TippingPoint Intrusion Prevention Systems

The TippingPoint Intrusion Prevention System (IPS) delivers the most powerful network protection in the world. The TippingPoint IPS is an in-line device that is inserted seamlessly and transparently into the network. As packets pass through the IPS, they are fully inspected to determine whether they are legitimate or malicious. This instantaneous form of protection is the most effective means of preventing attacks from ever reaching their targets.

TippingPoint's Intrusion Prevention Systems provide Application Protection, Performance Protection and Infrastructure Protection at gigabit speeds through total packet inspection. Application Protection capabilities provide fast, accurate, reliable protection from internal and external cyber attacks. Through its Infrastructure Protection capabilities, the TippingPoint IPS protects VoIP infrastructure, routers, switches, DNS and other critical infrastructure from targeted attacks and traffic anomalies. TippingPoint's Performance Protection capabilities enable customers to throttle non-mission critical applications that hijack valuable bandwidth and IT resources, thereby aligning network resources and business-critical application performance.

The system is built upon TippingPoint's Threat Suppression Engine (TSE) - a highly specialized hardware-based intrusion prevention platform consisting of state-of-the-art network processor technology and TippingPoint's own set of custom ASICs. The TippingPoint ASIC-based Threat Suppression Engine is the underlying technology that has revolutionized network protection. Through a combination of pipelined and massively parallel processing hardware, the TSE is able to perform thousands of checks on each packet flow simultaneously. The TSE architecture utilizes custom ASICs, a 20 Gbps backplane and high-performance network processors to perform total packet flow inspection at Layers 2-7. Parallel processing ensures that packet flows continue to move through the IPS with a latency of less than 84 microseconds, independent of the number of filters that are applied.

The TippingPoint TSE architecture also enables traffic classification and rate shaping. Sophisticated algorithms baseline "normal" traffic allowing for automatic thresholds and throttling so that mission critical applications are given a higher priority on the network.

The TippingPoint IPS family offers a range of products that differ in capacity and the number of simultaneous segments they protect.

• TippingPoint 50
• TippingPoint 200
• TippingPoint 200E
• TippingPoint 210E
• TippingPoint 600E
• TippingPoint 1200E
• TippingPoint 2400E
• TippingPoint 5000E
• TippingPoint SMS (Enterprise-Level Management System)
• TippingPoint ZPHA (Zero Power High Availability)

The integral part of the TippingPoint solution is the Digital Vaccine® Service. Developed by TippingPoint's world-renowned security researchers (DVLabs), the Digital Vaccine service delivers comprehensive security filters to TippingPoint Intrusion Prevention Systems to to pre-emptively protect against the exploit of new and zero-day vulnerabilities. These filters, created to block multiple attack variants on a single vulnerability versus a simple exploit, provide attack recognition accuracy without compromising network performance. Digital Vaccine updates are automatically delivered twice a week, or immediately when critical vulnerabilities and threats emerge. TippingPoint's "Recommended Settings" provide preconfigured policies to automatically and accurately block attacks without any tuning, significantly reducing the amount of time and resources required to protect and maintain a healthy network.

TippingPoint Core Controller

As enterprise networks evolve, 10Gbps network links have become relatively low in cost and increasingly more widespread. Core network upgrades driven by data center consolidation, high performance computing and high bandwidth applications like video on demand and file sharing contribute to the adoption of 10Gbps networks. The need to inspect and remove malicious traffic at high throughput traffic points is now greater than ever. Network and security engineers realize intrusion prevention systems (IPS) must be implemented not only at the traditional WAN perimeter, but also between major network segments within core networks and data centers. The TippingPoint Core Controller enables 10Gbps links to be protected by the industry-leading TippingPoint IPS solution in a scalable, economical manner while ensuring the high availability, performance, low latency and security accuracy that are the hallmarks of TippingPoint IPS solutions.

The TippingPoint Core Controller is deployed as a 'bump-in-the wire' network element for up to three 10Gbps network links. Traffic entering the Core Controller is intelligently flow balanced to a bank of TippingPoint IPS's where traffic inspection and enforcement are performed. Malicious and unwanted traffic is blocked, and clean traffic is returned to the Core Controller for distribution to the appropriate 10Gbps egress link, allowing organizations to scale security traffic inspection and enforcement.

