|
|
|
|
|
|
|
|
|
||
|
|
||
|
Partner With Us |
Intrusion
Detection Systems:
TippingPoint Technologies
TippingPoint combines intrusion detection with firewalling
and adds a vulnerability assessment system—all rolled up into
a single unified network defense appliance dubbed UnityOne.
[April 17, 2002] |
 |
TippingPoint Technologies was formed last year when NetPliance exited the Internet appliance market. At the time, the company was renamed to reflect its shift in focus towards security appliances. Kent Savage, TippingPoint chief marketing and sales officer, explains that the management's legacy includes a number of successful Internet startups.
The first of those was NetWorth, an early provider of Fast Ethernet,
which was sold to Compaq Computer in 1995. ADSL equipment manufacturer
NetSpeed followed, which was bought by Cisco Systems in 1998. TippingPoint's
security focus, Savage says, was a logical next step. "We decided to apply
our networking experience toward solving the security issues facing the
enterprise and government sectors," he said.
|
TippingPoint
Technologies |
 |
TippingPoint began developing its product about 18 months ago. "We concluded that today's security issues really screamed out for a hardware-based solution," Savage said. "So we used network processor technology and wrapped around it some hardware-specific ASIC elements to create what we call a Threat Suppression Engine."
"That resulted in the ability to assess, detect, and block threats at line speed," Savage said. "It's an intelligent, high-speed threat suppression engine that runs at two and a half gigabits per second. From there, we unified a firewall, vulnerability assessment scanner, and intrusion detection system into one application suite that sits on top of this high speed engine."
Better defense
Marc Willebeek-LeMair, TippingPoint chief technology and strategy officer,
says the creation of the application suite was anything but random. "We
didn't put three applications in just because those applications were
there," Willebeek-LeMair said. "That certainly helps from an economic
perspective, but the truth is that having those three things interlocked
in one appliance really makes for better defense."
According to Willebeek-LeMair, false positives are often generated because the IDS doesn't know how what elements should or shouldn't be a part of a specific network. When vulnerability assessment, firewall, and IDS are combined, that weakness is eliminated. "By knowing specifically what is in an enterprise network, we can know whether something is malicious in a specific environment," he said.
The point, Willebeek-LeMair explains, is that TippingPoint is looking far beyond IDS. "This isn't about detecting malicious traffic entering your network," he said. "This is about preventing the passage of that traffic through the network. That's where the line between IDS and firewall becomes blurred. Having the combination of the two makes it a real protection mechanism, rather than just a detection mechanism."
Willebeek-LeMair contends that simply connecting the elements involved
won't give you the same protection as TippingPoint's unified appliance.
"The concept of sending a TCP reset or trying to signal the firewall or
the router once something malicious has occurred, as most IDSes do today,
is very limiting," he said. "You need to be in line in order to block
malicious traffic."
 
|
TippingPoint launched its UnityOne appliances on February 19 this year. The UnityOne-600 is a 600 Mbps appliance (right), and the high-performance UnityOne-2000 operates at 2 Gbps (also right). Aside from the difference in performance, the feature sets of the two appliances are identical. The UnityOne-600 is priced at $69,995, and the UnityOne-2000 costs $99,995.
A variety of management options are available. Each appliance comes with
a Local Security Manager, or LSM, which runs on the appliance itself.
A more advanced option is the Security Management System, or SMS, which
provides a comprehensive view of the network environment and allows you
to manage up to 1,000 UnityOne appliances enterprise-wide (below).
 |
TippingPoint's Threat Management Center in Austin, Texas runs the company's Digital Vaccine service, which provides real-time signature updates for the appliances. "We don't live in a static world: it's a continuous, evolving threat that we're dealing with," Savage said. "We provide the mechanism whereby you can continuously update the UnityOne in the field: it's 2,000 signature types and counting."
The signature updates are available for customers to download through TippingPoint's web portal for free, or can be sent directly to a customer's Security Management System through a subscription to the Digital Vaccine service. The service costs $10,000 per month per SMS, regardless of the number of UnityOne appliances being managed.
Guaranteed game plan
For ISPs, Savage suggests, the UnityOne appliance can provide an attractive
way to enter the managed security services market. "It's very challenging
for a managed service provider to have expertise in three separate products,"
he said. "There's also simply no way to offer any kind of a service level
agreement, which prevents ISPs today from having a compelling offering
for enterprises."
UnityOne's combined appliance allows an ISP to offer a single box that is simpler to manage, and which enables the ISP to actually provide a service guarantee. "Now the service provider can offer stronger security with one management console, and the ability to guarantee to block certain threat types-which translates to an SLA," Savage said.
Michael Rasmussen, Senior Industry Analyst at the Giga Information Group, agrees that TippingPoint is doing the right thing by focusing on a hardware-based solution. "They're going in the right direction," Rasmussen said. "I see firewalls becoming more and more a hardware appliance, which the likes of Check Point don't really offer."
Rasmussen isn't as optimistic, however, about TippingPoint's combination of three solutions in one box. "My experience has been that people don't put all their eggs in one basket," he said. "They don't look for the all-in-one solution. They'll pick best of breed IDS, best of breed firewall, and best of breed vulnerability assessment scanner. Putting them all together might actually limit them."
Savage contends, however, that the future of the industry lies with this kind of unified solution. "You're now seeing the crossover of network infrastructure and security," he said. "There's a consolidation happening, not only in the industry but also within the enterprise itself. The industry is going to morph in that direction, and we're one of the lightning rods to that. This is the trend you'll see moving forward."
— End
Online Resources:
Intrusion
Detection Systems Directory
IDS
Quick Reference Chart
| Related articles: | ||
| [Dec. 24, 2001] | White Paper: Reducing Network Security Risk | |
| [Sept. 25, 2001] | Physical Security Augments Logical Security | |
| [July 11, 2001] | ISP-Planet Survey: MSSPs | |
ISP-Planet's
RSS feed
The Network for Technology Professionals
Legal Notices, Licensing, Permissions, Privacy Policy.
Advertise | Newsletters | E-mail Offers