HP TippingPoint NX Platform Next Generation Intrusion Prevention Systems
The HP TippingPoint NX Platform Next Generation Intrusion Prevention System
(NGIPS) achieves a new level of in-line, real-time protection, providing proactive
network security that is ideal for data center, core and perimeter deployments
for today’s and tomorrow’s real-world network traffic and data centers.
The next-generation architecture provides modular software design that enables
the addition of valuable network protection services as NGIPS continues to evolve
from first generation IPS technology. The HP TippingPoint NX Platform represents
the highest performing NGIPS in a minimal footprint. This new improved NGIPS
platform redefines the next generation of intrusion prevention as a foundation for
comprehensive network security across all critical areas in the enterprise.
HP is transforming the enterprise security landscape with the latest network and
application security that provide advanced protection against today’s sophisticated
cyber threats from perimeter to core, to campus and branch offices. The TippingPoint
NX Platform Next Generation Intrusion Prevention System (NGIPS) is a key
component of this overall offering. The TippingPoint NGIPS platforms uniquely
leverage advanced threat research with the powerful correlation of security events
and vulnerabilities. By delivering unparalleled visibility across security assets in
context of business critical processes and applications we help our customers
manage their risk and maximize their security investments.
Benefits and features
• Proven in-line threat protection: In 2001, HP TippingPoint developed the in-line IPS to
provide the first proactive, in-line network protection solution that also provided high network
performance and availability. Since 2009, HP TippingPoint has provided NGIPS solutions,
two years before Gartner Research,1 released their research note defining NGIPS. The new
HP TippingPoint S7500NX provides 20 Gb/s of protection in just two rack units (2U).
The NX represents one of the highest performing NGIPS per rack unit, saving enterprises rack
and data center space, power consumption, and cooling costs.
• Beyond first generation IPS: The NX Platform enables the convergence of new security
services such as:
––Intelligent blocking via context— HP TippingPoint Reputation Digital Vaccine (RepDV),
customer-defined IP DNS reputation entries, and location-based policies (perimeter, core,
branch office, etc.).
––Application awareness, visibility, and control with deep packet inspection—HP TippingPoint
Application Digital Vaccine (AppDV), Web Application Digital Vaccine (WebAppDV), and
customer-developed protection filters.
––Content awareness and control for inspecting specific file types and protecting
––Integration with HP Enterprise Security solutions to provide additional security intelligence,
visibility, and control across the entire data center.
• Leading security research teams: HP TippingPoint DVLabs and Zero Day Initiative (ZDI):
DVLabs is the premier security research team for vulnerability discovery in the security
industry. The team consists of industry-recognized researchers who apply cutting-edge
engineering and analysis in their daily operations. DVLabs also manages the ZDI program,
which is designed to reward worldwide researchers for responsibly disclosing vulnerabilities
they discover. Whether from DVLabs internal vulnerability research or the ZDI program,
DVLabs passes all vulnerability discoveries to affected software vendors and creates NGIPS
filters to protect customers from potential zero-day attacks before vulnerabilities are
disclosed to the public.
Highest port density for the data center core or anywhere protection is needed:
The new NX Platform NGIPS supports a market leading number of segments across multiple
configurations. The NX Platform can support up to 24 segments of 1GbE, 16 segments
of 10GbE, or 4 segments of 40GbE.
• Proven reliability and redundancy: The NGIPS platform is designed to deliver unparalleled
high availability. This ensures that network traffic always flows at wire speed in the event of
network error or internal device failure.
• High throughput, low latency inspection for data center and core network
deployments: The HP TippingPoint NX Series is designed for data center and network
core protection. For these mission-critical network areas, the HP TippingPoint NX NGIPS
platform delivers automated, in-line inspection up to 20 Gb/s, with a typical latency of less
than 40 microseconds, to protect network devices, virtualization software, operating systems,
and applications from attack without impeding performance.
• Unmatched filter accuracy assures that legitimate traffic is not blocked: HP TippingPoint
uses two simple filter writing rules to guarantee filter accuracy—No False Positives and No
False Negatives. That’s why our HP TippingPoint DVLabs security research team focuses on
creating filters to protect against entire vulnerabilities, not just known exploits. Vulnerability
filters block all exploits of the software vulnerability and provide unmatched levels of accuracy
so the NGIPS will not block legitimate traffic while protecting the network.
• Reduce emergency patching and protect systems from zero-day events: Our vulnerability
filters virtually remove the need for ad hoc and emergency patching. By protecting software
vulnerabilities, IT staff can implement software patches using a regular, scheduled process
instead of costly, disruptive emergency patching. In a recent report, client-side applications
were shown to be increasingly difficult to keep patched due to the growing number of
vulnerabilities. The NGIPS platform improves IT control through vulnerability protection for
unpatched systems and network segmentation to stop the spread of malicious traffic from
infected users. The HP TippingPoint NX Platform NGIPS blocks attacks and allows IT staff to
test security patches before deployment.