The TippingPoint Core Controller enables 10Gbps links to be protected by the TippingPoint IPS while ensuring high availability, performance, low latency and security accuracy. All TippingPoint appliances are purpose-built with the reliability to go in-line in enterprise and service provider networks. In addition, the Core Controller's high availability features; including redundant configurability, built-in zero power bypass (Smart ZPHA), IPS heartbeat monitoring, link down synchronization and hardware watchdogs; allow an unprecedented level of redundancy configuration to eliminate single points of failure.

The TippingPoint Core Controller offers organizations an economical entry for IPS protection on existing 10 Gigabit Ethernet (GbE) networks by allowing them to purchase the IPS capacity initially required, and then add more capacity as traffic inspection needs increase. Organizations with existing TippingPoint IPS units initially purchased for lower speed network links can redeploy those units with the Core Controller for 10GbE protection. TippingPoint Core Controller's flexible deployment options provide a "pay-as-you-grow" model that allows organizations to easily leverage existing investments and increase their IPS capacity as bandwidth and security requirements evolve.

TippingPoint Network Access Control (NAC)

The TippingPoint NAC solution enables enterprises to enforce device and user policies to ensure endpoint compliance and granular network compliance even after initial network entry. TippingPoint NAC provides multiple enforcement options, including inline enforcement with the TippingPoint NAC Enforcer, and out-of-band options using 802.1x or DHCP, with support for various vendors and network topologies. The integration of device, user and IPS-based traffic classification and enforcement provides much greater control over network access and usage, reducing network vulnerabilities while improving policy and regulatory compliance.

In a TippingPoint NAC environment, access policies subject each device and user pair to rigorous authentication, authorization, posture compliance checks and enforcement. Non-compliant devices are directed to remediate based on policy class. User access rights are controlled through integration with existing rights management systems including Active Directory, LDAP and RADIUS. TippingPoint NAC, including the NAC Policy Enforcer and the NAC Policy Server, then interoperates with the TippingPoint IPS to ensure all malicious traffic is blocked from each endpoint and suspect or non-compliant traffic triggers other policy-controlled actions, including blocking, quarantining, alerting or rate shaping. Now, network and security personnel have unprecedented control over the entire network perimeter with integrated policy-based visibility and control of users, devices and traffic flows.

While network access control combined with the IPS is the ideal protection path, the TippingPoint NAC Policy Enforcer and Policy Server can also be deployed without an IPS.

TippingPoint NAC Policy Server

The NAC Policy Server provides centralized policy management as part of the TippingPoint NAC solution, and offers advanced reporting and event correlation. The centralized Web-based console allows network administrators to quickly scan through the entire network, in real-time, viewing the activity and performance of all users, applications, connections and devices. This greatly reduces troubleshooting time and expedites problem resolution. The NAC Policy Server economically scales to accommodate network infrastructure growth of users, groups and applications using a distributed design which includes the NAC Policy Enforcer. Detailed reporting provides metrics like minutes-used, and bandwidth consumed by device, user, group, access point to enable support for multiple service level agreements (SLAs). A single NAC Policy Server can support up to approximately 5,000 users.

TippingPoint NAC Policy Enforcer

The TippingPoint NAC Policy Enforcer is an in-line appliance that provides access control enforcement based on user and device criteria. It allows network administrators to designate access rules based on user identity and device type, rather than traditional port-based segmentation that may only restrict by location. As more mobile devices are introduced to the network, and enterprise employees become more transient, the network perimeter continues to erode. As consultants, contractors and guests are authorized for internal network access, an inline enforcement tool based on identity is necessary to permit only eligible users onto the network with access to only authorized resources. Working in concert with the NAC Policy Server, the NAC Policy Enforcer receives up-to-date policies for any new connection on the network, and receives any changes in a user's authentication state, and time and location-based rules.

TippingPoint Security Management System

The TippingPoint Security Management System is an enterprise-class management platform that provides administration, configuration, monitoring and reporting for multiple TippingPoint Intrusion Prevention Systems. It is a zero-install rack mountable appliance that features a state-of-the-art client interface.

