoint is the industry’s leading Intrusion Prevention System (IPS), unrivaled in security, performance, high availability and
ease-of-use. The TippingPoint IPS is an in-line device that is inserted seamlessly and transparently into the network. Its switch-
like performance characteristics allow it to be placed in-line at the perimeter, on internal network segments, at the core, and
at remote site locations. These powerful enforcement points can be centrally controlled to institute and enforce business-wide
security policies, allowing the TippingPoint IPS to see all network traffic and protect against external as well as internal attacks.

Features and Benefits Proactive Network Security revolutionary architectural approach needed for
Intrusion Detection Systems, by definition, only true Intrusion Prevention. Traditional software
Switch-Like Performance
• Multi-Gigabit Per Second Attack Filtering detect and do not block unwanted traffic. The and appliance solutions operate on general-
• Latency < 84 µsec TippingPoint IPS operates in-line in the network, purpose hardware and processors and are
• Real World TCP/UDP Traffic Mix
• Two Million+ Simultaneous Sessions blocking malicious and unwanted traffic, while simply unable to perform without degrading
– TCP/UDP/ICMP allowing good traffic to pass unimpeded. In network performance. Through rigorous third-
• 350,000+ Connections Per Second
fact, TippingPoint optimizes the performance of party testing, TippingPoint has demonstrated
Comprehensive Threat Protection good traffic by continually cleansing the network Intrusion Prevention at multi-gigabit speeds,
• VoIP • Phishing • Worms • Quarantine
• OS Vulnerabilities • DDoS • P2P and prioritizing applications that are mission with extraordinary attack prevention accuracy.
• Spyware • Viruses • ZDI critical. TippingPoint’s high performance and
Client and Server Protection extraordinary intrusion prevention accuracy have Threat Suppression Engine
• Prevent Attacks on Vulnerable Applications &
Operating Systems redefined network security, and fundamentally TippingPoint’s ASIC-based Threat Suppression
• Eliminate Costly Ad-Hoc Patching changed the way people protect their Engine (TSE) is the underlying technology that
• Multiple Filtering Methods
organization. has revolutionized network protection. Through
Network Infrastructure Protection a combination of pipelined and massively
• Protect Cisco IOS, DNS and Other Infrastructure It is no longer necessary to clean up after parallel processing hardware, the TSE is able to
• Protect Against Traffic Anomaly, DDoS, SYN
Floods, Process Table Floods cyber attacks have compromised network perform thousands of checks on each packet
• Access Control Lists servers and workstations. No more ad-hoc and flow simultaneously. The TSE architecture
Traffic Normalization emergency patching and no more out of control, utilizes custom ASICs, a 20 Gbps backplane
• Increase Network Bandwidth and Router rogue applications like Peer-to-Peer and Instant and high-performance network processors to
Performance
• Normalize Invalid Network Traffic Messaging running rampant throughout the perform total packet flow inspection at Layers
• Optimize Network Performance network. Denial-of-Service (DoS) attacks that 2-7. Parallel processing ensures that packet
Application Performance Protection choke Internet connections or crash mission flows continue to move through the IPS with a
• Increase Bandwidth and Server Capacity critical applications are a thing of the past. bounded latency of less than 84 microseconds,
• Rate-Limit or Block Unwanted Traffic (P2P/IM)
• Guarantee Bandwidth for Critical Applications independent of the number of filters that are
TippingPoint solutions decrease IT security applied.
Digital Vaccine® Real-Time Inoculation cost by eliminating ad-hoc patching and alert
• World-Renowned Security Research Team
• Protection Against Zero-Day Attacks response, while simultaneously increasing IT “The TippingPoint IPS is the best security solution I
• Automatic Distribution of Latest Filters productivity and profitability through bandwidth have come across. Its performance has been nothing
savings and protection of critical applications. short of amazing. The solution more than paid for itself
Security Management System
• Manage Multiple TippingPoint Systems within the first year. It’s simple to deploy and manage
• At-A-Glance Dashboard because it can interoperate with all kinds of hardware.”
• Automatic Reporting
Unparalleled Performance
• Device Configuration and Monitoring Blocking cyber-attacks at multi-gigabit speeds Richard Cross, Information Security Officer
• Advanced Policy Definition and Forensic Analysis with extremely low latency requires purpose- Toyota Motor Europe
High Availability and Stateful Network Redundancy built hardware. TippingPoint has taken such a
• Dual-Power Supplies
• Layer 2 Fallback
• Active-Active or Active-Passive Stateful
Redundancy (IPS & SMS)
• Zero Power High Availability
TippingPoint Intrusion Prevention System

extending the protective power of the IPS down


to every endpoint, TippingPoint Quarantine
blocks insider threats and walk-in worms,
and then communicates with switching
infrastructures to isolate offending endpoints
with remediation VLANs that prevent network
infection. Unlike cumbersome client-based
solutions which merely check for endpoint
configurations on Windows PCs, TippingPoint’s
Quarantine Protection offers an agentless
solution that constantly monitors all endpoint
activities, instantly eliminating LAN-based
threats automatically.

