This article can also be found in the Premium Editorial Download "Information Security magazine: Security Products Readers' Choice Awards 2007."
Download it now to read this article plus other related content.
GOLD | TippingPoint Intrusion Prevention System
One of the most critical components of any IT security program is the ability to detect or prevent network intrusions
The TippingPoint IPS is an inline device that gives packets a thorough inspection to determine if they're malicious. This instantaneous protection is the most effective means of preventing attacks from reaching their targets, says Neal Hartsell, TippingPoint's vice president of marketing. TippingPoint is a division of 3Com.
"Customers are looking for an inline device that actively takes malicious traffic out of their network--plain and simple," he says. "Customers come to us and say they want the traffic removed in a transparent way that doesn't affect network infrastructure or user connectivity."
According to the vendor's Web site, TippingPoint IPS provides application, performance and infrastructure protection at gigabit speeds through total packet inspection. Application protection capabilities provide fast, accurate, reliable protection from internal and external attacks. The product is designed to protect VoIP infrastructure, routers, switches, DNS and other critical infrastructure from targeted attacks and traffic anomalies.
The system is built upon TippingPoint's Threat Suppression Engine (TSE)--a hardware-based intrusion prevention platform consisting of state-of-the-art network processor technology and TippingPoint's custom ASICs. The TSE architecture utilizes a 20-Gbps backplane and high-performance network processors to perform total packet flow inspection at Layers 2-7. Parallel processing ensures that packet flows continue to move through the IPS with a latency of less than 84 microseconds, independent of the number of filters applied.
SILVER | Symantec Network
Security 7100 Series
The silver medal is readers' sendoff for the Symantec Network Security 7100 Series intrusion prevention appliances. Symantec announced last year it was getting out of the appliance business; through a partnership with Juniper, Syman-tec will provide IPS signatures for Juniper UTM boxes.
The appliance, powered by Symantec's Intrusion Mitiga-tion Unified Network Engine (IMUNE), combines protocol anomaly, signature, statistical and vulnerability attack interception techniques to keep known and unknown attacks from spreading throughout networks. Symantec says the appliance requires no network reconfiguration and supports aggregate network bandwidth from 50 Mbps to 2 Gbps to meet deployment needs at branch offices, distribution sites and the network core.
BRONZE | Juniper Networks IDP
Juniper Networks' Intrusion Detection and Prevention (IDP) is an inline appliance, and readers praised its low rate of false positives. Juniper says its IDP targets vulnerabilities, not attacks, in warding off zero-day attacks and known worm, Trojan and spyware attacks.
The device also provides information on rogue servers and applications that may have been unknowingly added to the network. Administrators can have the Juniper Networks IDP enforce application usage policies or check if the resource usage meets desired application policies. A centralized, rule-based management approach offers granular control over the system's behavior with access to extensive auditing and logging, and fully customizable reporting.
The Juniper Networks IDP product line includes Juniper Networks IDP 50, 200, 600 and 1100 for small to large enterprises.
This was first published in April 2007