 

The SMS features customizable access control levels for operator (read-only), admin and supervisor privileges. It enables "big picture" analysis with trending reports, correlation and real-time graphs - including reports on Traffic Statistics, Filtered Attacks, Network Hosts and Services and TippingPoint IPS Inventory and Health.

Because the TippingPoint SMS provides a scalable, policy-based operational model, it enables straightforward management of large scale IPS deployments. A typical network-wide TippingPoint deployment consists of SMS Clients (secure Java), a centralized Security Management System (SMS) and multiple TippingPoint IPS systems.

The SMS dashboard provides at-a-glance monitors, with launch capabilities into the targeted management applications that provide global command and control of TippingPoint Intrusion Prevention Systems.

Key features include:

• Enterprise-wide reporting and trend analysis
• At-a-glance dashboard
• Device configuration and monitoring
• Automatic reporting
• Automated security response mechanisms
• Policy driven management
• Digital Vaccine® management
• Event management and review
• Automated event response for enforcement and remediation
• User account and access management

TippingPoint Digital Vaccine®

In providing the vulnerability analysis for SANS every week, the TippingPoint DVLabs security team simultaneously develops new attack filters to address the vulnerabilities and incorporates these filters into Digital Vaccines. Vaccines are created not only to address specific exploits, but also potential attack permutations, protecting customers from Zero-Day threats. For maximum security coverage, TippingPoint deploys a variety of security filters, including traffic anomaly filters and vulnerability-based filters. In the case of a virus, where there is no underlying vulnerability, TippingPoint delivers attack signatures. Digital Vaccines are delivered to customers twice a week, or immediately when critical vulnerabilities and threats emerge, and can be deployed automatically with no user interaction required.

New filters are continuously fed to the IPS to keep it up-to-date against the latest vulnerabilities. Each filter can be thought of as a Virtual Software Patch that is created within the network to protect downstream hosts from attack. Any malicious traffic intended to exploit a particular vulnerability is immediately detected and blocked. The solution is highly scalable in that the intrusion prevention system can protect thousands of unpatched systems with a single virtual patch.

TippingPoint's expertise is recognized worldwide: 300,000 administrators, executives, and security professionals subscribe to the SANS @RISK report, which is authored by TippingPoint security analysts. The same analysis feeds our Digital Vaccine filter developers to prioritize how best to protect our customers. New Digital Vaccines are typically released on a weekly basis, but are turned in a matter of hours in emergency situations. The speed with which we deliver new filters makes this a powerful weapon in the patch race.

TippingPoint Managed Security Service

The TippingPoint Managed Security Service combines the award-winning TippingPoint Intrusion Prevention Systems (IPS) with Counterpane's ground-breaking, comprehensive, managed security services. With this service, customers maximize the value of current and planned IPS deployments with additional expertise to effectively monitor and manage their network security environment.

This service includes 24x7x365 activity monitoring, detailed analysis and escalated response as well as guidance toward remediation and online reporting for day-to-day management and legislative compliance requirements. These services highlight the important security events so that our expert security analysts can interpret these alerts to guide customers on the proper remediation protocol.

Key services include:

• Managed Security Services - provides 24x7x365, real-time incident response to suspicious activity, rogue scans, unauthorized access, misuse of Web applications and insider abuse.
• Managed Vulnerability Scanning - certified by MasterCard's Site Data Protection (SDP) compliance program, enhances Managed Security Services by cross-referencing the real-time monitoring data against a continuously updated inventory of an enterprise's assets and its current state of operation.
• TippingPoint IPS and Device Management - applies best practices and performance tuning based on real-time network monitoring and remediation. Expert analysis of the customer network activity drives initial and ongoing device configurations.
• Security Consultants: Installation, Integration and Device Tuning - with proven methodologies and cross-industry best practices, utilizes knowledge to provide policy, architecture, program implementation and continuous process improvement solutions. Security Consulting services optimize network configurations to increase defense effectiveness, improve detection capabilities, and create natural links between policy and operations.

TippingPoint's Managed Security Service provides customers with a comprehensive network security solution with unmatched market leadership and best-of-breed technology and the most advanced solution for detecting and preventing attacks with the least disruptive integration and operation.