Review: TippingPoint UnityOne-1200

By on

Based on custom-designed high-speed security processors, the UnityOne network-based Intrusion Prevention Appliances (IPA) and Intrusion Prevention Systems (IPS) are designed to stop cyberattacks in the network before such attacks can infect, damage or destroy core IT assets.

Based on custom-designed high-speed security processors, the UnityOne network-based Intrusion Prevention Appliances (IPA) and Intrusion Prevention Systems (IPS) are designed to stop cyberattacks in the network before such attacks can infect, damage or destroy core IT assets.

UnityOne IPA and IPS offer network-based filtering of some 1,450 worms, Trojans, viruses, hybrid attacks, distributed denial-of-service (DDoS) and others, as well as peer-to-peer (P2P) piracy prevention that stops P2P theft and limits copyright infringement liability.

Performance at all levels of our load tests was impeccable, with 100 percent of attacks being detected and blocked under all load conditions. We rate the UnityOne-1200 as a true 1Gbps device. Latency figures were considered to be exceptionally low for a device of this type at all traffic loads and with all packet sizes – even under attack.

The UnityOne performed consistently and reliably throughout our tests, continuing to pass legitimate traffic while blocking attack traffic in a consistent manner. Exposing the sensor interface to an extended run of IP Stack Integrity Checker (ISIC)-generated traffic had no adverse effect, and the device continued to detect and block all other exploits throughout and following the ISIC attack.

High Availability (HA) options are well covered with the TippingPoint product range, covering everything from multiple redundant components (such as fans and power supplies), through intrinsic HA with a single device, to full-blown HA configurations with multiple UnityOne sensors.

Signature recognition and blocking capabilities were excellent out of the box – resistance to false positives and evasion techniques was excellent, and we would be quite happy to deploy this device in a live network with the "Recommended" settings activated.

A huge amount of redevelopment work has gone into this latest release, and those who are used to the original SMS console will hardly recognize the latest version. Although most of the underlying architectural and operational principles remain the same, the user interface is much more powerful and flexible, and yet is easier and more intuitive to use.

A lot of effort has been put into ensuring that the user experience is consistent throughout the package and that the administrator is not forced to navigate between multiple screens to perform critical operations.

Indeed, by judicious use of right-click menus throughout the system and the implementation of the browser model with the back and forward buttons on the toolbar, the administrator can choose the best way to navigate the system.

Initial installation and configuration has been made as simple as possible via the use of similar set-up wizards for both the IPA/IPS and SMS appliances, and the front-panel keypad and display set-up capability means that it is not even necessary to attach a PC to the IPA appliance in order to perform the initial configuration.

Within the SMS, the Profile Editor is the best we have seen on any IDS/IPS device, providing one of the most flexible and intuitive ways to create and deploy policies across all the system devices. The "recommended settings" effect on the usability of the system is impressive, making this product extremely straightforward to deploy in blocking mode from day one. Yes, many filters are deployed out of the box in "permit and notify" mode, but these can be fine-tuned within the first few days or weeks via the excellent alert handling capabilities.

Alert handling is very powerful and flexible, with an intuitive mechanism for analyzing the data behind the alerts (which are generated in almost any conceivable way).

Queries are easy to create and quick to run, and numerous links and menu options are provided to enable filters to be edited and profiles fine-tuned with minimum fuss. The reports are very good, and we liked being able to publish the high-level trend reports (top 10 attacks blocked, and so on) in html to the SMS web server, enabling management to access such reports without using the SMS client.

For those who do not require the complexity of the SMS, the LSM provides the ideal means to manage a single device without that hassle of installing a three-tier management system. Although this has not been improved to the same degree and does not offer the same level of functionality as SMS, it remains the perfect way for administrators to manage one or two devices.

Most vendors eliminate the single-device management option when they introduce a multi-tier management system, and TippingPoint is to be congratulated for continuing to offer the choice.

For:

: Extremely high levels of performance ; Very low latency under all conditions ; Very intuitive and powerful GUI ; Excellent policy management, alert handling and reporting


Against:

: Lack of event correlation.


Verdict:

: Near-perfect security effectiveness with the latency close to that of a layer two switch. The management system is powerful and flexible, yet easy and intuitive to use. The Profile Editor is the best we have seen

Tags:

Most Read Articles

Log In

Username:
Password:
|  Forgot your password?