IPS 領導品牌 TippingPoint 產品介紹與市場攻略

  • Published on
    20-Jan-2016

  • View
    94

  • Download
    1

DESCRIPTION

IPS TippingPoint . Web Services DMZ. DNS. FTP. HTTP. SNMP. SMB. Telnet. . Buffer Overflow. Illegal file sharing Peer to peer. BackOrifice-31337. DoS, SYN Flod. , reboot MS IIS/SQL/Exchange - PowerPoint PPT Presentation

Transcript

IPSTippingPoint 3Com ConfidentialIllegal file sharingPeer to peerBuffer OverflowDoS, SYN FlodBackOrifice-313373Com ConfidentialIT(IPS)3Com ConfidentialTippingPointIPSTipping Point Infonetic ,Cisco, Juniper, ISS, McAfee, Market Share #1 ( 33%) .Source: Infonetics Research Network Intrusion Prevention Market OutlookMay 17, 2006Chart10.32973733390.17113673350.16484634590.14724398160.1176563920.069379213CY05 Worldwide Dedicated IPS Appliance Revenue Market ShareWhats InsideAnalyst contact:Jeff Wilson408.583.3337jeff@infonetics.comNetwork Intrusion Prevention Market OutlookWorldwide Market Share and ForecastTable of ContentsMethodology (pg. 3)Product categories and definitionsProduct classificationsWhat we countRegionsService overlaps and clarificationsInfonetics Research supply-side forecast process: reality-based equipment forecastingNetwork intrusion prevention and software forecastingTelecom/datacom fundamental drivers (pg. 9)Service provider market factorsNorth American service provider market factorsEMEA service provider market factorsAsia Pacific service provider market factorsEnterprise market factorsAnalysis, factors, and assumptions (pg. 18)Network intrusion prevention market analysis, factors, and assumptionsFundamental driversMarket size and forecastsManufacturers and market shareDemand-side study data (pg. 21)Worldwide market size and forecasts (pg. 22)Network intrusion prevention application splitDedicated IPS appliances, worldwide units and revenueNetwork intrusion prevention total available marketIntegrated security appliances with IPS, worldwide units and revenueEnterprise routers with IPS, worldwide units and revenueEthernet LAN switches with IPS, worldwide revenueExhibits:Worldwide Dedicated IPS Appliances RevenueWorldwide Integrated Security Appliances, Enterprise Routers, and Ethernet LAN Switches with IPS RevenueDedicated IPS appliance market share (pg. 24)Exhibits:Worldwide Dedicated IPS Appliance Unit Market ShareWorldwide Dedicated IPS Appliance Revenue Market Share&L&"Arial,Italic" 2006 Infonetics Research, Inc.&C&"Arial,Italic"Network Intrusion Prevention Market Outlook:Worldwide Market Share and ForecastMay 17, 2006&R&"Arial,Italic"Page &PMethodologyMethodologyProduct Categories and DefinitionsNetwork intrusion prevention products hardware and software products that monitor and analyze network traffic for network intrusions and other network and application layer attacks, and actively block these attacks; these products sit in line in the netwoNetwork Intrusion Prevention Application SplituDedicated IPS Appliances: purpose-built hardware products whose primary function is IPS; this category tracks the subset of IDS/IPS appliances, an application split that estimates the unit and revenue shipment data for products actually being used by custNetwork Intrusion Prevention Total Available MarketWe estimate the Total Available Market (TAM) for IPS for integrated security appliances, enterprise routers, and Ethernet LAN switches; we do not estimate whether they are being used for IPS, we are simply showing the TAM for products with IPS capabilityuIntegrated Security Appliances with IPS: hardware platforms purpose-built for network security with integrated IPS functionality (with filters for at least 50 attacks); most have VPN/firewall as the primary function of the appliance, but they may also havuEnterprise Routers with IPS: enterprise routers with integrated IPS functionality (with filters for at least 50 attacks); includes low-end, mid-range, and high-end routersuEthernet LAN Switches with IPS: Ethernet LAN switches with integrated IPS functionality (with filters for at least 50 attacks)Product ClassificationsThis list includes shipping products only. We do not list individual products for the categories that we are forecasting only, but not doing market share on.Network Intrusion Prevention Application Split: Dedicated IPS AppliancesArbor Networks Peakflow SPJuniper IDP 1000Arbor Networks Peakflow XJuniper ISG 2000Captus IPS4000McAfee IntruShield 1200Check Point InterSpectMcAfee IntruShield 2600Cisco IDS 4210McAfee IntruShield 4000Cisco IDS 4220TippingPoint 50Cisco IDS 4230TippingPoint 100ECisco IDS 4235TippingPoint 200ECisco IDS 4250TippingPoint 400ECisco IDS 4250XLTippingPoint 1200Cisco IDSM2 moduleTippingPoint 2400DeepNines Intrusion Prevention SystemTippingPoint 5000EISS Proventia G SeriesTopLayer Attack Mitigator IPSJuniper IDP 10Vsecure LG10Juniper IDP 100Vsecure LG100Juniper IDP 500What We CountIn this service, we report units shipped for revenue recognized during the calendar year, and manufacturers' revenue. These are defined as follows:uUnits are single hardware devices (both standalone devices and chassis/cards) or software license/upgradesuManufacturers' revenue (US$) reported is for units shipped for revenue recognized during the calendar year; router and switch revenue includes chassis, and all modules (including security modules) shipped with the sale; OEM revenue is attributed to the orRegionsuWorldwide: all areas of the worlduNorth America: US and CanadauEMEA: Europe, the Middle East, and AfricauAsia Pacific: Asia and the Pacific, including Japan and AustraliauCALA: Caribbean and Latin America, including MexicoService Overlaps and ClarificationsOverlaps:uData for this services was derived directly from 3 Infonetics services:ServiceCategoryNetwork Security Appliances and Software: Quarterly Market Share & Forecasts serviceThe Dedicated IPS Appliances category in this service is a subset of the Network-Based In-Line IDS/IPS category, and the Integrated Security Appliances with IPS category in this service is a subset of the Integrated Security Appliances categoryEnterprise Routers: Quarterly Market Share and Forecast serviceThe Enterprise Routers with IPS category in this service is a subset of the total Enterprise Router category (includes low-end, mid-range, and high-end routers)L2-L7 LAN Switches: Quarterly Market Share & Forecasts serviceThe Ethernet LAN Switches with IPS category in this service is a subset of the total L2-L3 Ethernet Switch categoryClarifications:uThis service does not include IP service routers; this can be found in our Service Provider Routers and Switches quarterly worldwide market share and forecast serviceInfonetics Research Supply-Side Forecast Process: Reality-Based Equipment ForecastingOur 5-step forecasting process, developed and refined over the last 15 years, is firmly grounded in reality. Our forecasts are built from and tied to actual data, and we update actuals and forecasts with each delivery (quarterly, biannually, or annually).We draw from our in-depth demand-side research, supply-side research, and service, product, and technology knowledge to provide accurate, reliable forecasts grounded in reality, reflecting data from all sides of the market. The process is described below.1. Develop CategoriesOne of the most important steps in the forecasting process is proper development of categories; clear category definitions are key to gathering good actuals because they eliminate overlaps between categories, clearly showing what's in and what isn't. Cate2. Gather ActualsWe develop actual data using the following steps:uGather actuals and create estimates (by product category and manufacturer) for shipments to North America, EMEA, APAC, and CALA; typically this represents 95% of the market, and we use the following sources:Manufacturer inputPublicly available financial dataChannelEnd-usersService providersChip and component manufacturersCompetitorsFinancial communityInfonetics Research demand-side data on service provider and end-user organization product and technology use and plansuCreate an estimate for the portion of the market represented by manufacturers we do not work with directly; typically this represents less than 5% of the marketuWe incent private companies to provide data to us by offering to keep their market share confidential, by building and maintaining positive relationships with them, thereby obtaining an accurate market size3. ForecastStarting with the most recent actuals, we develop forecasts using an analyst estimate of the change in unit/port shipments by region, multiplied by the ASP over time (or