Network IPS Buyer's Guide: HP TippingPoint - Page 3

 By Lisa Phifer
Page 3 of 3   |  Back to Page 1
Print Article

"For example, on a trading floor, you might have proprietary trading apps and analytics. If your IT and ops people find vulnerabilities that need to be address[ed], you can't tell traders to take the next 4 hours off while you develop and patch the problem," said Callahan. "However, it's really important that when you're sitting in-line, you don't stop good traffic. If you're not skilled in creating filters, you could impact your network."

To meet this need, HP TippingPoint recently released a Digital Vaccine Toolkit. This toolkit uses wizards to let TippingPoint customers generate their own filters, in effect deploying "virtual patches" to protect themselves from vulnerability exploitation. Filters created by using the Digital Vaccine Toolkit can be applied directly to a single IPS or the SMS console can be used to quickly update all systems.

Moving beyond filters

In addition, HP TippingPoint now offers a Reputation Digital Vaccine Service (Rep DV). This service uses IPv4/IPv6 and DNS security intelligence feeds -- including Web threat intelligence sourced from ipTrust -- to maintain a global reputation database, updated every two hours. Rep DV lets customers create reputation-based policies that are then enforced by TippingPoint IPS products.

Finally, at RSA 2011, HP demonstrated its TippingPoint, ArcSight, and Fortify acquisitions, all working together to automate risk management. "Consider an online ticket supplier, where someone has decided to fill up shopping carts but never check out. Fortify notices that something is going on and polls ArcSight, which sees that many reservations are coming the same IP. TippingPoint can then block that IP address. We're now bringing these systems together to stop threats that traditional systems can't," said Callahan.

Bottom line

TippingPoint has a lengthy history in the network intrusion detection and prevention market. Acquisition by 3com and now HP will no doubt lead to TippingPoint integration in more network devices (like HP switches and firewalls). But, according to Callahan, one key advantage held by TippingPoint remains unchanged.

"Your IPS is only as good as the threat intelligence behind it," he said "There will always be new developments in terms of throughput and scanning capabilities, using state of the art chipsets. Many industry players will continue to move forward this way, including TippingPoint."

But Callahan DVLabs, the DVI program, and new services like Rep DV give TippingPoint unique advantages. "We knew about 319 threats that nobody else did last year. We were more often credited with discovering vulnerabilities in applications like Adobe. This kind of threat intelligence puts us in an excellent position for very fast turn-around: researchers notify us, we check it out, we notify vendors, and create a filter." By reducing time to mitigation, TippingPoint closes the window on potential exploits.

Lisa Phifer owns Core Competence, a consulting firm focused on business use of emerging network and security technologies. With over 25 years in the network industry, Lisa has reviewed, deployed, and tested network security products for nearly a decade.

This article was originally published on Apr 16, 2011
Get the Latest Scoop with Networking Update Newsletter