Network IPS Buyer's Guide: HP TippingPoint
DVLabs, ZDI, and Rep DV help HP TippingPoint offer bleeding-edge protection
As the threat landscape evolved, Network Intrusion Detection and Prevention Systems (NIDS / NIPS) became an enterprise best practice to spot and automatically block attacks. In this edition of Enterprise Networking Planet's NIPS buyer's guide, we examine the capabilities and features offered by HP TippingPoint, the company that founded the popular and somewhat controversial Zero Day Initiative (ZDI) program.
Keeping up with emerging threats
TippingPoint founded ZDI back in 2005 to leverage the collective power of security researchers by paying those who reported new threats. Although TippingPoint has its own internal research arm -- DVLabs -- the ZDI program was intended to greatly expand the pool of resources used to discover vulnerabilities, give those who do financial incentive to report them responsibly, and help TippingPoint protect its NIPS customers until affected vendors release security patches.
According to Michael Callahan, Director of Worldwide Marketing at HP TippingPoint, about 1,500 researchers around world are involved in ZDI, managed out of TippingPoint's labs. "When we started to pay researchers for discovering security vulnerabilities, it was controversial at the time - but in hindsight it was innovative. Last year, this very successful program discovered 319 new vulnerabilities."
TippingPoint benefits by expanding its own IPS filters to stop attackers from exploiting discovered vulnerabilities But the end goal is to notify product vendors of vulnerabilities, giving them an opportunity to issue security patches before real-world damage can be done. But TippingPoint found that some vendors were not issuing patches very quickly.
To encourage a broader community to fix vulnerabilities faster, TippingPoint instituted a 6 month time frame to fix, after which it now publicly discloses vulnerabilities. Of the 190 vulnerabilities that were open when this was announced last August, just 20 (10 percent) were still unresolved this February, six months later.
"Previously, we kept undisclosed vulnerabilities in our database as they continued to age - some were over 2 years old," said Callahan. "Now it looks like vendors are fixing things much faster, and six months should be long enough to develop and test a fix. The vulnerabilities that have been closed here are significant, with CVS scores in 8-10 range."
Using NIPS to close the gap
Callahan stressed that, during those six months, TippingPoint's own customers were protected by NIPS filters, developed by DVLabs. To deploy those filters on an intrusion detection and prevention platform, TippingPoint (acquired from 3Com by HP last year) sells a series of purpose-built, dedicated appliances known as the HP S IPS Series.