vice versa, revenue changes are estimated first with units or ports projected based ouGeneral factors:Historical data for the category we are forecasting (including seasonal and cyclical trends)Growth trends from parallel categories in other marketsMacro-economic factorsAnnounced and unannounced contracts with near-term significanceEmergence of disruptive technologiesRegulatory issuesDiscussions with key members of the financial communityuDemand-side factors based on our research:Technology adoption ratesProjected spending increasesPreferences for product typesTechnology preferencesUnit/port/line growth by speed/technologyPlans for outsourcingService provider capexGrowth in subscriber base for a given serviceDiscussions with customersuSupply-side factors:New standardsNew technologiesEmerging companiesProduct/service pricing factorsDiscussions with manufacturers about quarterly performance and competitionDiscussions with channel about inventoryChanges in discount structure in the channelChanges in component features or pricingMergers and acquisitions in the vendor arenaChip manufacturer performance4. Validate & Explain ForecastWe validate and cross-check equipment forecasts by creating fundamental demand models. When validating a forecast, we:Validate the forecast by checking against a model based on our demand side data (including number of companies/service providers deploying the equipment, average spending per company/per year, number of devices deployed, form factor, planned investments,Cross-check against our relevant market size, share, and forecast reportsCross-check against our relevant subscriber forecastsFor service provider forecasts, we cross-check using our Capex Analysis reports for North America, Europe, and Asia PacificIn addition, we spend hundreds of hours annually meeting with service providers, network product manufacturers, chip and component manufacturers, and channels to understand their offerings, product roadmaps, and the direction of the market, giving us a stForecast assumptions and our thinking behind our forecasts are laid out in the Analysis, Factors & Assumptions sheet; in particular see sections labeled "Fundamental Drivers."5. Report on AccuracyEach delivery (quarterly, biannual, annual) we report on the accuracy of our forecasts to help customers track our performance, and to help us further refine our forecasts. We report when actuals deviate from forecasts, and explain our adjustments.Network Intrusion Prevention ForecastingTaking all forecast factors into account, knowing the strategies, product plans, regional plans, and performance of the vendor, we forecast the next 4 years by product category.Most of the data included in this service is based on data provided by manufacturers, the sales channel, and customers, and includes significant estimates by Infonetics Research, as one of the primary categories we're forecasting in this service is an "apThe "total available market" forecasts in this service (integrated security appliances, enterprise routers, and Ethernet LAN switches) are derived by taking the total market size for these categories and estimating (based on supply and demand side informa&L&"Arial,Italic" 2006 Infonetics Research, Inc.&C&"Arial,Italic"Network Intrusion Prevention Market Outlook:Worldwide Market Share and ForecastMay 17, 2006&R&"Arial,Italic"Page &PTelecom-Datacom DriversTelecom/Datacom Market Fundamental DriversService Provider Market FactorsuAcross the industry, aggregate investments grew in 2005, particularly in Europe (+10%), and North America (+8%); for public carriers in North America, Europe, and Asia, capital spending increased 6% in 2005 to US$178 billion, and expectations are for 6% gWe expect that 2006 will continue with similar trends, while carriers keep their capital expenditure-to-revenue ratio around 15% for incumbent carriers and emerging markets with higher capital intensitiesStable and slightly upward bound capital expenditures do not mean that carriers no longer need help improving their margins, and for further cost savings service providers will focus on reducing operational expendituresMany service providers see IMS (IP Multimedia Subsystems) as key to enabling these operational efficiencies, and so IMS has become a key focus of capex for both fixed and mobile operators; it is also seen as the path for fixed-mobile convergence, both atAlthough virtually everyone is jumping into the IMS bandwagon, quantifying the return IMS may eventually bring has yet to be achievedThis positive capital spending environment combined with the need for opex reduction is positive for next gen equipment markets, which will make up larger portions of overall capex over the next 5 yearsInvestments continue to shift from old gen to next gen technologies, from legacy equipment to products based on IP and Ethernet, particularly in broadband and wireless access networks; IP optimization plays a key role in reducing operating expenditures anSuch new equipment introduces automation, consolidates functions, increases performance per dollar, or introduces new functionality, all of which increase operational efficiency, reducing total cost of ownership; ideally, these investments also lay the foWhile the capex pie is basically the same size or slightly growing, the slices are changing sizeuIncreased adoption of broadband data services (DSL, cable, PON, and wireless) and the increase in traffic due to broadband adoption are driving spending in access, edge, core, and optical networksBroadband continues to gain momentum and DSL providers are making big gains in penetration; worldwide DSL subscriptions stand at 126M at the end of 2005, up 27% from 2004, increasing to 245M in 2009 as reported in our DSL Aggregation Hardware and BroadbanCable subscriptions are up 14% annually at the end of 2005 to 46M worldwide, climbing to 62M in 2009, as reported in our CMTS Hardware and Broadband CPE market share servicesPON subscribers were at 3.4M in 2005; we expect continued strong growth in PON subscribers in all regions with CY09 reaching 31M subscribersChief among the drivers for broadband investment are IPTV services, a portfolio of IP-based, TV-centric services that include broadcast TV, video-on-demand, HDTV, networked PVR, online gaming, music download, video telephony, and home security services; wSimilarly, the opportunity to deliver mobile TV services is a major driver of expenditure for mobile operators; to deliver mobile TV and other bandwidth-intensive multimedia applications, mobile operators are having to upgrade their core and access networNew wireless Ethernet-based technologies such as WiMAX (IEEE 802.16) create new service possibilities and strategic opportunities for service providers; now 802.16d (fixed WiMAX) is standardized, WiMAX products are likely to drive a round of capex-intensiuDemand for always-on connectivity via portable devices and mobile handsets continues to rise as Internet users, in general, go wireless; wireless users are demanding broadband connectivity speeds to capitalize on data-centric and increasingly multimedia auFixed mobile convergence (FMC) is a recurring theme amongst service providers, many of whom are seeking to deliver combined fixed mobile services to their customers to attack markets and revenue they currently do not address; whatever form these servicesNorth American Service Provider Market FactorsuCapex projections for public wireline service providers, based on actual results and guidance January 2005, as reported in Service Provider Capex Analysis, North America:North American service providers capital expenditures were $63B in 2005, an increase of 8% from 2004, and are projected to increase 4% to $65.3B in 2006RBOCs and Canadian ILECs increased their capex in 2005 and will increase it again in 2006Growth in emerging technology categories show that capex is shifting among categories, from legacy TDM to products based on IP/MPLS and Ethernet, which means that spending on many of the products we cover in our forecasts increases even as capex levels ouDriven by wireless and broadband, North American carrier revenue is up 2% in 2005 to $398B after staying flat in 2004; all carrier segments will see revenue growth except for IXCs, CLECs/ISPs, and wireless providersuCapex has been steady in 2003, 2004, and began to rise in 2005; capital intensity (capex-to-revenue ratio) has been aligned with historical and sustainable norms in the 15%-17% range; moving forward, we expect capex to be relatively flat with marginal incuNorth American carrier spending