Trend Micro TippingPoint NGIPS Review
Its default filters include, among 2300 others, protection against buffer overflows and malicious downloads, but be sure to make baseline audits and incident-handling protocols upon deployment.
It ships with a default profile that enables approximately 2300 filters for items that should never legitimately exist on a network, including certain attacks such as buffer overflows as well as malicious downloads. In addition to these default filters, more than 5400 additional filters, broadly considered policy choices, are available for use based on the requirements of the protected environment and it now offers a Reputation Digital Vaccine Service (Rep DV).
HP released a Vaccine toolkit that uses a wizard to let TippingPoint customers generate their own filters, in effect deploying "virtual patches" to protect themselves from vulnerability exploitation. Filters created by using the Digital Vaccine Toolkit can be applied directly to a single IPS or the SMS console can be used to quickly update all systems. Impressive.
Improvements to My Organization:
It has enhanced the monitoring.
Room for Improvement:
Your IPS is only as good as the threat intelligence behind it. TippingPoint should be able to combine ArcSight into IP blocking services, not wait for Fortify to pull ArcSight.
Use of Solution:
The process of establishing the baselines, policies, and procedures for information security and incident handling at the outset yields great benefit later. Know this before implementation and it will save you time and stress.
Baseline audits, inventories, and vulnerability assessments of systems may reveal opportunities for improvement. Configuring an appropriately sized IPS with a majority of the filters enabled using detection protocol only, or “Permit + Notify” action, allows for the deeper discovery of the types of network transactions being performed and the systems involved. This process can also identify surprise applications that may be present in the environment, such as user-installed downloads that are outside of organizational norms or unpatched applications installed on servers for some long-forgotten test. In other words, know the exposures.