TippingPoint Intrusion Prevention Systems

The Platform For Unrivaled Security and Performance

Protection has never been more powerful. TippingPoint is the industry's leading IntrusionPrevention System (IPS), unrivaled in security, performance, high availability and ease-of-use. As the only Intrusion Prevention System to receive the NSS Gold Award and to becertified as the first multi-gigabit Network IPS by ICSA Labs, among many other awards,TippingPoint is the defining benchmark for network-based intrusion prevention.

Proactive Network SecurityIntrusion Detection Systems, by definition,only detect and do not block unwantedtraffic. The TippingPoint IPS operates in-linein the network, blocking malicious andunwanted traffic, while allowing goodtraffic to pass unimpeded. In fact,TippingPoint optimizes the performance ofgood traffic by continually cleansing thenetwork and prioritizing applications thatare mission critical. TippingPoint's highperformance and extraordinary intrusionprevention accuracy have redefined networksecurity, and fundamentally changed theway people protect their organization.

No longer is it necessary to clean up aftercyber attacks have compromised your serversand workstations. No more ad-hoc andemergency patching. No more out ofcontrol, rogue applications like Peer-to-Peerand Instant Messaging running rampantthroughout the network. Denial-of-Serviceattacks that choke Internet connections orcrash mission critical applications are a thingof the past.

TippingPoint solutions continuously decreaseIT security cost by eliminating ad-hocpatching and alert response, andcontinuously increase IT productivity andprofitability through bandwidth savings andprotection of critical applications.

Unparalleled PerformanceTippingPoint has the best performingproducts in the industry. Blocking cyber-attacks at multi-gigabit speeds withextremely low latency requires purpose-built

hardware, and only TippingPoint has takensuch a revolutionary architectural approachneeded for true Intrusion Prevention.Traditional software and appliance solutionsoperate on general-purpose hardware andprocessors and are simply unable to performwithout degrading network performance.Through rigorous third-party testing,TippingPoint has demonstrated IntrusionPrevention at multi-gigabit speeds, withextraordinary attack prevention accuracy.TippingPoint is proven in the industry as themost secure, highest performing platformfor Intrusion Prevention.

DATASHEET

Switch-Like Performance• Multi-Gigabit Per Second Attack Filtering

– TippingPoint X505 (50 Mbps IPS/VPN/FW)– TippingPoint X506 (50 Mbps IPS/100 MbpsVPN/100 Mbps FW)

– TippingPoint 50 (50 Mbps)– TippingPoint 200 (200 Mbps)– TippingPoint 200E (200 Mbps)– TippingPoint 600E (600 Mbps)– TippingPoint 1200E (1.2 Gbps)– TippingPoint 2400E (2.0 Gbps)– TippingPoint 5000E (5.0 Gbps)

• Latency < 84 μsec• Real World TCP/UDP Traffic Mix• Two Million+ Simultaneous Sessions

– TCP/UDP/ICMP• 1,000,000+ Connections Per Second

Comprehensive Threat Protection• VoIP • Phishing • Worms• OS Vulnerabilities • DDoS • P2P• Spyware • Viruses • ZDI• Quarantine

Client and Server Protection• Prevent Attacks on Vulnerable Applicationsand Operating Systems

• Eliminate Costly Ad-Hoc Patching• Multiple Filtering Methods

Network Infrastructure Protection• Protect Cisco IOS, DNS and OtherInfrastructure

• Protect Against Traffic Anomaly, DDoS, SYNFloods, Process Table Floods

• Access Control Lists

Traffic Normalization• Increase Network Bandwidth and RouterPerformance

• Normalize Invalid Network Traffic• Optimize Network Performance

Application Performance Protection• Increase Bandwidth and Server Capacity• Rate-Limit or Block Unwanted Traffic