is increasingly focused on key growth areas like mobile wireless, broadband (DSL, cable, FTTH/FTTN), VoIP, IPTV, and enterprise data servicesuCompetition among service providers is very strong and revolves around intermodal alternatives (e.g., cable companies offering voice, wireless replacing wireline, etc.), and this puts pressure on the incumbent carriers to expand their networks and serviceuThere is a looming showdown in the residential market as RBOCs and MSOs battle for triple play dollars, capturing a households total communications budget; RBOCs and MSOs continue to position themselves accordingly and are gearing up for network upgradesuIncreased adoption of broadband data services (DSL, cable, PON, and wireless) and the increase in traffic due to broadband adoption are driving spending in access, edge, core, and optical networksDSL providers are making big gains in penetration; North American service provider DSL subscriptions stand at 21.5M at the end of 2005, up 24% YoY, increasing to 41.4M in 2009North American MSO cable broadband subscriptions are higher this year, up 15% YoY to just under 26M as of the end of 2005, moving upward to 32.5M in 2009In North America, PON subscribers reached 355K in CY05; through CY09 we expect sustained steady growth despite the continuing growth of the DSL and cable subscriber base; by CY09 we forecast a total of 5.7M PON subscribers in North AmericauVerizon, and to a lesser extent, AT&T/SBC, have started the 10 to 30 year migration from copper local loop to fiber; this will slowly improve the RBOCs' competitive position to be able to offer video services, which will allow them to more effectively comuFCC decisions in 2004 and July 2005 awarded RBOCs ownership (with no open access) to both FTTP and FTTN investments, eliminating regulatory uncertainty and spurring investmentsVerizon is spending significantly on FTTP, bringing fiber near 3M residences as of the end 2005, and 6M by end 2006; video/TV services began in 2005, albeit in analog form (not IPTV), which helps subscriber signupsThe SBC portion of AT&T is deploying small amounts of FTTP in newbuild and MTUs, while deploying FTTN and VDSL to offer 20-25M per user with plans for service available to 18M homes by end 2007; IPTV services began trials at the start of 2006BellSouth (which will become part of AT&T) has chosen to deploy FTTP in newbuild situations, and deploy FTTC and ADSL2+/VDSL in existing neighborhoods at the rate of about 200,000 homes per yearuCarrier consolidation will help continue the move toward fewer and simpler all-IP networks, with next gen voice, IP/Ethernet on optical, and various flavors of wireless, as favored technologies2006 started with 4 ILECs (i.e., AT&T Inc, BellSouth, Qwest, and Verizon), and 5 wireless players (Alltel, Cingular, Verizon Wireless, Sprint Nextel, and T-Mobile); first quarter M&A activity will result in even fewer players as BellSouth and Cingular joiDuring acquisition and soon thereafter, there historically is a minor negative impact on spending due to slowed or halted projects during consolidation, but overall the combined firms will push towards next gen architectures, boding well for broadband, moWith this consolidation of ILECs, IXCs, and wireless carriers, finalizing late 2006 or early 2007, there may be a slight decrease on overall North American capital spending in 2006, and probably no effect on emerging/next gen technologies specifically; foEMEA Service Provider Market FactorsuService providers in Europe (primarily Western Europe) account for the bulk of capex and network spending in EMEA; the telecommunications market in Africa is underdeveloped, and will likely stay that way for a long time; there is opportunity in the MiddleuCapex projections for public wireline and wireless service providers, based on actual results and guidance through April 2006, as reported in Service Provider Capex Analysis, Europe:European incumbent, competitive, and wireless service provider capital expenditures increased 10% to 53.5B between 2004 and 2005, and are expected to climb another 13% to 60.5B in 2006European service provider revenue was also up in 2005, increasing 5% from 2004 to 361B and is expected to inch up another 7% in 2006Western European carriers, who own many other carriers in other regions, make up 62% of revenue and 59% of capex in 2005uRollout of wireless data services (2.5G/3G and 802.11) is driving increases in capex; incumbent and new competitive wireless providers are upgrading their 2G/2.5G networks to 3G services, or leap-frogging direct to 3G themselves and aggressively offer muluEMEA DSL subscriptions stand at 45M as of the end of 2005, up 24% YoY, climbing to 68M in 2009; cable subscriptions are significantly lower, yet growing, at 8.1M, up 22% YoY, and moving to 12M in 2009; PON subscribers are at 29k at the end of 2005, increaBroadband has definite momentum; there are competitive service providers in most geographic markets, gaining subscribers and adding services such as security/VPNs to basic connectivity; cable continues to grow respectably, even though the European regulatThis has been greatly enhanced by the adoption of flat rate Internet access by most DSL service providers in Western Europe; increased adoption of broadband and increasing broadband traffic is driving spending in edge, core, and optical networksuThe broadening of European Union membership, with a requirement of liberalized telecoms and networking markets, has encouraged service providers to expand many of their service offerings, from international IP VPN to WiFi hotspots, into these new territoruWhile the actual number of European operators remains relatively stable, there has been much convergence and acquisition activity of late, off-set to a degree by a number of new operators emerging, notably from the utilities sectorThere's been a flurry of activity that began in 2005 that is still in force in 2006, with numerous incumbents acquiring competitive operators or investing in carriers in other countriesThere are few new service providers entering the European market; newcomers tend to be more locally focused metro carriers rising from the utilities sectorThe driver for both of these trends is the booming broadband opportunity:On the one hand, new carriers are tempted into the broadband market to exploit the level playing field created by EU regulations on local loop unbundling and take advantage of their existing residential customer baseOn the other hand, established players are looking to consolidate their broadband operations in their own domestic market (e.g., Neuf Telecom merging with Cegetel in France), or to exploit opportunities in foreign broadband markets (e.g., Telecom Italia aThe larger incumbents in the region are all active in this trend, with Deutsche Telekom shopping for possible acquisitions in Spain, while Spain's Telefonica acquired Czech incumbent Cesky Telecom during 2Q05Many incumbents have trimmed their plans for international expansion and are focusing regionally in Europe; several Western European incumbents have been investing in Eastern Europe, acquiring stock in incumbent or competitive operators in neighboring couuSeveral of the major European PTTs are now making significant strides forward in upgrading their networks, and in particular shifting to IP centric infrastructure and serviceThe most illuminating example of this is BTs 21st Century Network (21CN) project: the ambitious plan calls for converting to all-IP infrastructure for voice and data services to yield opex savings, improve service offerings, and increase network efficienBT is targeting a 5-year transition and 10B in investment over that time, and their goal is to begin large-scale migration in 2006 and to move more than half of their voice customers to the new VoIP network by 2008Less publicized than the BT 21CN project is the similar network transformation that KPN is undertaking; currently removing all legacy OSS network elements, KPN is deploying an all-IP-based network that will handle all types of communications, and over theMany European operators are looking to learn from BTs experience: this is a major deal that is affecting router, optical, access, and VoIP markets in Europe for years to comeWith such major carriers accelerating the pace of transition to VoIP, we expect significant growth in next gen capex over the coming yearsSeveral European incumbents, including BT, DT, Telecom Italia, Belgacom, and KPN, have made significant announcements regarding the rollout of IPTV services over the