Intrusion Prevention Systems

Protection has never been more powerful. UnityOne is the industry's leading Intrusion Prevention System(IPS), unrivaled in security, performance, high availability and ease-of-use. As the only Intrusion PreventionSystem to receive the NSS Gold Award and Common Criteria certification, among many other awards,UnityOne is the defining benchmark for network-based intrusion prevention.

PROACTIVE NETWORK SECURITY

Intrusion Detection Systems, by definition, only detectand do not block unwanted traffic. The UnityOne IPSoperates in-line in the network, blocking malicious andunwanted traffic, while allowing good traffic to passunimpeded. In fact, UnityOne optimizes the performance of good traffic by continually cleansing the networkand prioritizing applications that are mission critical. UnityOne's high performance and extraordinary intrusionprevention accuracy have redefined network security, and fundamentally changed the way people protecttheir organization.

No longer is it necessary to clean up after cyberattacks have compromised your servers andworkstations. No more ad-hoc and emergency patching.No more out of control, rogue applications like Peer-to-Peer and Instant Messaging running rampant throughoutthe network. Denial-of-Service attacks that choke Internetconnections or crash mission critical applications are athing of the past.

UnityOne solutions continuously decrease IT security costby eliminating ad-hoc patching and alert response, and continuously increase IT productivity and profitabilitythrough bandwidth savings and protection of critical applications.

UNPARALLELED PERFORMANCE

TippingPoint’s products are the best performing inthe industry. Blocking cyber-attacks at multi-gigabitspeeds with extremely low latency requires purpose-builthardware, and only TippingPoint has taken such arevolutionary architectural approach needed for trueIntrusion Prevention. Traditional software and appliancesolutions operate on general-purpose hardware andprocessors and are simply unable to perform withoutdegrading network performance. Through rigorous third-party testing, TippingPoint has demonstrated Intrusion Prevention at multi-gigabit speeds, with extraordinaryattack prevention accuracy. TippingPoint’s UnityOne is proven in the industry as the most secure, highestperforming platform for Intrusion Prevention.

SWITCH-LIKE PERFORMANCEMulti-Gigabit Per Second Attack Filtering• UnityOne-50 (50 Mbps)• UnityOne-200 (200 Mbps)• UnityOne-400 (400 Mbps)• UnityOne-1200 (1.2 Gbps)• UnityOne-2400 (2.0 Gbps)• UnityOne-2000 (2.0 Gbps)Latency < 215 µsecReal World TCP/UDP Traffic MixTwo Million+ Simultaneous Sessions• TCP/UDP/ICMP250,000+ Connections Per Second

CLIENT AND SERVER PROTECTIONPrevent Attacks on Vulnerable Applications and Operating SystemsEliminate Costly Ad-Hoc PatchingMulti-Mode Attack Blocking

NETWORK INFRASTRUCTUREPROTECTION

Protect Cisco IOS, DNS and Other InfrastructureProtect Against Traffic Anomaly, DoS, SYN Floods, Process Table FloodsAccess Control Lists

TRAFFIC NORMALIZATIONIncrease Network Bandwidth and Router PerformanceNormalize Invalid Network TrafficOptimize Network Performance

APPLICATION PERFORMANCEPROTECTION

Increase Bandwidth and Server CapacityRate-Limit or Block Unwanted Traffic • Peer-to-Peer/Instant MessagingGuarantee Bandwidth for Critical Applications

DIGITAL VACCINETM REAL-TIMEINOCULATION

Protection Against Zero-Day AttacksAutomatic Distribution of Latest Filters

SECURITY MANAGEMENT SYSTEMManage Up To 1,000 UnityOne SystemsAt-A-Glance DashboardAutomatic ReportingDevice Configuration and MonitoringAdvanced Policy Definition and Forensic Analysis

HIGH AVAILABILITY AND STATEFULNETWORK REDUNDANCY

Dual-Power SuppliesLayer 2 FallbackActive-Active or Active-Passive Stateful RedundancyZero Power High Availability

