Rest Easy.... Be Secure with Chapel |
____________________________________________________________
Every day hundreds of thousands of hack attempts occur on our network. In November 2007 we have begun an undertaking of drastic steps to stay ahead of those that wish to do your sites and your data harm. Aside from our existing Cisco Network and firewalls we have now installed cutting edge IPS or Intrusion Prevention Systems from 3Com, the world leader in Intrusion Prevention. These devices are far different than the older IDS or Intrusion Detection Systems that are used by most data centers. The greatest difference is our equipment intercepts, inspects and either cleans or destroys damaging activity. We not only DETECT those pesky intruders we KILL THEM. The TippingPoint Intrusion Prevention System (IPS) delivers the most powerful network protection in the world. The TippingPoint IPS is an in-line device that is inserted seamlessly and transparently into the network. As packets pass through the IPS, they are fully inspected to determine whether they are legitimate or malicious. This instantaneous form of protection is the most effective means of preventing attacks from ever reaching their targets. TippingPoint's Intrusion Prevention Systems provide Application Protection, Performance Protection and Infrastructure Protection at gigabit speeds through total packet inspection. Application Protection capabilities provide fast, accurate, reliable protection from internal and external cyber attacks. Through its Infrastructure Protection capabilities, the TippingPoint IPS protects VoIP infrastructure, routers, switches, DNS and other critical infrastructure from targeted attacks and traffic anomalies. TippingPoint's Performance Protection capabilities enable customers to throttle non-mission critical applications that hijack valuable bandwidth and IT resources, thereby aligning network resources and business-critical application performance. The system is built upon TippingPoint's Threat Suppression Engine (TSE) - a highly specialized hardware-based intrusion prevention platform consisting of state-of-the-art network processor technology and TippingPoint's own set of custom ASICs. The TippingPoint ASIC-based Threat Suppression Engine is the underlying technology that has revolutionized network protection. Through a combination of pipelined and massively parallel processing hardware, the TSE is able to perform thousands of checks on each packet flow simultaneously. The TSE architecture utilizes custom ASICs, a 20 Gbps backplane and high-performance network processors to perform total packet flow inspection at Layers 2-7. Parallel processing ensures that packet flows continue to move through the IPS with a latency of less than 84 microseconds, independent of the number of filters that are applied. The TippingPoint TSE architecture also enables traffic classification and rate shaping. Sophisticated algorithms baseline "normal" traffic allowing for automatic thresholds and throttling so that mission critical applications are given a higher priority on the network. The integral part of the TippingPoint solution is the DIGITAL VACINE Service. Developed by TippingPoint's world-renowned security researchers (DVLabs), the Digital Vaccine service delivers comprehensive security filters to TippingPoint Intrusion Prevention Systems to to pre-emptively protect against the exploit of new and zero-day vulnerabilities. These filters, created to block multiple attack variants on a single vulnerability versus a simple exploit, provide attack recognition accuracy without compromising network performance. Digital Vaccine updates are automatically delivered every week, or immediately when critical vulnerabilities and threats emerge. TippingPoint's "Recommended Settings" provide preconfigured policies to automatically and accurately block attacks without any tuning, significantly reducing the amount of time and resources required to protect and maintain a healthy network. |
Features and Benefits | ||
Switch-Like Performance Multi-Gigabit Per Second Attack Filtering Latency < 84 μsec Real World TCP/UDP Traffi c Mix Two Million+ Simultaneous Sessions TCP/UDP/ICMP 1,000,000+ Connections Per Second |
Comprehensive Threat Protection VoIP Phishing Worms Quarantine OS Vulnerabilities DDoS P2P Spyware Viruses ZDI |
|
Client and Server Protection Prevent Attacks on Vulnerable Applications & Operating Systems Eliminate Costly Ad-Hoc Patching Multiple Filtering Methods |
Network
Infrastructure Protection Protect Cisco IOS, DNS and Other Infrastructure Protect Against Traffi c Anomaly, DDoS, SYN |
|
High Availability and Statefull Network Redundancy Dual-Power Supplies Layer 2 Fallback Active-Active or Active-Passive Statefull |
Application Performance Protection Increase Bandwidth and Server Capacity Rate-Limit or Block Unwanted Traffi c (P2P/IM) Guarantee Bandwidth for Critical Applications |
|
Traffic Normalization Increase Network Bandwidth and Router Performance Normalize Invalid Network Traffic Optimize Network Performance |
Digital
Vaccineฎ Real-Time Inoculation World-Renowned Security Research Team Protection Against Zero-Day Attacks Automatic Distribution of Latest Filters |
|
Security Management System Manage Multiple TippingPoint Systems At-A-Glance Dashboard Automatic Reporting Device Configuration and Monitoring Advanced Policy Definition and Forensic Analysis |
Floods,
Process Table Floods Access Control Lists |
Rest Easy .....Be Safe
TippingPoint
Intrusion Prevention Systems Overview
TippingPoint
IPS Technical Specifications
TippingPoint
Digital Vaccine
2007 -2008 Chapel Communications Inc