TippingPoint NX Platform NGIPS

The HP TippingPoint NX Platform Next Generation Intrusion Prevention System (NGIPS), powered by the TippingPoint X-Armour architecture, achieves a new level of in-line, real-time protection, providing proactive network security in a smaller footprint for today’s and tomorrow’s real-world network traffic and data centers. The X-Armour next-generation architecture provides significant capacity for deep packet traffic inspection, and its modular software design enables the addition of valuable network protection services as NGIPS continues to evolve from first generation IPS technology. The HP TippingPoint NX Platform represents the highest performing NGIPS for its size. This new improved NGIPS platform redefines the next generation of intrusion prevention as a foundation for comprehensive network security across all critical areas in the enterprise.

Key Features

  • Award-winning proactive network security
  • Multiple security services to provide additional security context
  • Deep packet inspection with application and content awareness, visibility and control
  • High efficiency, dual redundant load sharing power supplies reducepower consumption and heat dissipation
  • Active and intelligent system-cooling design to minimize powerdraw, reduce audible noise and maximize thermal performancebased on specific system needs.
  • Industry-leading security research team—HP TippingPoint DVLabs
  • NEBS and FIPS compatible.
  • icon_pdf HP TippingPoint S5200 NX Datasheet

Features and Benefits

  • Next Generation Intrusion Prevention System (NGIPS): The HP TippingPoint NX Platform NGIPS achieves a new level of in-line, real-time protection, providing proactive network security for today’s and tomorrow’s real-world network traffic and data centers. The X-Armour architecture performs high-speed in-line deep packet traffic inspection, and its modular software design enables the convergence of additional security services.
  • Proven in-line threat protection: In 2001, HP TippingPoint developed the in-line IPS to provide the first proactive, in-line network protection solution that also provided high network performance and availability. Since 2009, HP TippingPoint has provided NGIPS solutions, two years before Gartner Research,1 released their research note defining NGIPS. The new HP TippingPoint S7100NX provides 13 Gb/s of protection in just two rack units (2U). The NX represents the highest performing NGIPS per rack unit, saving enterprises rack and data centerspace, power consumption, and cooling costs.
  • Highest por t density of any NGIPS available in the market today: The new NX Platform NGIPS supports a market leading number of segments across multiple configurations. The NX Platform can support up to 16 segments of 10GbE, or 4 segments of 40GbE or 24 segments of 1GbE.
  • X-Armour suppor ts an extensible framework for suppor ting additional security services: The NX Platform NGIPS, similar to the HP TippingPoint N Series, includes an extensible security framework that has a modular software design built to support faster development and deployment of new software protection packages, security services, and partner security solution integrations.
  • The next generation of IPS and beyond:The NX Platform NGIPS, powered by X-Armour, enables the convergence of new securityservices such as:
    • Intelligent blocking via context—customer-defined IP DNS reputation entries, HP TippingPoint Reputation Digital Vaccine(RepDV), and location-based policies (perimeter, core, branch office, etc.).
    • Application awareness, visibility, and control with deep packet inspection - HP TippingPoint Application Digital Vaccine (AppDV), Web Application Digital Vaccine (WEbAppDV), and customer-developed protection filters.
    • Content awareness and control for inspecting specific file types and protecting critical information.
    • Integration with HP Enterprise Security solutions to provide additional security intelligence, visibility, and control across the entire data center.
  • Modular design for solutions integration: The modular design of the HP TippingPoint NGIPS platform, based on the X-Armour architecture, enables integrations with partner security solutions—such as vulnerability assessment and vulnerability management (VA/VM) products, HP WebInspect, forensics solutions, security event information management (SIEM) systems (including HP ArcSight Logger), and network-based anomaly detection (NBAD) products.
  • Support for a broad set of traffic types: The HP TippingPoint NX Platform NGIPS supports a wide variety of traffic types and protocols. It provides uncompromising IPv6/v4 simultaneous payload inspection and support for related tunneling variants (4in6, 6in4, and 6in6). It also supports inspection of IPv6/v4 traffic with VLAN and MPLS tags, mobile IPv4 traffic, GRE and GTP (GPRS tunneling), and jumbo frames. This breadth of coverage gives IT administrators the flexibility to deploy NGIPS protection wherever it is needed.