– Peer-to-Peer/Instant Messaging• Guarantee Bandwidth for CriticalApplications

Digital Vaccine® Real-Time Inoculation• World-Renowned Security Research Team• Protection Against Zero-Day Attacks• Automatic Distribution of Latest Filters

Security Management System• Manage Multiple TippingPoint Systems• At-A-Glance Dashboard• Automatic Reporting• Device Configuration and Monitoring• Advanced Policy Definition and ForensicAnalysis

High Availability and Stateful NetworkRedundancy• Dual-Power Supplies• Layer 2 Fallback• Active-Active or Active-Passive StatefulRedundancy (IPS and SMS)

• Zero Power High Availability

“TippingPoint is a visionary inthe intrusion preventionmarket.”

Eric Ogren, Yankee Group

“The TippingPoint IPS is the bestsecurity solution I have comeacross. Its performance has beennothing short of amazing. Thesolution more than paid foritself within the first year. It’ssimple to deploy and managebecause it can interoperate withall kinds of hardware.”

Richard Cross, Information Security Officer

Toyota Motor Europe

Threat Suppression EngineTippingPoint’s ASIC-based Threat SuppressionEngine (TSE) is the underlying technologythat has revolutionized network protection.Through a combination of pipelined and

massively parallel processing hardware, theTSE is able to perform thousands of checkson each packet flow simultaneously. The TSEarchitecture utilizes custom ASICs, a 20 Gbpsbackplane and high-performance networkprocessors to perform total packet flowinspection at Layers 2-7. Parallel processingensures that packet flows continue to movethrough the IPS with a bounded latency ofless than 150 microseconds, independent ofthe number of filters that are applied.

The TSE architecture also enables trafficclassification and rate shaping. Sophisticatedalgorithms baseline "normal" traffic allowingfor automatic thresholds and throttling sothat mission critical applications are given ahigher priority on the network.

Complete SecurityBuilt on outstanding performance,TippingPoint delivers uncompromising

security. TippingPoint performscomprehensive total packet flow inspectionthrough Layer 7 to continually cleanseInternet and Intranet traffic and accuratelyeradicate attacks (worms, viruses, Trojans,blended threats, Phishing, Spyware, VoIPThreats, DoS, DDoS, Backdoors, Walk-inWorms*, Bandwidth Hijacking) beforedamage occurs. TippingPoint protectsnetwork infrastructure by blocking attacksagainst routers, switches, DNS and otherinfrastructure equipment. ThroughTippingPoint’s Zero-Day Initiative (ZDI),customers are protected against new threatsbefore vulnerabilities are disclosed to thepublic.

*Walk-in Worm: a Worm that spreads from withinan organization by "walking in" on a laptopcomputer.

TippingPoint provides statistical, protocol andapplication anomaly protection to protectagainst traffic surges, buffer overflows,unknown attacks and unknownvulnerabilities. TippingPoint delivers trafficnormalization to eliminate malformed orillegal packets, and performs TCP reassemblyand IP defragmentation, thus increasingnetwork bandwidth and protecting againstevasion techniques. TippingPoint can also actas an access control firewall that can replaceCPU intensive router and switch accesscontrol lists. Additionally, by rate limiting orblocking unwanted traffic, TippingPointconserves bandwidth and server capacity toprovide complete application protection. Acomprehensive list of protection mechanismsis detailed in the figure below.

TippingPoint’s revolutionary Quarantineprotection offers an radical new approach toLAN security. By extending the protectivepower of the IPS down to every endpoint,TippingPoint Quarantine blocks insider

TIPPINGPOINT INTRUSION PREVENTION SYSTEMS

“The way we know thefilters actually improvesecurity is that we have aTippingPoint IPS protectingour customer facing Webapplications. We seeSlammer, port 445 and SQLServer exploits, and exploitsthat normally come throughon port 80. Some of theseexploits would have made itthrough the firewall andinfected the productionsystems. Because of ourTippingPoint IPS deployment,the servers were nevertouched.”

