May 01, 2006
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Very self-contained and automated with little need for full-on management.
- Weaknesses: Protection failed under some fragmented RPC attacks against a Microsoft operating system.
- Verdict: Full-service solution with effective blacklist blocking.
Since 200E is what we call a learning device, it requires a little time on the network to begin protecting assets.
The concept of a learning device is open to interpretation, however. With this product, there are two considerations. First, the device, as with most IPSs, must discover the network. It does this on an ongoing basis, assuring that it knows about all devices on the enterprise.
Additionally, we found that, during our initial vulnerability scan, the product could be seen transferring attacks to its blacklist. At that point, the NetClarity attacker reported that the target, presumably protected by the IPS, was visible and was vulnerable. Subsequent scans were ineffective and the target became invisible to the NetClarity device.
Additionally, when we then attacked with Core Impact, we were able to crash the target service on our victim machine, but were not able to penetrate.
Although the 200E performed very well under most of our tests, this penetration attack (a Microsoft RPC buffer overflow) partially succeeded. All information screens auto-refresh every 30 seconds, so most current information is always easy to see and find on the intuitive web interface.
This product sits at the front end of the network transparently and monitors all incoming and outgoing traffic for any malicious content.
This is an IPS with very simple configuration. You just plug it in and go. After the simple quickstart is completed, the 200E begins gathering network traffic and information and setting its own policies accordingly. Its policies are reasonably selfmaintaining and the 200E requires little administration time.
The TippingPoint appliance comes with only a simple, onesheet quickstart guide that only describes the initial turning on, and simple initial configuration of, the appliance. Additional documentation is on the supplied CD, and we found it adequate, if not extensive.
Support for the product is available, but you have to look for it on the website. Instead of being in a more intuitive “support” section, it is hidden under the company information as part of the “contact” screen.
However, there is the Threat Management Center that provides, among other things, real-time attack filter updates, an extremely valuable service.
This device is very reasonably priced for a full-service solution to protect most sizes of network from intrusion or malware.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Junior Penetration Tester, Hertfordshire, to £35k + benefits
Infosec People - England, Hertfordshire
Cyber Security Architect
CYBER EXECS - London (Greater)
SOC Analyst, Aldershot, £47-56k + package
Infosec People - Hampshire, England, Aldershot
Senior Security Engineer
Loveworklife Recruitment - United Kingdom
Sign up to our newsletters
SC Magazine UK Articles
- Tesco Bank allegedly ignored warnings of hack from Visa
- Investigatory Powers and Digital Economy Bills could threaten economy
- Updated: A million German routers knocked offline by failed Mirai botnet attack
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Microsoft update left Azure Linux virtual machines open to hacking
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- ICYMI: CEO Sacked; MS Zero-day; Passwords dropped; Ransomware wild, charging hack
- 9.2 million medical records for sale on darkweb
- ICYMI: Tesco warned; IP Bill threatens economy; German routers offline; Azure trojan; Gooligan fraud
- Data centres are on the move - where will they end up?
- 90% of ITDMs believe IAM is crucial to digital transformation success
- Research: Hacked companies could see customer exodus if breached
- Misconfigured drive exposes locations of explosives used by oil industry