coming 12 months, primarily in response to competitive providers' early success in deliveAsia Pacific Service Provider Market FactorsuCapex projections for wireline and wireless public service providers, based on actual results and guidance through April 2006, as reported in our biannual Service Provider Capex Analysis, Asia Pacific:Public Asian incumbent, competitive, and wireless service provider capital expenditures increased 2% to $61.7B between 2004 and 2005, and are expected to climb another 2% to $63.1B in 2006; this slowdown was caused by significant cuts at PT Telkom (-11%),Asian service provider revenue was also up in 2005, increasing 4% from 2004 to $288B and is expected to decrease 1% in 2006Japanese and Chinese carriers each make up over one-third of all Asian capex in 2005 but the gap between Japan's and China's share of total capex is shrinking; as China is still in a waiting mode for the pending 3G license decision; 3G capex has stalled fMany providers commented that spending in 2006 will increase to sustain regional developments in growth areas: broadband, 3G, and VoIP in Japan and South Korea; broadband in Hong Kong, New Zealand, and Singapore; PSTN migration in Australia and New ZealanuAsia Pacific DSL subscriptions stand at 52M as of the end of 2005, up 29% over 2004, heading toward 115M in 2009; cable subscriptions are 10.4M, up 5% YoY; 2005 PON subscribers reached nearly 3M, with Japan leading the way; through CY09 we expect continuiThe Chinese government announced a goal of 75M broadband users by 2008; this goal will drive significant spending in all areas of service provider networks in China, and will also drive sales for VPNs, security, VoIP, and other emerging networking technolSeveral Asian countries are outfitting their populations with high speed (DSL, VDSL2, Ethernet) connections; the Japanese government is well on its way to achieving its goal of connecting 30 million consumers and SOHOs at 10M and 10 million at 100M by theuThe best opportunities for networking and telecommunications products in Asia are in Japan, China, India, and South Korea; a mix of huge, centralized populations, innovative service providers, a rapidly expanding middle class with disposable income, and aChina and India are increasingly driving demand for low-end handsets; Nokia's CEO, Jorma Ollila, reiterated that Nokia expects approximately 80% of the next billion cell phone subscribers to come from emerging markets; this in turn puts pressure on infrasChina is preparing to invest billions of dollars over the next several years on a massive 3G upgrade of its cellular infrastructureWhile India's cellular market is adding millions of subscribers a month, there is still a huge potential as only about 60M of its billion people had phones at the end of 2005; Reliance Communications, India's second largest cellular company, plans to inveuThere continues to be strong buildout of backbone, core, and edge infrastructure in India and to a slowing extent in Chinaboth have huge populations vastly underserved by the telcosNot only are providers extending their patchy network coverage, but also new, well-funded, fast-moving competitive service providers are putting down infrastructure, as there is still something of a land-grab in India and ChinaNew service providers in particular have the opportunity to leap-frog several stages of network technology development and roll out the latest equipment and servicesuMost Asian carriers have plans for convergence of data, voice, and video within the next 2 to 3 years; carriers in Japan and Korea have been particularly aggressive in rollouts of triple play networks and servicesuTo cope with explosive growth in broadband subscribers and traffic, service providers need leading-edge networks, and because of their hugely rich cash flows, they can continue to roll out infrastructure at a rapid rate; its not so much a case of builduAsian service providers spend significant amounts on networking gear for mobile traffic backhaul as mobile data traffic grows; iMODE (in Japan) and iPAS (in China and India) are examples of successful mobile data services driving spending on networking geuChina plans to urbanize another 25% of the population (which is about 300M people) by creating 400 to 500 new cities with 500K+ populations; these will be new "buffer zones" around existing metro areas; the timeframe is unknown, but this amounts to lots oEnterprise Market FactorsuAccording to the Semiconductor Industry Association, worldwide semiconductor sales increased 6.8% in 2005, to $227.5B; the association forecasts 2006 growth of 7.9%, and sales-to-date seem to support that growth, with January and February sales both up 7%uThe Telecom Industry Association (TIA) reported that U.S. telecommunications spending rose 8.9% in 2005 to an estimated $857B and international spending (outside the United States) reached $1.8T in 2005, up 11.4% over 2004Middle East/Africa was the fastest-growing region in 2005, with an 18.4% increase to $67BInternational telecommunications spending is expected to reach $2.7T in 2009, a CAGR (2006-2009) of 10.4%, with US spending rising 10.2% in 2006 to $945BuThe US congress let an important research and development tax credit for businesses of all sizes expire on December 31, 2005; roughly 75% of the tax credit dollars were used to provide high skilled, high wage jobs in America; this could have a noticeableuMany networking companies believe that small and medium organizations represent a good opportunity for network spending over the next 5 years and are focusing on developing products and solutions targeted at SMBs; SMBs demand different types of products,u2005 was another great year for enterprise PC replacement; during the economic downturn, many companies stretched the active lives of their PCs and laptops from a historical 3-year average to 4 or even 5 years, but as desktop maintenance and support costsuThe final Bureau of Economic Analysis data on Gross Domestic Product for 4Q05 shows signs of growth in the US economyReal gross domestic product increased at an annual rate of 1.7% in the fourth quarter of 2005, according to final estimates; in the third quarter, real GDP increased 4.1%The major contributors to the increase in real GDP in the fourth quarter were private inventory investment, personal consumption expenditures (PCE), exports, equipment and software, and residential fixed investmentFinal sales of computers contributed 0.33 percentage point to the fourth-quarter growth in real GDP after contributing 0.16 percentage point to the third-quarter growthuHurricane Katrinas impact on real US GDP and corporate profit growth was relatively minor and transitory; the direct impact in terms of lost output is a small percentage of national accounts and will be partially offset by rebuilding; energy costs went uuMost network equipment companies turned their focus to enterprise customers during the service provider collapse of 2001 to 2003; but as the overall health of the telecommunications market has improved since the end of 2003, product manufacturers are eyeiConvergence is the overarching goal for many enterprise IT departments: convergence of the wired and wireless LAN, convergence of the voice and data network, and convergence of desktop and portable data device functionality; user organizations are seekingCompanies of all sizes continue to invest in VPN and security technology to decrease the cost of networking and increase the security of their highly distributed networks; in 2005 we saw the emergence of interest in 2 key areas of security: NAC (network a2005 showed significant growth in the wireless LAN market as wireless LAN access points, switching systems, and security solutions all matured into robust enterprise-class products, and service providers continue to roll out wireless LAN hotspots and alsoOrganizations of all sizes have increasingly mobile and data-reliant workforces, so the need for Internet and corporate network access while on the move is becoming crucial in order to drive efficiency; user organizations are moving beyond plain vanilla wEnterprises of all types and sizes are starting to evaluate the merits of IP telephony platforms; while this market is still in the beginning stages, it currently enjoys a 16% CAGR (2005-2009); spending on IP telephony equipment benefits other product seThe world of enterprise routing and switching is getting a jolt of excitement; over the last 5 years Cisco became a dominant force in enterprise networks, and their major competitors have weakened (for the most part); the channel has had trouble staying iuThe weak US dollar is helping with exports of US based companies selling overseas and hurting foreign company sales in the US; conversely, as the value of the dollar rises again there will be a period during which US companies selling internationally willuIn many cases, the emerging technologies we track are designed specifically to increase productivity; advanced networking technologies allow users to do more work in less time, generating more revenue with the same resources; enterprise customers are focu&L&"Arial,Italic" 2006 Infonetics Research, Inc.