Scott Davis, Enterprise Security Network ManagerT. Rowe Price

threats and walk-in worms, thencommunicates with switching infrastructuresto isolate offending endpoints withremediation VLANs that prevent networkinfection. Unlike cumbersome client-basedsolutions which merely check for endpointconfigurations on Windows PCs, TippingPointQuarantine Protection offers an agentlesssolution that constantly monitors all endpointactivities, instantly eliminating LAN-basedthreats automatically.

X-Series Integrated Security PlatformThe TippingPoint X-Series product linecombines a full enterprise-class IPS with VPN,firewall, Web content filtering, and advancedrouting for a complete perimeter securityappliance for remote branch offices and SMBnetworks. Specially crafted inspectionmodules allow for inspection of encryptedVPN traffic, and can even prioritize theapplications within a VPN tunnel. Thispowerful QoS mechanism allows remote sitesto leverage a centrally located VoIPdeployment across a VPN tunnel withoutdegrading VoIP quality.

World-Class Vulnerability AnalysisThe security team at TippingPoint leads theindustry in vulnerability analysis. TippingPointis the primary author of the SANS @RISKnewsletter, containing the latest informationon new and existing network securityvulnerabilities, with a subscriber base ofnearly 300,000 network security professionalsworldwide. Coordinated by the SANSInstitute and delivered every Thursday, theSANS @RISK newsletter summarizes newlydiscovered vulnerabilities, details their impactand informs of actions large organizationshave taken to protect their users. The SANS@RISK newsletter is available for free athttp://www.sans.org/newsletters/risk/.

Digital Vaccine® Real-Time InoculationEnsuring total security, TippingPoint offersongoing threat prevention against emergingvulnerabilities. In providing the vulnerabilityanalysis for SANS every week, the TippingPointsecurity team simultaneously develops newattack filters to address the vulnerabilities andincorporates these filters into Digital Vaccines.Vaccines are created not only to address specificexploits, but also potential attack permutations,protecting customers from Zero-Day threats.Digital Vaccines are delivered to customersevery week, or immediately when criticalvulnerabilities emerge, and can be deployedautomatically with no user interaction required.

This unique and valuable serviceallows customers to restore efficiencyto the security patching process. Theburden of emergency and ad-hocvulnerability patching is alleviated, asIT personnel can apply patches onlyas required and at regularlyscheduled times.

Enterprise ManagementTippingPoint delivers best-of-breedmanagement capabilities that aresimple to use and extremelypowerful. The TippingPoint SecurityManagement System (SMS) is a hardenedappliance that provides global vision andcontrol for multiple TippingPoint systems. TheSMS is responsible for discovering,monitoring, configuring, diagnosing andreporting for multiple TippingPoint systems.The TippingPoint SMS is a rack mountableappliance that features a state-of-the-artsecure Java client interface that enables "bigpicture" analysis with trending reports,correlation and real-time graphs on trafficstatistics, filtered attacks, network hosts andservices, and IPS inventory and health.

Because the TippingPoint SMS provides ascalable, policy-based operational model, itenables straightforward management oflarge-scale IPS deployments. A typicalnetwork-wide TippingPoint deploymentconsists of SMS Clients (secure Java), acentralized Security Management System(SMS), and multiple TippingPoint systems.

A very effective component ofTippingPoint’s SMS is the SMS dashboard.The dashboard provides at-a-glance monitorsand launch capabilities into targeted

TIPPINGPOINT INTRUSION PREVENTION SYSTEMS

“The management systemis powerful and flexible,yet easy and intuitive touse. The profile editor isthe best we have seen onany IPS/IDS device.”

Bob Walder, PresidentThe NSS Group

managementapplications. TheSMS dashboarddisplays an overviewof currentperformance for allTippingPoint systemsin the network,includingnotifications ofupdates andpotential problemsthat may needattention.