World-Class Vulnerability Analysis and


Research
The TSE architecture also enables traffic TippingPoint’s DVLabs team is a premier
classification and rate shaping. Sophisticated security research organization for vulnerability
algorithms baseline “normal” traffic, allowing analysis and discovery. Recognized in 2007
for automatic thresholds and throttling so that as the fastest growing discoverer of new
mission critical applications are given a higher vulnerabilities and the leader in the discovery
priority on the network. of high-severity and Microsoft vulnerabilities by
Frost & Sullivan1, the team consists of industry
Comprehensive Security recognized security researchers that apply their
TippingPoint performs comprehensive total cutting-edge engineering, reverse engineering
packet flow inspection through Layer 7 to and analysis talents in their daily operations. The
continually cleanse Internet and Intranet traffic by-product of these efforts fuels the creation
and accurately eradicate attacks (worms, of vulnerability filters that are automatically
viruses, Trojans, blended threats, Phishing, delivered to TippingPoint customers’ intrusion
Spyware, VoIP Threats, DoS, DDoS, Backdoors, prevention systems through the Digital
Walk-in Worms, Bandwidth Hijacking) before Vaccine® service. The DVLabs Web site (dvlabs.
damage occurs. TippingPoint protects network tippingpoint.com) serves as a portal into the
infrastructure by blocking attacks against research laboratories headquartered in Austin,
“The way we know the filters actually improve security routers, switches, DNS and other infrastructure Texas. The portal includes upcoming and
is that we have a TippingPoint IPS protecting our equipment. Through TippingPoint’s Zero-Day published advisories as well as blogs, RSS feeds
customer facing Web applications. We see Slammer, Initiative (ZDI), customers are protected against and other security resources.
port 445 and SQL Server exploits, and exploits that new threats before vulnerabilities are disclosed
normally come through on port 80. Some of these to the public. TippingPoint is also the primary author of the
exploits would have made it through the firewall SANS @RISK newsletter, which contains the
and infected the production systems. Because of our TippingPoint provides statistical, protocol and latest information on new and existing network
TippingPoint IPS deployment, the servers were never application anomaly protection to protect against security vulnerabilities. Coordinated by The
touched.” traffic surges, buffer overflows, unknown attacks SANS Institute, the SANS @RISK newsletter
Scott Davis, Enterprise Security Network Manager and unknown vulnerabilities. The TippingPoint summarizes newly discovered vulnerabilities,
T. Rowe Price IPS delivers traffic normalization to eliminate details their impact and informs of actions large
malformed or illegal packets, and performs organizations have taken to protect their users.
TCP reassembly and IP defragmentation, thus The SANS @RISK newsletter is available for free
increasing network bandwidth and protecting at http://www.sans.org/newsletters/risk/.
against evasion techniques. TippingPoint can
also act as an access control firewall that Digital Vaccine® Real-Time Inoculation
can replace CPU intensive router and switch TippingPoint offers ongoing threat prevention
access control lists. Additionally, by rate limiting against emerging vulnerabilities through the
or blocking unwanted traffic, TippingPoint Digital Vaccine service. Digital Vaccines are
conserves bandwidth and server capacity to created not only to address specific exploits,
provide complete application protection. but also potential attack permutations,
protecting customers from zero-day threats.
TippingPoint’s Quarantine protection offers Digital Vaccines are delivered to customers
a radical new approach to LAN security. By twice a week, or immediately when critical
TippingPoint Intrusion Prevention System

vulnerabilities emerge, and can be deployed


automatically with no user interaction required.

This unique and valuable service allows


customers to restore efficiency to the security
patching process. The burden of emergency and
ad-hoc vulnerability patching is alleviated; as IT
personnel can apply patches only as required
and at regularly scheduled times.
IPS
Centralized Enterprise Management
TippingPoint delivers best-of-breed
management capabilities that are simple to
use and extremely powerful. The TippingPoint
Security Management System (SMS) is a
hardened appliance that provides global vision
and control for the TippingPoint IPS. The SMS Internet
is responsible for discovering, monitoring,
configuring, diagnosing and reporting for
multiple TippingPoint systems. The TippingPoint
SMS is a rack mountable appliance that features
a state-of-the-art secure Java client interface • The TippingPoint IPS is deployed seamlessly
that enables “big picture” analysis with trending into the network with no IP address or MAC
reports, correlation and real-time graphs on address and immediately begins filtering out
traffic statistics, filtered attacks, network hosts malicious and unwanted traffic.
and services, as well as IPS inventory and
health. • The extremely high speed and low latency
capabilities of the IPS enable deployment
Because the TippingPoint SMS provides a at the network edge or core, protecting
scalable, policy-based operational model, it from external as well as internal threats.
enables straightforward management of large- TippingPoint enables traffic shaping to support
scale IPS deployments. A typical network-wide critical applications and infrastructure, and also
TippingPoint deployment consists of SMS provides attack isolation and network
Clients (secure Java), a centralized Security discovery of vulnerable devices.
Management System (SMS), and multiple
TippingPoint systems. • State of the art “Recommended Filter”
settings allow instant deployment out-of-the-
A very effective component of TippingPoint’s box with no tuning required.
SMS is the SMS dashboard. The dashboard
provides at-a-glance monitors and launch High Availability
capabilities into targeted management TippingPoint Intrusion Prevention Systems are
applications. The SMS dashboard displays unparalleled in High Availability. TippingPoint’s
an overview of current performance for all IPS is designed to ensure that network traffic
TippingPoint systems in the network, including always flows at wire speed in the event of
notifications of updates and potential problems network error, internal device error or even
that may need attention. complete power loss. Two complementary High
Availability modes of operation - Intrinsic High
Every IPS also has an embedded Local Security Availability and Stateful Network Redundancy
Manager (LSM) and Command Line Interface - ensure maximum uptime and availability for
(CLI). The LSM is a Web GUI management both the IPS devices and the SMS management
application that provides administration, devices.
configuration and reporting capabilities in an
easy-to-use, secure Web interface. Several built-in features of the IPS enable
Intrinsic High Availability. First, all TippingPoint
Easy Deployment IPS devices have dual hot swappable
The TippingPoint IPS is designed for network power supplies. Secondly, watchdog timers
transparency: continuously monitor the security and
TippingPoint Intrusion Prevention System