Datasheet—U1001

The Platform for Unrivaled Security and Performance

THREAT SUPPRESSION ENGINE

The UnityOne ASIC-based Threat Suppression Engine (TSE) is the underlying technology that hasrevolutionized network protection. Through a combination of pipelined and massively parallel processinghardware, the TSE is able to perform thousands of checks on each packet flow simultaneously. The TSE

architecture utilizes custom ASICs, a 20 Gbps backplane and high-performance network processors to perform total packet flow inspection atLayers 2-7. Parallel processing ensures that packet flows continue to movethrough the IPS with a bounded latency of less than 215 microseconds,independent of the number of filters that are applied.

The UnityOne TSE architecture also enables traffic classification and rateshaping. Sophisticated algorithms baseline "normal" traffic allowing forautomatic thresholds and throttling so that mission critical applications aregiven a higher priority on the network.

COMPLETE SECURITY

Built on outstanding performance, UnityOne deliversuncompromising security. UnityOne performs comprehensive totalpacket flow inspection through Layer 7 to continually cleanse Internet andIntranet traffic and accurately eradicate attacks (worms, viruses, Trojans,blended threats, DoS, DDoS, Backdoors, Walk-in Worms*, BandwidthHijacking) before damage occurs. UnityOne protects network infrastructure

by blocking attacks against routers, switches, DNS and other infrastructure equipment.

*Walk-in Worm: a Worm that spreads from within an organization by "walking in" on a laptop computer.

UnityOne provides statistical, protocol and application anomaly protection to protect against traffic surges,buffer overflows, unknown attacks and unknown vulnerabilities. UnityOne delivers traffic normalization toeliminate malformed or illegal packets, and performs TCP reassembly and IP defragmentation, thusincreasing network bandwidth and protecting against evasion techniques. UnityOne can also act as anaccess control firewall that can replace CPU intensive router and switch access control lists. Additionally, byrate limiting or blocking unwanted traffic, UnityOne conserves bandwidth and server capacity to providecomplete application protection. Comprehensive features include:

WORLD-CLASS VULNERABILITY ASSESSMENT

The security team at TippingPoint leads the industryin vulnerability analysis. TippingPoint is the primaryauthor of the SANS @RISK newsletter, containing thelatest information on new and existing network securityvulnerabilities, with a subscriber base of nearly 200,000network security professionals worldwide. Coordinated bythe SANS Institute and delivered every Thursday, theSANS @RISK newsletter summarizes newly discoveredvulnerabilities, details their impact and informs of actions large organizations have taken to protect theirusers. The SANS @RISK newsletter is available for free at http://www.sans.org/newsletters/risk/.

DIGITAL VACCINE REAL-TIME INOCULATION

Ensuring total security, TippingPoint offers ongoing threat preventionagainst emerging vulnerabilities. In providing the vulnerability analysis forSANS every week, the TippingPoint security team simultaneously developsnew attack filters to address the vulnerabilities and incorporates these filtersinto Digital Vaccines. Vaccines are created not only to address specificexploits, but also potential attack permutations, protecting customers fromZero-Day threats. Digital Vaccines are delivered to customers every week,or immediately when critical vulnerabilities emerge, and can be deployedautomatically with no user interaction required.

This unique and valuable service allows customers to restore efficiency tothe security patching process. The burden of emergency and ad-hocvulnerability patching is alleviated, as IT personnel can apply patches onlyas required and at regularly scheduled times.

ENTERPRISE MANAGEMENT

TippingPoint delivers best-of-breed management capabilities that are simple to use and extremelypowerful. The UnityOne Security Management System (SMS) is a hardened appliance that provides globalvision and control for multiple UnityOne systems. The SMS is responsible for discovering, monitoring,configuring, diagnosing and reporting for up to 1,000 UnityOne systems. The UnityOne-SMS is a rackmountable appliance that features a state-of-the-art secure Java client interface that enables "big picture"analysis with trending reports, correlation and real-time graphs on traffic statistics, filtered attacks, networkhosts and services, and UnityOne inventory and health.

