Login

Please login to Techworld.com

Forgot password?
Need your new account confirmation email resent?
Forgot email?

Not a member yet?

Register for a Techworld Account and enjoy unlimited access to our extensive white paper library and exclusive Enterprise multi-user software trials. Account members can also comment on articles and access best practices guides.

Security

Top How-Tos / Advice articles

TippingPoint launches new IPS despite iffy test

Responds to security criticism.

By John Dunn | Techworld | Published: 16:34, 16 September 2009

Intrusion prevention specialist TippingPoint Technologies has announced two new IPS models for smaller and remote offices only days after a testing company found fault with the entry-level model in the same family.

The TippingPoint 110 and 330 differ from the criticised model, the TippingPoint 10, in their inline throughput capability and number of ports, but use the same Digital Vaccine security updating technology that NSS Labs criticised in its tests.

The 110 and 330 are rated to 100Mbit/s and 300Mbit/s respectively, a packet-moving capability that if the NSS Labs report is anything to go by, is likely to be more than met by the new boxes under real-world loads. The models are also the latest to feature the 3Com-owned company's Zero Power High Availability bypass system which stops the box bringing the network down if the unit fails.

The contentious element of the TippingPoint 10's performance was its ability to spot a chosen group of 622 exploits, with the NSS Labs showing a detection rate of around 40 percent in default mode.

TippingPoint has since defended its products in a blog that took issue with the way products such as these are tested. One test methodology was ‘iterative', that is the vendor was allowed to adjust or tweak the performance of a product under test until it ‘passed' a pre-defined standard, while the other (including the NSS Labs' test of the TippingPoint 10) simply presented a result after the fact without the possibility of such adjustment.

"The danger here is that customers can sometimes view these two testing approaches as the same, mistakenly considering the results apples to apples," says the blog.

The company spokesman, Rohit Dhamankar goes on to suggest that the TippingPoint's detection conservatism in default settings as being necessary to avoid false positives, which could cause commercial damage to any company deploying such a configuration in an online commerce business.

TippingPoint also goes on to state that the company's controversial Zero Day Initiative (ZDI) program, under which independent researchers are paid to report vulnerabilities, has expanded from 600 registered researchers in 2008 to "well over 1,000" in 2009. Given that this reporting is exclusively through TippingPoint, this should in theory improve not hinder the company's security performance compared to rivals.

NSS Labs said it it was in the process of planning a follow-up test of the TippingPoint 10.

Pricing and availability for the 110 and 330 models has not been confirmed.

Send to a friend

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.