&C&"Arial,Italic"Network Intrusion Prevention Market Outlook:Worldwide Market Share and ForecastMay 17, 2006&R&"Arial,Italic"Page &PAnalysis, Factors & AssumptionsNetwork Intrusion Prevention Market Analysis, Factors, and AssumptionsFundamental driversuThere is no question that intrusion prevention technology is hot, but IPS technology can be consumed in a variety of forms, from dedicated IPS appliances, to multifunction security products running some IPS filters, to network devices with IPS capabilitieuOverall, network security technologies are rapidly converging; the network security appliance market is made up of products that integrate firewall, VPN, anti-virus, Web security, application security, intrusion detection, intrusion prevention, authenticaThe firewall is still the center of network security, and most traditional firewall vendors integrated anti-virus, intrusion prevention, Web security, and a host of other functions into their products; there are obvious differences between these technologMany intrusion prevention vendors have quietly added IPSec VPN and stateful inspection firewall technology to their products in the hope that customers will deploy initially for intrusion prevention, and then consider replacing their existing firewall andThere is an emerging class of security appliances, loosely grouped as "threat prevention" products, that aim to help users stop viruses, spam, spyware, malware, and other Web threats; many of these products do not integrate VPN and firewalluMost end-users are still moving from a model of centralized Internet connectivity to distributed connectivity, which will continue for at least the next 5 years; low cost Internet bandwidth is widely available, and it makes sense to take advantage of theThis trend helps spread IPS technology into a wide variety of products at a wide variety of prices, from high performance data center products, to IPS integrated into a secure router for remote office connectivity; the threats are everywhere, and most comIPS has made the transition from niche security technology to core network infrastructure, similar to the transition firewalls made between 1995 and 2001 (those years account for the bulk of the transition in the firewall market); now that almost every oruA major hardware trend in security is being driven by increased security needs within the LAN, and by the consequent migration of security products that were designed for the network edge inward to the heart of the LAN; vendors have developed high performuMajor networking and security players have made huge investments in IPS technology in an attempt to satisfy demand; this isnt a fundamental driver for adoption of the technology as much as it is proof that end-user demand is as strong as we have measureduTechnology innovations in IPS are really pushing these products into the mainstream, and have significant influence over our forecasts:Most IPS vendors build products that combine multiple detection methods (signature, protocol anomaly, traffic anomaly, etc.), which helps cut down on false positives and false negatives, making IDS more accurate and easier to use; moving forward, successfAnother problem is event correlation; traditional IDS systems generate many event logs, and though most of these systems come with tools to analyze (and eventually act on) attack data, the situation is more complicated; firewalls generate event logs thatNetworks keep getting faster, and IDS/IPS cannot be a performance bottleneck; IPS needs to perform at Gigabit and multi-Gigabit rates to keep up with the fastest LAN segments, and while some vendors achieve these speeds with software on general purpose haMarket size and forecastsuWorldwide dedicated IPS appliance revenue was $165M in CYO5, and will grow 224% to $532M in CY09; currently an average of about 65% of in-line IDS/IPS product revenue comes from products that are actually being used in line in prevention mode with a signiThe tremendous increase in the number of content related attacks affecting networks of all types and sizes is driving many people to look at IPS products, as they are one of the main platforms that offer integrated content securityMany customers are looking to IPS appliances to help control and block "grey net" traffic such as P2P, IM, and other hard to track network traffic, and in order to do this, the product has to be running in line in prevention modeRegulatory pressure from a variety of agencies in a variety of vertical markets is forcing many companies to move to IPS quickly to meet regulatory requirements, even if customers aren't exactly ready to be full in line yetuWorldwide, security appliance, router, and switches with integrated IPS capability (whether or not they were used for IPS applications) represented an $1.8B opportunity in CY05, and will grow 278% to $6.8B in CY09Many integrated security appliances shipping today have support for IPS (around 22%), and we see that number jump to over 55% by 2009 as vendors see demand from customers and have the time to either build their own IPS code into products, or acquire codeMore and more enterprise routers (typically branch and remote office products) are starting to ship with the basics of IPS built in; generally this means DOS and DDOS prevention and a handful of very common attack signatures, but over time these productsThe Ethernet switch market is seeing an injection of excitement that hasn't been seen since the early days of Gigabit Ethernet, and most of it centers around the integration of security; in the second quarter of 2006 Consentry networks introduced the firsManufacturers and market shareuWhen looking at vendor market share for dedicated IPS appliances actually running in in-line mode:TippingPoint (3Com) comes out on top; they have an incredibly high percentage of customers running their products not only in line, but running their default recommended settings of over 800 filters (with minor tweaks); they have a 33% share in 2005, nearCisco comes in 2nd overall in 2005 (just barely) with 17% share; we estimate that just over 50% (though rising quickly) of their customers use their products in line with a significant number of filters; Cisco's real strength overall though is in their abJuniper comes in 3rd overall with a 16% share of revenue, but they have a very high percentage of customers actually using their products in-line (second only to TippingPoint)McAfee and ISS round out the 4th and 5th spots with similar numbers; ISS has a strong IDS legacy, and though they've been successful selling IPS, their installed base of happy IDS customers, and their reputation as an IDS supplier hurts them in this study&L&"Arial,Italic" 2006 Infonetics Research, Inc.