Because the UnityOne-SMS provides a scalable, policy-based operational model, it enables straightforwardmanagement of large-scale IPS deployments. A typical network-wide UnityOne deployment consists of SMSClients (secure Java), a centralized Security ManagementSystem (SMS), and multiple UnityOne systems.

A very effective component of the UnityOne-SMS is the SMSdashboard. The dashboard provides at-a-glance monitorsand launch capabilities into targeted managementapplications. The SMS dashboard displays an overview ofcurrent performance for all UnityOne systems in the network,including notifications of updates and potential problems thatmay need attention.

Additionally, every UnityOne IPS is shipped with anembedded Local Security Manager (LSM) and CommandLine Interface (CLI). The LSM is a Web GUI managementapplication that provides administration, configuration andreporting capabilities in an easy-to-use, secure Webinterface.

UnityOne-SMS

UnityOne Intrusion Prevention Systems

EASY TO DEPLOY

The UnityOne IPS is designed for network transparency:

• The UnityOne IPS is deployed seamlessly into the network with no IP address or MAC address, and immediately begins filtering out malicious and unwanted traffic.

• The extremely high speed and low latency capabilities of the UnityOne enable deployment at the network edge or core, protecting from external as well as internal threats. The UnityOne enables traffic shaping to support critical applications and infrastructure, as well as provides attack isolation and network discovery of vulnerable devices.

• State of the art “Recommended Filter” settings allow instant deployment out-of-the-box with no tuning required.

HIGH AVAILABILITY

UnityOne Intrusion Prevention Systems are unparalleled in High Availability.The UnityOne is designed to guarantee that network traffic always flows at

wire speed in the event of network error, internal device error or even complete power loss. Twocomplementary High Availability modes of operation - Intrinsic High Availability and Stateful NetworkRedundancy - ensure maximum uptime and availability.

Several built-in features of UnityOne enable Intrinsic HighAvailability. First, all UnityOne IPS devices have dual hotswappable power supplies. Secondly, watchdog timerscontinuously monitor the security and managementengines. If an internal error is detected, the UnityOne canautomatically or manually fall back to a simple Layer 2device, configurable per segment. Additionally, TippingPointoffers a Zero Power High Availability (ZPHA) option forcopper interfaces. In the event of full data center powerloss, the interfaces can switch over to the ZPHA externalrelay to pass all traffic.

STATEFUL NETWORK REDUNDANCY

Two UnityOne systems can be provisioned to operate in a transparent High Availability mode. Because theUnityOne is a "bump in the wire," does not have an IP address and does not participate in routing protocols,pairs of UnityOne systems can be deployed in existing high availability network designs without changingthe network configuration. High availability routing protocols such as Virtual Router Redundancy Protocol(VRRP), Open Shortest Path First (OSPF), and Cisco Hot Standby Router Protocol (HSRP) are passedtransparently by the UnityOne and therefore operate equally well with a UnityOne in-line. The pair ofUnityOne systems can be configured in eitherActive-Active or Active-Passive modes toappropriately share state information so thatattack protection is fully maintained during andafter network outages.

Internet

Perimeter Core Internal

Protects Against

External Attacks

Protects Core

Assets

Protects Against

Internal Attacks

LAN Segment

LAN Segment

Headquarters:

7501B North Capital of Texas Hwy.Austin, TX 7873188-UNITYONEwww.tippingpoint.com

International Headquarters:

Joop Geesinkweg 901 - 9991096 AZ AmsterdamThe Netherlands+31 (0) 20 561 6222

Copyright ©2004 TippingPoint Technologies, Inc. All rights reserved. TippingPoint Technologies, the TippingPoint logo, UnityOne, theUnityOne logo and Digital Vaccine are registered trademarks of TippingPoint Technologies, Inc.

R