  • Platforms powered by X-Armour: All of HP TippingPoint’s platforms utilize the X-Armour architecture and performs total packet flow inspection at Layers 2–7, executing thousands of checks on each packet flow simultaneously, and delivering high performance deep packet inspection working in with conjunction the NX platform’s custom ASICs and high-performance network processors. Unlike traditional security appliances, X-Armour, running on the NX Platform, automates the security protection you can install our appliances throughout the network without the worry of daily management. The X-Armour architecture automatically adjusts to new attacks at a very rapid rate. In fact, X-Armour has built-in capabilities to update itself every two hours with no impact to network performance.
  • Proven reliability and redundancy: The NGIPS platform is designed to deliver unparalleled high availability. This ensures that network traffic always flows at wire speed in the event of network error or internal device failure. There are two complementary high availability modes of operation—Intrinsic High Availability and Stateful Network Redundancy—that ensure maximum uptime and availability for both the NGIPS platform and the security management system (SMS) devices.
  • Built-in high availability features: The NGIPS platform has multiple features for Intrinsic High Availability, including dual hot-swappable power supplies; watchdog timers to continuously monitor the security and management engines, so if an internal error is detected, the NGIPS can automatically fail to wire.
  • Redundant configuration options: Two NGIPS platforms can be provisioned using redundant links in a transparent Active-Active or Active-Passive high availability mode. Because an NGIPS platform acts as a “bump in the wire,” does not have an IP address, and does not participate in routing protocols, it can be deployed in existing network designs without changing network configurations including high availability routing protocols such as VRRP, OSPF, and HSRP, which are passed transparently by the NGIPS.
  • High throughput inspection for data center and core network deployments: The HP TippingPoint NGIPS N Series is designed for data center and network core protection. For these mission-critical network areas, the HP TippingPoint S7100NX NGIPS platform delivers automated, in-line inspection up to 13 Gb/s to protect network devices, virtualization software, operating systems, and applications from attack without impeding performance.
  • Low application latency ensures no degradation of the end-user experience: The NGIPS platform’s unique design ensures that packet flows are fully inspected and move unimpeded through the platform with typical latency of less than 40 microseconds, independent of the number of filters or security services that are enabled. This eliminates any noticeable application performance impact from an end-user perspective.
  • Unmatched filter accuracy assures that legitimate traffic is not blocked: HP TippingPoint uses two simple filter writing rules to guarantee filter accuracy—No False Positives and No False Negatives. That’s why our HP TippingPoint DVLabs security research team focuses on creating filters to guard entire vulnerabilities, not just known exploits. Vulnerability filters block all exploits of software vulnerability and provide unmatched levels of accuracy so the NGIPS will not block legitimate traffic while protecting the network
  • Virtual patching protects unpatched systems: HP TippingPoint DVLabs creates vulnerability filters that block all exploits for a given software vulnerability, creating a “virtual patch.” These vulnerability filters protect vulnerabilities in virtualization software, operation systems, and applications, and are not “exploit specific.” They behave like a network-based virtual software patch to protect downstream hosts from network-based attacks on unpatched vulnerabilities.
  • Leading security research team: HP TippingPoint Digital Vaccine Labs (DVLabs): DVLabs is the premier security research team for vulnerability discovery in the security industry. The team consists of industry-recognized researchers who apply cutting-edge engineering and analysis in their daily operations. DVLabs is the undisputed leader in annual vulnerability discoveries, and the result is the creation of vulnerability filters that are delivered to customers’ NGIPS platforms through the Digital Vaccine Service.