&C&"Arial,Italic"Network Intrusion Prevention Market Outlook:Worldwide Market Share and ForecastMay 17, 2006&R&"Arial,Italic"Page &PDemand-Side Study DataDemand-Side Study DataWe verify our supply-side forecasts with our demand-side research, and work closely with vendors, service providers, chip and component manufacturers, and the channel to gather and validate actual data and market trends. This gives us a thorough, accurateuIn our study User Plans for Security Products and Services: North America 2005 we found that:29% of respondents will purchase or are considering purchasing wireless LAN security productsThe fear of being hacked by outsiders is a leading factor that pushes respondents to buy security products and servicesWe asked respondents which form factors they plan to use for IPS, and integrated appliances win overallWhen it comes to network security, hardware appliances, software, and secure routers are preferred form-factors for most respondents now and in 2007We asked our integrated security appliance respondents what security technologies they use simultaneously in integrated security appliances now and in 2007; firewall and VPN is clearly the base for an integrated appliance, but after that most respondentsSecure routers have a few obvious feature combinations, the first being simply router with integrated firewall and VPN, the second being router with firewall, VPN, and enhanced network protection (DOS, IDS/IPS), and the third being a router with all of thMost security products (regardless of deployment location) stay in service for 2 to 4 years, with lower-end products (remote and telecommuter) having a shorter life-span, and higher-end products (for branch, HQ, and data center deployments) having a longeuIn our study Service Provider Plans for VPNs and Security: North America, Europe, and Asia Pacific 2006 we found that:Appliances are the most popular CPE form factor by far; service providers are incredibly concerned with the ease and cost of deployment, and simply put, appliances are cheaper and easier to deploy than software in most cases, and more available than routeCisco, ISS, Juniper, and 3Com lead the currently installed manufacturers of intrusion detection and prevention CPEuIn our study User Plans for Routers: North American Vertical Markets 2005 we found that:The top emerging technology trend, regardless of site type or time frame, is the integration of security features like firewall, VPN, IDS, etc., into routers; this is followed by support for VoIP, like QoS or voice gateway portsCisco leads the list of installed router vendors by far, with 93% of respondent companies using Cisco routers; this correlates with our quarterly market share service Enterprise Routers, where Cisco accounted for 84% of CY04 router revenueRespondents replace their routers because either technology has evolved, or the product simply fails; no other reason comes even close; depreciation does not play very much into the replacement decisionRespondents don't think additional competition is needed in the router market; about a quarter can't think of who should enter the market, and in the rare instance that respondents could think of somebody, IT names like Microsoft and Dell surfaced, as wel&L&"Arial,Italic" 2006 Infonetics Research, Inc.&C&"Arial,Italic"Network Intrusion Prevention Market Outlook:Worldwide Market Share and ForecastMay 17, 2006&R&"Arial,Italic"Page &PWorldwide MarketWorldwide Network Intrusion Prevention Market Size and Forecast5-YearApplication SplitCY2005CY2006CY2007CY2008CY20095-Year TotalCAGRDedicated IPS AppliancesUnits9,81622,52030,81042,17650,829156,15051%GrowthNA129%37%37%21%Revenue$164,736,115$277,439,900$359,660,291$454,696,018$531,756,618$1,788,288,94234%GrowthNA68%30%26%17%5-YearTotal Available MarketCY2005CY2006CY2007CY2008CY20095-Year TotalCAGRIntegrated Security Appliances with IPSUnits263,243423,995628,969827,341967,1023,110,64938%GrowthNA61%48%32%17%Revenue$442,388,786$628,686,646$873,865,006$1,091,724,328$1,245,931,456$4,282,596,22130%GrowthNA42%39%25%14%Enterprise Routers with IPSUnits100,527169,628310,335492,990731,7241,805,20464%GrowthNA69%83%59%48%Revenue$249,159,965$416,868,836$737,925,687$1,116,157,471$1,536,665,889$4,056,777,84858%GrowthNA67%77%51%38%Ethernet LAN Switches with IPSRevenue$361,564,633$725,470,691$1,633,494,724$2,912,411,453$4,045,943,223$9,678,884,72583%GrowthNA101%125%78%39%Total revenue$1,053,113,384$1,771,026,173$3,245,285,416$5,120,293,252$6,828,540,568$18,018,258,79360%GrowthNA68%83%58%33%Dedicated IPS Appliances Revenue20052006200720082009$165$277$360$455$532Integrated Security Appliances, Enterprise Routers, & Ethernet LAN Switches with IPS Revenue20052006200720082009Intgrtd Security App w/IPS$442$629$874$1,092$1,246Enterprise Router w/IPS$249$417$738$1,116$1,537Ethernet LAN Sw w/IPS$362$725$1,633$2,912$4,046&L&"Arial,Italic" 2006 Infonetics Research, Inc.&C&"Arial,Italic"Network Intrusion Prevention Market Outlook:Worldwide Market Share and ForecastMay 17, 2006&R&"Arial,Italic"Page &PWorldwide Market000000000000000Intgrtd Security App w/IPSEnterprise Router w/IPSEthernet LAN Sw w/IPSCalendar YearRevenue ($M)Worldwide Integrated Security Appliances, Enterprise Routers, & Ethernet LAN Switches with IPS RevenueWW Dedicated IPS Appliance MS00000Calendar YearRevenue ($M)Worldwide Dedicated IPS Appliances RevenueWorldwide Dedicated IPS Appliance Market ShareCY05ManufacturerCategoryAmountShareRankCiscoUnits3,56036%1Revenue$28,192,40117%2ISSUnits1,40814%4Revenue$24,256,40215%4JuniperUnits1,44515%3Revenue$27,156,14716%3McAfeeUnits4224%5Revenue$19,382,25712%5TippingPointUnits2,42925%2Revenue$54,319,64733%1OtherUnits5526%NARevenue$11,429,2627%NATotal Units9,816100%Total Revenue$164,736,115100%WWUnitsCY05Cisco36%TippingPoint25%Juniper15%ISS14%McAfee4%Other6%100%WWRevenueCY05TippingPoint33%Cisco17%Juniper16%ISS15%McAfee12%Other7%100%&L&"Arial,Italic" 2006 Infonetics Research, Inc.&C&"Arial,Italic"Network Intrusion Prevention Market Outlook:Worldwide Market Share and ForecastMay 17, 2006&R&"Arial,Italic"Page &P000000CY05 Worldwide Dedicated IPS Appliance Unit Market Share000000CY05 Worldwide Dedicated IPS Appliance Revenue Market Share3Com ConfidentialTippingPoint,AwardsTippingPoint3Com ConfidentialTippingPointUniversity Business Magazine "Show Stopper" Award The Tolly Group "Up To Spec" Performance and security benchmark. TippingPoint's IPS demonstrated 100% security accuracy at 2 Gbps. NSS Gold Award The TippingPoint Intrusion Prevention System is the first and only product to win the coveted NSS Gold Award in the IPS space. The NSS Group testing was the first comprehensive side-by-side comparison of leading Intrusion Prevention System vendors - TippingPoint, ISS, Network Associates, Netscreen and TopLayer. The full report is available at http://www.nss.co.uk/. Click here to read TippingPoint's NSS Gold Award Summary. ICSA Labs Network IPS Certification The TippingPoint Intrusion Prevention System has been certified by ICSA Labs as the first multi-gigabit network IPS. As one of only three products to be certified in the Network IPS category, TippingPoint was the only product with a certified rated throughput at multi-gigabit speeds with a maximum average one-way latency of 84 microseconds. Information Security Magazine's 2007 Reader's Choice Awards The TippingPoint Intrusion Prevention System has received a Gold in Information Security Magazine's and SearchSecurity.com's "Readers' Choice Awards" in the Intrusion Detection/Prevention category. Frost & Sullivan 2007 Global Market Penetration Leadership Award TippingPoint has been awarded the 2007 Global Market Penetration Leadership Award from Frost & Sullivan for exhibiting market share leadership through the implementation of market strategy. SC Magazine 2007 Awards The TippingPoint 5000E is a finalist in the 2007 SC Magazine Awards for Best Intrusion Detection/Prevention Solution. 3Com ConfidentialICSA 3Com ConfidentialNSS Gold TippingPoint IPS3Com ConfidentialTippingPoint--IPS TippingPoint Xilinx Vertex 4 FPGA (Layer 7) Layer 4 (ASIC) IP de-fragmentation/TCP flow reassemblyL4-L7170 Gigabit (Latency under Microsecond) Gigabit Latency 3Com ConfidentialTippingPoint IPSHigh Performance Custom HardwareHighly Advanced Prevention FiltersConstant Update Protection Service5 Gbps ThroughputSwitch-Like Latency 2M Sessions250K Sessions/SecondTotal Flow Inspection64K Rate Shaping Queues10K Parallel Filters3Com Confidential???----,--,3Com Confidential2007-01-01Microsoft1 (3), (1)Microsoft Excel (927198)Microsoft Outlook (925938) (929969)2 (6), (6)HTML Help ActiveX (928843)Microsoft Data Access Components (927779)Microsoft Malware Protection Engine (932135)Microsoft Word (929434)Microsoft Office (932554)Internet Explorer (928090)4 (5), (1)..3Com Confidential2007-01-01 continueTWCERT 2007423Sheet1TW-CA-2007-048-[ TA07-103A: Microsoft Windows DNS RPC Buffer Overflow ]4/17/03TW-CA-2007-047-[ 91285: Cisco Applied Intelligence Response: Identifying and Mitigating Exploitation of the Multiple Vulnerabilities in the Cisco Wireless Control System ]4/17/03TW-CA-2007-046-[ 82128: Multiple Vulnerabilities in the Cisco Wireless Control System ]4/17/03TW-CA-2007-045-[ RHSA-2007:0126-01: Important: xorg-x11 security update ]4/11/03TW-CA-2007-044-[ RHSA-2007:0125-01: Important: XFree86 security update ]4/11/03TW-CA-2007-043-[ 81734: Crafted IP Option Vulnerability ]4/11/03TW-CA-2007-042-[ RHSA-2007:0095-01: Critical: krb5 security update ]4/10/03TW-CA-2007-041-[ RHSA-2007:0132-01: Important: libXfont security update ]4/10/03TW-CA-2007-040-[ 81825: SIP Packet Reloads IOS Devices Not Configured for SIP ]4/10/03TW-CA-2007-039-[ TA07-100A: Microsoft Updates for Multiple Vulnerabilities ]4/10/03TW-CA-2007-038-[ 82211: Cisco Applied Intelligence Response: Identifying