Professional Documents
Culture Documents
TippingPoint IPS - Quick Overview
TippingPoint IPS - Quick Overview
Quick Overview
TippingPoint History
What We Do
State-of-the-Art Intrusion Prevention Systems
Network-Based Security
Every form of user, device and traffic security possible should be provided
from within the network
Bump in the wire device that Classifies and Enforces policy-based action
Clean
Traffic
Dirty
Traffic
Worms
Trojans
Viruses
Spyware
DoS
Purpose-Built
Custom Hardware
High availability
Multi-gigabit Throughput
Switch-like latency
Millions of Sessions
Thousands of Filters
Signatures
Protocol anomalies
Vulnerability
Traffic anomaly
Intelligence Updates
Digital Vaccine
Automatic
Protection
Applications
Operating Systems
Clients, Servers
Network Performance
VoIP Infrastructure
Routers, Switches
TippingPoints Intrusion
Prevention System is the
FIRST and ONLY product
to win the coveted NSS
Gold Award in the IPS
space.
10
Automotive
Education
Financial
Government
Media
Healthcare
Retail
Technology
Transportation
Energy
Service Provider
11
Biotech/Chemical
Viruses, Trojans
DDoS Attacks
Internal Attacks
Unauthorized Access
Spyware
High performance custom H/W
Operating Systems
Oracle Applications
Linux O/S
VoIP
In-line
5 Gbps throughput
FROM
PROTECTS
Switch-like latency
Worms/Walk-in Worms
Routers (e.g. Cisco IOS)
2M sessions; 250K
Viruses,sessions/sec
Trojans
Switches
DDoS Attacks
Total flow inspection
Firewalls (e.g. Netscreen,
SYNqueues
Floods
CheckPoint FW1)
64K rate shaping
Traffic Anomalies
VoIP
Automated
PROTECTS
FROM
Highly accurate
Peer-to-Peer Apps
Bandwidth
Unauthorized
Recommended
settings IM & other Apps
Server Capacity
DDoS
Attacks
Missions-Critical
Traffic
Vulnerability,
exploit,
anomaly, traffic control
Evergreen
Constant update protection service
In-line,
Automated, Evergreen
Bi-weekly Digital Vaccine
Attack Prevention
WAN Perimeter
Data
Center
Web Infrastructure
Hacker sends
Microsoft
patch e-mail
Employee clicks link to
hacker- controlled Web site
Worms
Trojans
DDoS
Viruses
Spyware
Non-Targeted
Attacks
Targeted
Infrastructure
Attack
Targeted
Application
Attacks
Spear Phishing
Modern
Blended / Targeted
Attacks
IDS
Priority
Stability
#1
#4
Performance
#2
#3
Priority
#3
#2
#4
#1
ISS
Fortinet
BroadWeb
Test Results
Highest Throughput
Lowest Latency
100% Filter Accuracy
Depth and Breadth of
Coverage
Term
Definition
Vulnerability
Exploit
Exploit Filter
Vulnerability
Filter
(coarse signature)
Simple
Exploit A
Filter
Exploit A
Fingerprint
30 security researchers
5 QA engineers
100% focused on IPS filter
development
Unparalleled security and
networking expertise
Digital Vaccine group
monitors cyber threats
Writes the SANS@ Risk
newsletter prioritizing
critical malicious threats
Vendor Advisories
Security Mailing Lists
Honeynet Activity
Underground chatter
TippingPoint Labs Research
Zero Day Initiative
@RISK
Digital Vaccine
Automatically
Delivered to
Customers
Vulnerability Analysis
Vaccine Creation
Weekly Report
Intelligence Collaboration
VOIPSA
Some Current Members include:
Testing Tool Vendors
Agilent
Codenomicon
Spirent Communications
Consultants
Accenture
PriceWaterhouseCoopers
Miercom
Security Vendors/Providers
Borderware
Enterasys Networks
Foundstone
ICSA Labs
InfraVAST
Insightix
Internet Security Systems
nCircle
Qualys
Sonicwall
Sourcefire
Symantec
Tenable Network Security
The SANS Institute
TippingPoint
VeriSign
VoIP Providers
AT&T
Bell Canada
Cable and Wireless
Charter
Cox Communications
Level3
MCI
Qwest
SBC
Sprint
Telcordia
Time Warner
Verizon Communications
VoIP Vendors
3Com
Alcatel
Alltel
Avaya
Acme Packet
Arbor Networks
Enterasys Networks
Extreme Networks
Juniper
Mitel
NetCentrex
Nortel
Samsung Telecommunications America
SecureLogix
Siemens
Uniden
SQL Injection,
DHCP resource exhaustion
Physical Security
Shameless Plug
We performed research for a book on VoIP Security
coming out in December
We released many new VoIP security tools at the
2006 Black Hat conference in Las Vegas
http://www.hackingvoip.com
Investigation Leadership
Timeline
ZDI portal online at www.zerodayinitiative.com
100%
85%
77%
58%
58%
33%
98%
81%
73%
62%
55%
45%
Depth of Coverage
30
Responsiveness of Coverage
Average response times were calculated only on the vulnerabilities that the vendor covered
If an IPS vendor provided protection before a vulnerability was disclosed, this accounted for a
negative number of days in its response
Manufacturer Recognitions
Manufacturer Recognitions
Source: Frost & Sullivan, An Analysis of Vulnerability Discovery and Disclosure 1Q05-3Q06, January 2007
Source: Frost & Sullivan, An Analysis of Vulnerability Discovery and Disclosure 2008
Source: Frost & Sullivan, An Analysis of Vulnerability Discovery and Disclosure 2008
TippingPoint
10
Performance
Inspected
Throughput
TippingPoint
210E
TippingPoint
600E
TippingPoint
1200E
TippingPoint
2400E
TippingPoint
5000E
20 megabits per
second
< 1 millisecond
< 84 microseconds
< 84 microseconds
< 84 microseconds
< 84 microseconds
250,000
1,000,000
2,000,000
2,000,000
2,000,000
2,000,000
Total Sessions
3,600+
7,500+
92,000
215,000
350,000
350,000
Connections Per
Second
n/a
150,000
1,170,000
2,344,000
3,000,000
3,000,000
Four 10/100/1000
Ethernet Ports
Copper Only
Total Segments - 2
Ten 10/100/1000
Ethernet Ports
Copper Only
Total Segments - 5
Eight 10/100/1000
Ethernet Ports
Fiber and Copper
Total Segments - 4
Eight 10/100/1000
Ethernet Ports
Fiber and Copper
Total Segments - 4
Eight 10/100/1000
Ethernet Ports
Fiber and Copper
Total Segments - 4
Eight 10/100/1000
Ethernet Ports
Fiber and Copper
Total Segments - 4
Typical Latency
Invalid
SYNs/Second Under
SYN Flood
POWER SUPPLY
Scalability
48 1Gbps ports
NEW
10 Gbps
10 Gbps
TippingPoint IPS
1 Gbps
TippingPoint IPS
TippingPoint IPS
Core Controller
10 Gbps
10 Gbps
Internal
Network
Security Posture
Assessments (SPA)
Comprehensive network
security evaluation to
identify internal and external
infrastructure vulnerabilities,
weaknesses, and exposures
Training
Basic, advanced, and expert
level training courses
delivered globally by
experienced subject matter
experts
TippingPoint
Digital Vaccine
Service
Thank You
www.tippingpoint.com
+1 888 TRUE IPS (+1 888 878 3477)