management engines. If an internal error is provides continuous benefits in any network


detected, TippingPoint can automatically or environment:
manually fall back to a simple Layer 2 device,
configurable per segment. Additionally, Automatically Block Attacks - By blocking attacks
TippingPoint offers a Zero Power High Availability and allowing IT staff to test security patches
“It gave us one less thing to worry about. It is truly a
(ZPHA) option for copper interfaces. In the event before deployment, system uptime is ensured
turnkey solution. We have the IPS set to automatically
of full data center power loss, the interfaces can
download the Digital Vaccine updates with the
switch over to the ZPHA external relay to pass Eliminate Emergency Patching - TippingPoint’s
recommended settings to block attacks. Now, when a
all traffic. Digital Vaccine filters alleviate the need for ad-
new threat terrorizes others in the early morning hours,
hoc and emergency patching.
we rest easy knowing that TippingPoint’s IPS has a
Stateful Network Redundancy
Digital Vaccine protecting us at all times.”
Two TippingPoint IPS’s can be provisioned to Protect Unpatched Systems - Most
operate in a transparent High Availability mode. environments cannot control all end user Jonas Hirshfield, Director of Infrastructure Development
Because the IPS is a “bump in the wire,” does desktops. Some environments such as service BlackBoard
not have an IP address and does not participate providers or universities have very little control.
in routing protocols, pairs of TippingPoint TippingPoint provides network segmentation to
systems can be deployed in existing high stop the spread of malicious traffic from infected
availability network designs without changing users, while notifying the administrator where
the network configuration. High availability attacks are originating.
routing protocols such as Virtual Router
Redundancy Protocol (VRRP), Open Shortest Reclaim Bandwidth - Blocking malicious traffic
Path First (OSPF), and Cisco Hot Standby Router and rate shaping rogue applications can increase
Protocol (HSRP) are passed transparently by the bandwidth availability by 40-70 percent.
TippingPoint IPS and therefore operate equally
well with a TippingPoint IPS in-line. The pair Accelerate Network Performance - By
of TippingPoint systems can be configured in continually cleansing the network of malicious
either Active-Active or Active-Passive modes and unwanted traffic, network performance is
to appropriately share state information so that accelerated for mission critical applications.
attack protection is fully maintained during and
after network outages. Even one of these components can offer 100%
return on investment. When combined, these
ROI for Intrusion Prevention ROI elements provide a powerful business case
TippingPoint’s Intrusion Prevention System for the TippingPoint Intrusion Prevention System.

1
Frost and Sullivan press release. “Frost & Sullivan Recognizes TippingPoint’s Valuable Contribution to Vulnerability Research.” 11 May 2007 Frost & Sullivan.
http://www.frost.com/prod/servlet/press-release.pag?docid=98552761&ctxst=FcmCtx1&ctxht=FcmCtx2&ctxhl=FcmCtx3&ctxixpLink=FcmCtx3&ctxixpLabel=FcmCtx4

Corporate Headquarters: European Headquarters: Asia Pacific Headquarters:


7501B North Capital of Texas Hwy. Herengracht 466, 2nd Floor 47 Scotts Road
Austin, Texas 78731 USA 1017 CA Amsterdam #11-03 Goldbell Towers
+1 512 681 8000 The Netherlands Singapore 228233
+1 888 TRUE IPS +31 20 521 0450 +65 6213 5999

Copyright © 3Com Corporation. TippingPoint is a trademark of 3Com Corporation or its subsidiaries. All other company and product names may be trademarks of their respective holders. While every www.tippingpoint.com
effort is made to ensure the information given is accurate, 3Com does not accept liability for any errors which may arise. Specifications and other information in this document may be subject to
change without notice. 400917-009 08/09