and Mitigating Exploitation of the Cisco Catalyst 6000, 6500 Series, and Cisco 7600 Series NAM (Network Analysis Module) Vulnerability ]4/10/03TW-CA-2007-037-[ 81865: Cisco Catalyst 6000, 6500 and Cisco 7600 Series MPLS Packet Vulnerability ]4/10/03TW-CA-2007-036-[ TA07-093A: Microsoft Update for Windows Animated Cursor Vulnerability ]4/8/03TW-CA-2007-035-[ TA07-093B: MIT Kerberos Vulnerabilities ]4/8/03TW-CA-2007-034-[ TA07-089A: Microsoft Windows ANI header stack buffer overflow ]4/8/03TW-CA-2007-033-[ RHSA-2007:0124-01: Moderate: file security update ]4/8/03TW-CA-2007-032-[ RHSA-2007:0033-01: Important: openoffice.org security update ]4/8/03TW-CA-2007-031-[ RHSA-2007:0055-01: Important: libwpd security update ]4/8/03TW-CA-2007-030-[ 82327: Multiple Cisco Unified CallManager and Presence Server Denial of Service Vulnerabilities ]4/8/03TW-CA-2007-029-[ 82202: Cisco Applied Intelligence Response: Identifying and Mitigating Exploitation of Cisco Catalyst 6000, 6500, and Cisco 7600 Series MPLS Packet Vulnerability ]4/8/03TW-CA-2007-028-[ 81993: Cisco Applied Intelligence Response: Identifying and Mitigating Exploitation of Multiple Vulnerabilities in Cisco ASA/PIX/FWSM Firewalls ]4/8/03TW-CA-2007-027-[ 81863: Cisco Catalyst 6000, 6500 Series and Cisco 7600 Series NAM (Network Analysis Module) Vulnerability ]4/8/03TW-CA-2007-026-[ 81816: Cisco Applied Intelligence Response: Identifying and Mitigating Exploitation of the SIP Packet Reloads IOS Devices Not Configured for SIP Vulnerability ]4/8/03Sheet2Sheet33Com Confidential2007-01-01 continueTWCERT 48Windows(6)Red Hat(16)Apple MAC OS(2)Sun Solaris(2)FreeBSD(2)CISCO(14)Kerberos(2)Sourcefire Snort(1)Oracle(1)Apple QuickTime(2)3Com Confidential, 3Com Confidential -Windows DNS Server RPC Microsoft Windows 2000 Server Service Pack 4Microsoft Windows Server 2003 Service Pack 1Microsoft Windows Server 2003 Service Pack 2 4 12 Windows (DNS) Remote Procedure Call( ) 4 18 xxxx 4 195 8 3Com Confidential -TippingPoint 4 13 72595290: MS-RPC: Microsoft DNS Server Service Fragmented Request5291: MS-RPC: Microsoft DNS Service Buffer Overflow5292: MS-RPC: Microsoft DNS Service Buffer Overflow 5293: MS-RPC: Microsoft DNS Service Request (5293) Internet DNS RPC . TCP Port >1023 TCP Port 139 445 3Com Confidential -Windows GDI (925902)Microsoft Windows 2000 Server Service Pack 4Microsoft Windows XP Service Pack 2Microsoft Windows Server 2003 Service Pack 2Microsoft Windows Vista 4 3 Microsoft Windows (.ani) 4 3 CERT2006-11-06CERTCVE-2006-57584,.ANI,,3Com Confidential -TippingPoint20043210: HTTP: Windows LoadImage API Buffer Overflow .ANI fileTippingPoint23Com Confidential(2006.6.13)#63062006/6/132006/6/13Filter3Com ConfidentialTippingPoint,SANSCERTVendor AdvisoriesBugtraqVulnWatchPacketStormSecuriteamTippingPointZDI--(ex: TW CERT), -- @RISKWeekly ReportTippingPoint DVSANS Institute@RiskTippingPoint3Com ConfidentialDV3Com Confidential07103Com ConfidentialTippingPointTippingPoint 3Com ConfidentialIPS ProtocolAnomalySignatureVulnerabilityTrafficAnomalySignature--Protocol Anomaly --ProtocolRFCVulnerability--Traffic Anomaly --3Com Confidential, L4-L7 ( port 80) , , TippingPointDV Service3Com ConfidentialTippingPoint 10 Gbps Core Controller8 Gbps * 4 IPS * FiberIPS,3Com ConfidentialPerimeterInternalInternetLAN SegmentLAN SegmentEnterpriseNetworkWi-FiRemote BranchSecureVulnerable XAttacks Blocked Attacks enter from LAN endpoints3Com Confidential(Quarantine) #1: IPS OnlyIPS,IPSActionIPS IPS()InternetCoreTippingPoint IPS8800 Switch8800 SwitchCatalyst 65005500 SwitchWLANs1200 SwitchRemediation Page3Com Confidential(Quarantine) #2: IPS + SMSTippingPoint Security Management System (SMS)SMS Radius proxy, RADAMAC/Switch/PortIPSIPSEvent dataSMSSMSthresholdSMSIPMACInternetCoreRadiusTippingPoint SMSTippingPoint IPS8800 Switch8800 Switch5500 SwitchWLANs1200 SwitchMAC Addressblacklist policy setSMScompromised device(re-authentication)Compromised Device--:Port,Catalyst 65003Com ConfidentialTippingPointIPSNACTippingPointThank YouIn summary, TippingPoint is THE chosen Intrusion Prevention System because of :Best performanceEasiest to use and maintainMost accurate protection filters (no false positives or false negatives)Greatest throughput of any IPS on the marketThe greatest proof of what our product can do comes via the direct testimony from existing customers. They tell us that as a result of deploying our technology, they have been able to greatly lower their TCO for security and network administration on an ongoing basis, as well as boost overall user productivity and profitability.The customer base is growing fast.Every customer that purchases our product deploys it inline to block attacks (the majority of competitor deployments are in SPAN mode)Great cross-section of industries represented in this sampling of our customersStrong verticals include higher education, e-businesses, financial, and governmentHigher education is no surprise given the high-bandwidth and open access nature of those environments in fact very similar to the service provider industry which is coming on strong.We were most recently honored with the coveted NSS Gold award. Only the 4th such award ever given by NSS and the first in the IDS/IPS category. The test environment and methodology took a year to prepare. Then, all the top industry players participated including: ISS, Cisco, NAI, Netscreen and TopLayer (although Cisco dropped out). Each product was put through and extensive set of 750 qualitative tests and then a comprehensive usability test, which took two weeks per product to complete. The final 300 page report is available at the NSS web site (http://www.nss.co.uk/default.htm). Headquartered in the UK with a test lab in France, NSS has made a name for itself in both network and security product testing. They were also the first to conduct gigabit IDS testing.In summary, TippingPoint is THE chosen Intrusion Prevention System because of :Best performanceEasiest to use and maintainMost accurate protection filters (no false positives or false negatives)Greatest throughput of any IPS on the marketWhen TippingPoint (now 3Com) pioneered this new product category with the first IPS at RSA in Jan of 2002, this was met with considerable controversy. Without exception, every IDS and firewall vendor dismissed the concept as impossible, citing it would never work due to performance bottleneck and false positive issues. We knew that as a startup, we would not survive 6 months if we introduced a product that failed to meet performance and accuracy requirements.The performance and accuracy concerns were understandable and if you look at legacy IDS products, not surprising. But, in our research we realized that there where both historical as well as technical reasons why IDS products had failed. Historically, the IDS was designed as an investigative tool to notify IT administrators whenever something suspicious in the network occurs. It was never designed as an active element to actively protect. Technically, all these products where software-based and furthermore, there are a number of technology components that simply did not exist 4-5 years ago like multi-gig network processors and 10 million gate FPGAs. Both of these factors impacted the design of IDSs and contributed to their consequent performance and accuracy limitations. This is important to appreciate since many of todays IPSs are really IDSs at their core, and suffer from these same limitations.As a result of our unique and technologically advanced appliance, we are able to provide 3 main forms of protection:Application Protection:Application Protection defends clients and servers from OS and application attacks. TippingPoint vulnerability filters cover an entire vulnerability and will block all variations of exploits that attack it. TippingPoint was the first to introduce focus around VOIP security.This requires the ability to inspect reassembled payloads at the application layer. We protect Peer2Peer, Instant Messaging and many other applications via blocking, throttling or notifying the malware around them.TippingPoints performance makes it possible to be deployed at high-speed internal links. This protects the network from internal attacks and can segment a campus into security zones to prevent infection from traveling between zones.Application and Protocol Anomaly filters provide zero-day protection against unknown attacks. Traffic anomaly filters will contain anomalous traffic surges to mitigate DDoS attacks or the spread of a worm. Vulnerability filters are equivalent to a virtual software