> Threat Suppression Engine
> Filtering Technology
   > Vulnerability Filters:
      The Virtual Software Patch
   > Threshold Filters:
      Statistical Anomaly Control
> Phishing Protection
> Spyware Protection
> Quarantine Protection
> Advanced Denial of Service
   Protection
> VoIP Protection

QUICK LINKS
> TippingPoint Data Sheets
> TippingPoint White Papers
> How To Purchase

TippingPoint Filtering Technology

TippingPoint's Intrusion Prevention (IPS) product line simultaneously employs four independent and complementary mechanisms to detect and prevent threats: vulnerability-based filters, attack signatures, and traffic and protocol anomaly filters. The ability to apply all four mechanisms simultaneously is predicated on TippingPoint's purpose-built Threat Suppression Engine ASIC.

Vulnerability-based filters protect vulnerabilities in operating systems and applications, and are not exploit specific. These filters behave like a network-based virtual software patch to protect downstream hosts from network-based attacks on unpatched vulnerabilities. Vulnerability filters are created as soon as new vulnerabilities are discovered to preempt any attacks. These filters operate on reassembled layer-7 information to fully inspect application flows. Filter rules can be specified to detect conditions that violate a particular application implementation flaw (e.g., buffer overflow application anomaly) or a protocol specification (e.g., RFC anomaly).

Traffic anomaly filters are used to detect changes in traffic patterns. These filters are adaptive and learn about "normal" traffic patterns for the particular environment the TippingPoint IPS is placed in. Once traffic is baselined, these filters will detect statistical anomalies based on tunable thresholds. Traffic anomaly filters are effective against distributed denial of service attacks, unknown worms, rogue applications and other zero-day exploits. Of particular importance is the TippingPoint's ability to rate-shape traffic flows based on application types, protocols, or IP addresses. Protocol anomaly filters detect out-of-spec network traffic. The anomaly filters detect conditions that are both necessary to an attack's success and guaranteed never to occur in normal traffic. These filters can detect multiple attacks without false negatives and without false positives.

Attack signatures protect against attacks that do not necessarily exploit vulnerabilities such as viruses and Trojans. These filters assume knowledge of a given attack and are able to detect them in their executable form.

• Out of the box security performance is only possible with all three types of prevention.
• Zero-Day attack prevention and "unknown" attack prevention is predicated on vulnerability filters and anomaly-based detection.
• Each form of protection can map to a variety of actions including: complete protection (blocking), rate limiting, email notification, syslog and full network management system support thru our SMS or a third party system. Our management API allows you to extend our product to monitor your network operations.
• Anomaly-based prevention ensures that applications are behaving properly by automatically normalizing anomalous traffic according to security policy set in TippingPoint's management system.
• TippingPoint's Traffic Thresholding features enable security policy implementation based on the number of bytes in a particular stream, connections and packets from particular hosts with user-defined time frames such from "per minute" to "per month."