  • HP TippingPoint ThreatLinQ security portal: HP ThreatLinQ is a service that allows our NGIPS customers to view the latest threats across the globe from data that is collected from a global network of Lighthouse Monitoring devices, as well as from data collected from thousands of our customers’ NGIPS platforms. ThreatLinQ is available to all our customers and provides valuable data that can enable enterprises to more effectively hone their network security policies to meet the demands of the latest threat trends.
  • Industry’s fastest threat protection keeps ahead of threats: Our HP TippingPoint Digital Vaccine Service ensures evergreen (always up-to-date) protection against emerging threats. Digital Vaccines are delivered to customers twice a week, or immediately when critical vulnerabilities emerge, and they can be deployed automatically with no IT interaction required. Digital vaccines are created not only to address specific exploits, but also potential attack permutations, protecting customers from zero-day threats.
  • Zero-Day Initiative (ZDI) delivers leading zero-day threat protection: HP TippingPoint DVLabs manages the ZDI program, which is designed to reward worldwide researchers for responsibly disclosing vulnerabilities they discover. Whether from DVLabs internal vulnerability research or the ZDI program, DVLabs passes all vulnerability discoveries to affected software vendors and creates NGIPS filters to protect customers from potential zero-day attacks before vulnerabilities are disclosed to the public.
  • Comprehensive NGIPS threat and vulnerability coverage for outstanding protection: The combination of talent, research, and security intelligence from the world-class HP TippingPoint DVLabs research team; the over 1,650 researchers in the ZDI program; the ThreatLinQ global threat monitoring from thousands of sites; and from security community partners like the SANS Institute, CERT, and the National Institute of Standards and Technology (NIST)—all combine to provide the broadest threat and vulnerability coverage for the outstanding protection available today.
  • Full attack surface threat protection: The HP TippingPoint NX Platform NGIPS provides the best vulnerability coverage in the NGIPS industry,2 including protection of network devices, virtualization software, operating systems, enterprise and Web applications, and industrial control system networks. From Microsoft® operating systems to Supervisory Control And Data Acquisition (SCADA) and VoIP filters, and many more, HP TippingPoint solutions provide true network protection for today’s complex enterprise IT environments.
  • NGIPS automated, proactive protection reduces most manual event follow-up: Automated policy enforcement virtually reduces the need to respond to myriad alerts (some real and some false), or to clean up after cyber attacks have compromised network resources. IT security costs are reduced by removing ad hoc patching and alert response, while simultaneously increasing IT productivity and profitability through bandwidth savings and protection of critical applications.
  • Reduce emergency patching and protect systems from zero-day events: Our vulnerability filters virtually remove the need for ad hoc and emergency patching. By protecting software vulnerabilities, IT staff can implement software patches using a regular, scheduled process instead of costly, disruptive emergency patching. The HP TippingPoint NX Platform NGIPS blocks attacks and allows IT staff to test security patches before deployment.
  • Improve control of end-user desktops: Most IT teams cannot adequately control end-user desktops. In a recent report, client-side applications were shown to be increasingly difficult to keep patched due to the growing number of vulnerabilities. The NGIPS platform improves IT control through vulnerability protection for unpatched systems and network segmentation to stop the spread of malicious traffic from infected users, all whilenotifying the administrator about where attacks originate.
  • Improve network performance by recapturing misused bandwidth: The HP TippingPoint NX Platform NGIPS bandwidth management capabilities, a core feature-set of X-Armour, stop rogue applications like peer-to-peer and streaming media from running rampant throughout the network. By continually cleansing the network of malicious and unwanted traffic, network performance is accelerated for mission-critical applications. And rate-shaping rogue applications can increase bandwidth availability, in some cases by 40–70 percent.

Free Consultation

Due to our numerous partnerships, we can provide unbiased opinions on the best solution for your environment.

Unbeatable Prices

Our partnership levels give us the highest product discounts which we pass on as savings to our customers.

Pro Services

Finish your IT projects on-time and under budget with our nation-wide team of senior level engineers.

24x7 Tech Support

Rest assured knowing that our U.S. based IT support team is here for you on nights, weekends and when you need us most.