Product Information

TippingPoint 200E

starstarstarstar

May 01, 2006
Vendor:

TippingPoint

Product:

TippingPoint 200E

Website:

http://www.tippingpoint.com

Price

$14,995

RATING BREAKDOWN

  • Features:
    starstarstarstar
  • Ease of Use:
    starstarstarstarstar
  • Performance:
    starstarstarstar
  • Documentation:
    starstarstar
  • Support:
    starstarstarstarstar
  • Value for Money:
    starstarstarstar
  • Overall Rating:
    starstarstarstar

QUICK READ

  • Strengths: Very self-contained and automated with little need for full-on management.
  • Weaknesses: Protection failed under some fragmented RPC attacks against a Microsoft operating system.
  • Verdict: Full-service solution with effective blacklist blocking.

Since 200E is what we call a learning device, it requires a little time on the network to begin protecting assets.

The concept of a learning device is open to interpretation, however. With this product, there are two considerations. First, the device, as with most IPSs, must discover the network. It does this on an ongoing basis, assuring that it knows about all devices on the enterprise.

Additionally, we found that, during our initial vulnerability scan, the product could be seen transferring attacks to its blacklist. At that point, the NetClarity attacker reported that the target, presumably protected by the IPS, was visible and was vulnerable. Subsequent scans were ineffective and the target became invisible to the NetClarity device.

Additionally, when we then attacked with Core Impact, we were able to crash the target service on our victim machine, but were not able to penetrate.

Although the 200E performed very well under most of our tests, this penetration attack (a Microsoft RPC buffer overflow) partially succeeded. All information screens auto-refresh every 30 seconds, so most current information is always easy to see and find on the intuitive web interface.

This product sits at the front end of the network transparently and monitors all incoming and outgoing traffic for any malicious content.

This is an IPS with very simple configuration. You just plug it in and go. After the simple quickstart is completed, the 200E begins gathering network traffic and information and setting its own policies accordingly. Its policies are reasonably selfmaintaining and the 200E requires little administration time.

The TippingPoint appliance comes with only a simple, onesheet quickstart guide that only describes the initial turning on, and simple initial configuration of, the appliance. Additional documentation is on the supplied CD, and we found it adequate, if not extensive.

Support for the product is available, but you have to look for it on the website. Instead of being in a more intuitive “support” section, it is hidden under the company information as part of the “contact” screen.

However, there is the Threat Management Center that provides, among other things, real-time attack filter updates, an extremely valuable service.

This device is very reasonably priced for a full-service solution to protect most sizes of network from intrusion or malware.

Reviews For This Vendor

Related Group Test

SC Webcasts UK

Sign up to our newsletters

FOLLOW US