Additionally, every IPS is shipped with anembedded Local Security Manager (LSM) andCommand Line Interface (CLI). The LSM is aWeb GUI management application thatprovides administration, configuration andreporting capabilities in an easy-to-use, secureWeb interface.

Easy to DeployThe TippingPoint IPS is designed for networktransparency:

• The TippingPoint IPS is deployed seamlesslyinto the network with no IP address or MACaddress, and immediately begins filteringout malicious and unwanted traffic.

• The extremely high speed and low latencycapabilities of the IPS enable deployment atthe network edge or core, protecting fromexternal as well as internal threats.TippingPoint enables traffic shaping tosupport critical applications andinfrastructure, and also provides attackisolation and network discovery ofvulnerable devices.

• State of the art “Recommended Filter”settings allow instant deploymentout-of-the-box with no tuning required.

High AvailabilityTippingPoint Intrusion Prevention Systems areunparalleled in High Availability.TippingPoint’s IPS is designed to guaranteethat network traffic always flows at wirespeed in the event of network error, internaldevice error or even complete power loss.Two complementary High Availability modesof operation - Intrinsic High Availability andStateful Network Redundancy - ensure

maximum uptime and availability for boththe IPS devices and the SMS managementdevices.

Several built-in features of the IPS enableIntrinsic High Availability. First, allTippingPoint IPS devices have dual hotswappable power supplies. Secondly,watchdog timers continuously monitor thesecurity and management engines. If aninternal error is detected, TippingPoint canautomatically or manually fall back to asimple Layer 2 device, configurable persegment. Additionally, TippingPoint offers aZero Power High Availability (ZPHA) optionfor copper interfaces. In the event of full datacenter power loss, the interfaces can switchover to the ZPHA external relay to pass alltraffic.

Stateful Network RedundancyTwo TippingPoint IPS’s can be provisioned tooperate in a transparent High Availabilitymode. Because the IPS is a "bump in thewire," does not have an IP address and doesnot participate in routing protocols, pairs of

TippingPoint systems can be deployed inexisting high availability network designswithout changing the network configuration.High availability routing protocols such asVirtual Router Redundancy Protocol (VRRP),Open Shortest Path First (OSPF), and Cisco HotStandby Router Protocol (HSRP) are passedtransparently by the TippingPoint IPS andtherefore operate equally well with aTippingPoint IPS in-line. The pair ofTippingPoint systems can be configured ineither Active-Active or Active-Passive modesto appropriately share state information sothat attack protection is fully maintainedduring and after network outages.

Copyright © 2006 3Com Corporation. 3Com, 3Com logo, TippingPoint Technologies, the TippingPoint logo and Digital Vaccine are registered trademarksof 3Com Corporation. All other company and product names may be trademarks of their respective holders. While every effort is made to ensure theinformation given is accurate, 3Com does not accept liability for any errors or mistakes which may arise. Specifications and other information in thisdocument may be subject to change without notice. 400917-005 12/06

TIPPINGPOINT INTRUSION PREVENTION SYSTEMS

Corporate Headquarters:7501B North Capital of Texas Hwy.Austin, TX 78731+1 512 681 8000+1 888 TRUE IPSwww.tippingpoint.com

European Headquarters:World Trade Centre AmsterdamZuidplein 36, H-Toren1077 XV AmsterdamThe Netherlands+31 20 799 7629

Internet

IPS

“It gave us one less thingto worry about. It is trulya turnkey solution. Wehave the IPS set toautomatically downloadthe Digital Vaccineupdates with therecommended settings toblock attacks. Now, whena new threat terrorizesothers in the earlymorning hours, we resteasy knowing thatTippingPoint’s IPS has aDigital Vaccine protectingus at all times.”

Jonas HirshfieldDirector of Infrastructure Development

Blackboard

Asia-Pacific Headquarters:30, Cecil Street, #18-01Prudential TowerSingapore 049712+65 6213 5999