patch that eliminates the need for emergency patching when a new vulnerability is announced.Infrastructure Protection:Infrastructure protection defends network equipment like routers, switches, DNS servers and Firewalls from attacks.This protection comes in several flavors:Signature filters cover known worms and viruses that are pervading the network. Recent attacks like Zotob in August 2005 produce recognizable characteristics which no matter how many variants, TippingPoint provides signature filter protection.Vulnerability filters that cover specific component vulnerabilities like Cisco IOS or the recent Checkpoint Firewall vulnerabilities. As VoIP becomes more popular, it will be a critical infrastructure service that must be protected from all the same types of IP-Network attacks that other IP infrastructure equipment faces. We recently released a set of filters that protect against a variety of H.323 vulnerabilities.Traffic Anomaly filters protect the infrastructure against anomalous traffic behavior. TippingPoint can automatically baseline the environment it is placed in and then establish thresholds that will trigger filters when (application, protocol, or IP address) traffic exceeds normal levels.Protocol Anomaly filters protect the infrastructure and applications from anomalous protocol behavior. TippingPoint can quickly discern whether specific traffic that normally passes through a designated port is attempting to pass through a different port and take the necessary action.Finally, custom IP filters can be set to offload router ACLs and avoid performance degradation that may otherwise occur.Performance Protection:Performance Protection is a very powerful capability to throttle and control bandwidth usage of non-mission critical applications. TippingPoint is equipped with a large set of peer-to-peer application filters as well as IM, Spyware and Phishing. These filters can be set to block or throttle applications to a preset threshold (and are direction sensitive in case that is desirable).This can eliminate bandwidth hijacking to protect mission critical applications.Custom filters can also be created to control other applications/IP addresses on an individual basis.The value proposition is simple and straight forward:With the IPS in your network you will:Eliminate downtime due to exploits being blockedEliminate time to investigate alerts and remediate infected systemsTake back control of the network and IT resources with scheduled downtime for patches rather than hair-on-fire emergency proceduresReclaim bandwidth and speed up the network for legitimate trafficThis slide represents how TippingPoint defines IPS and what TippingPoint delivers. Because we took a network-centric approach to Intrusion Prevention, our architecture was designed for very high-speed, low latency packet processing. This platform is built upon the TippingPoint Threat Suppression Engine which consists of an Agere Network Processor and a collection of our own custom ASICs. We define three pillars of protection that are necessary for complete network security. Traditional IPSs focus on the Application Protection pillar which is in fact what was tested at NSS. This capability incldes protection for all varieties of application and OS vulnerabilities from all varieties of network born attacks like viruses, worms, dos and illegal access attacks. We were happy to be recognized as the best in this arena by the NSS group, but in truth view this as table stakes for IPSs. Our protection now extends far beyond this. Comment: 10K Parallel filters means this is how many filter checks we can perform SIMULTANEOUSLY, which is extremely powerful the most in the industry. This is not the upper limit on filters.Using a transportation metaphor, an application can be likened to a delivery truck traveling across a bridge to carry a package from point A to point B. Application Protection is equivalent to examining the contents of the package (making sure its not a bomb) versus simply looking at the vehicles license plate (i.e., firewall examining a packet header) before allowing it to cross the bridge. However, successful delivery of the package also depends on the integrity of the bridge. The bridge represents the network infrastructure and must also be protected. Infrastructure Protection for the bridge is equivalent to preventing any attacks on the routers, firewalls and switches in a network. Finally, if there is a traffic jam on the bridge that does not allow the truck to pass, it is equivalent to packets congesting the network. Performance Protection ensures that a lane is open on the bridge or equivalently, that there is available bandwidth on the network. All three components are necessary to protect the goal of delivering the package from point A to point B. The next three slides describe each of these Protection pillars in more detail.This slide represents how TippingPoint defines IPS and what TippingPoint delivers. Because we took a network-centric approach to Intrusion Prevention, our architecture was designed for very high-speed, low latency packet processing. This platform is built upon the TippingPoint Threat Suppression Engine which consists of an Agere Network Processor and a collection of our own custom ASICs. We define three pillars of protection that are necessary for complete network security. Traditional IPSs focus on the Application Protection pillar which is in fact what was tested at NSS. This capability incldes protection for all varieties of application and OS vulnerabilities from all varieties of network born attacks like viruses, worms, dos and illegal access attacks. We were happy to be recognized as the best in this arena by the NSS group, but in truth view this as table stakes for IPSs. Our protection now extends far beyond this. Comment: 10K Parallel filters means this is how many filter checks we can perform SIMULTANEOUSLY, which is extremely powerful the most in the industry. This is not the upper limit on filters.Using a transportation metaphor, an application can be likened to a delivery truck traveling across a bridge to carry a package from point A to point B. Application Protection is equivalent to examining the contents of the package (making sure its not a bomb) versus simply looking at the vehicles license plate (i.e., firewall examining a packet header) before allowing it to cross the bridge. However, successful delivery of the package also depends on the integrity of the bridge. The bridge represents the network infrastructure and must also be protected. Infrastructure Protection for the bridge is equivalent to preventing any attacks on the routers, firewalls and switches in a network. Finally, if there is a traffic jam on the bridge that does not allow the truck to pass, it is equivalent to packets congesting the network. Performance Protection ensures that a lane is open on the bridge or equivalently, that there is available bandwidth on the network. All three components are necessary to protect the goal of delivering the package from point A to point B. The next three slides describe each of these Protection pillars in more detail.The UnityOne comes in a variety of speeds and feeds to protect all segments in a network. Perimeter protection has even moved to the outside of the firewall in various customer environments.Datacenters and core network segments typically require faster boxes.Remote offices can be protected using a smaller box or by aggregation in a larger one.The important fact is that attacks can be prevented from the outside as well as from the inside.During the Blaster epidemic, a vast majority of infections occurred via walk-in worms that were brought into the network on an infected laptop.TippingPoint is the only vendor to provide the breadth and depth of product line capable of perimeter protection at low bandwidths (less than 50 mb) to 5+ gigabit and expandable to 60+Gbps throughputs at the LAN and datacenter. All products are centrally manageable through the SMS or via its own local security manager interface. The flexibility of port count and copper or fiber connections enables an easy overlay into an existing network without disruption. One of TippingPoints main values is that implementation is quick and easy with low maintenance.Heres what you get when NW and SEC converge:end-to-end, internal and external protection for the business(via) a product that is purpose-built for a single job:to protect your business at perim, core, int. segments from todays evolving threat environment

Recommended

View more >