TippingPoint, the leader in intrusion prevention, today announced the availability of its fine-grained network access control (NAC) solution. TippingPoint NAC enables enterprises to enforce device and user policies to ensure both endpoint compliance and granular post access compliance. This solution goes beyond traditional pre-check and post-check NAC solutions by linking device and user policies to fine-grained, continuous traffic control made possible only by an intrusion prevention system (IPS). By integrating device, user and IPS-based traffic classification and enforcement, enterprises have much greater control over network access and usage, while reducing network security cost and complexity.
“Comprehensive network security requires both access control and attack control,” said Jon Oltsik, senior analyst for Enterprise Strategy Group. “Most NAC solutions provide authorization and authentication. Without the additional capabilities of a continuous attack control solution like the TippingPoint IPS, NAC cannot provide adequate visibility and enforcement to protect access to the network.”
Entry-level NAC solutions provide endpoint authentication and some degree of health posture check at network entry. The next level of NAC solutions extend these capabilities to include interval-based post-checks of device compliance, and limited traffic inspection based on simple exploit signatures. However, these solutions lack the proven in-line performance of the TippingPoint IPS, and do not have the continuously updated security intelligence customers require for cutting-edge traffic inspection and security enforcement. In the rapidly evolving world of security threats and attacks, settling for a NAC solution with substandard classification and enforcement of traffic from each endpoint is a risky investment, leading to a false sense of security from NAC.
In a TippingPoint NAC environment, access policies subject each device and user pair to rigorous authentication, authorization, posture compliance checks and enforcement. Non-compliant devices are directed to remediate based on policy class. User access rights are controlled through integration with existing rights management systems including Active Directory, LDAP and RADIUS. TippingPoint NAC then interoperates with the TippingPoint IPS to ensure all malicious traffic is blocked from each endpoint and suspect or non-compliant traffic triggers other policy-controlled actions, including blocking, quarantining, alerting or rate shaping. Now, network and security personnel have unprecedented control over the entire network perimeter with integrated policy-based visibility and control of users, devices and traffic flows.
Providing integrated access and attack control policies is only possible with an IPS – an IPS with proven in-line performance including multi-gigabit throughput and switch-like latency, and operating with thousands of active vulnerability filters at high accuracy. Further, the IPS must keep its security current. The Digital Vaccine® service from TippingPoint’s DVLabs is a foundational element of the TippingPoint IPS solution, and sets it apart from competing solutions. The Digital Vaccine service delivers thousands of filters to the IPS for preemptive protection against worms, viruses, Trojans, denial of service attacks, spyware, phishing and voice over IP security threats.
In addition to in-line enforcement of device, user and traffic flows, TippingPoint NAC also interoperates with other forms of device and user policy enforcement including DHCP and 802.1x. The solution operates in any environment, wired or wireless, without requiring any network infrastructure change since it is deployed as a pure overlay. Pricing for the TippingPoint NAC solution starts at $14,990.
By adding NAC capabilities, TippingPoint has delivered another element of its IPS-Secured Networks solution. At RSA 2006, 3Com’s CTO Marc Willebeek-LeMair presented a vision for a bi-planar network in which a “control” plane is overlaid onto an existing IP connectivity plane (switches, routers, etc…) to provide attack control, access control and application control – all without requiring a forklift upgrade. TippingPoint’s NAC solution provides the access control component of this approach. Attack control, provided by the TippingPoint IPS, prevents internal and external attacks on a 24/7 basis and proactively blocks the spread of attacks brought in by infected endpoints. This year, TippingPoint Chief Architect Brian Smith will keynote the 2007 RSA Conference at 3:40 p.m. on February 8 at the Moscone Convention Center in San Francisco, California.
For more information on NAC, please visit: www.tippingpoint.com/nac.
About TippingPoint, a division of 3Com
TippingPoint, the leader in intrusion prevention systems (IPS), provides the IPS-secured network, which delivers attack control, access control, and application control. Its foundation is the TippingPoint IPS, the most decorated in its industry with unparalleled performance and security, as evidenced by nearly 35 awards. For a full list, visit: http://www.tippingpoint.com/products_certifications.html. The IPS obtains evergreen protection from the Digital Vaccine service, powered by DVLabs, the largest body of security researchers in the world. DVLabs is made up of expert internal researchers and over 400 Zero Day Initiative researchers. For more information on TippingPoint, please visit: www.tippingpoint.com or call 1-888-TRUE-IPS.
About 3Com Corporation
3Com Corporation (NASDAQ: COMS) is a leading provider of secure, converged voice and data networking solutions for enterprises of all sizes. 3Com offers a broad line of innovative products backed by world-class sales, service and support, which excel at delivering business value for its customers. Through its TippingPoint division, 3Com is the leading provider of network-based intrusion prevention systems that deliver in-depth application protection, infrastructure protection, and performance protection. 3Com also is the majority owner of China-based Huawei-3Com Co., Ltd. (H3C). On November 28, 2006, 3Com announced that the company reached an agreement to acquire Huawei’s remaining 49 percent stake and take full ownership, pending customary approvals. H3C brings innovative and cost-effective product development and manufacturing and a strong footprint in one of the world’s most dynamic markets. For further information, please visit www.3com.com, or the press site www.3com.com/pressbox.
