The company raised over £14m in funding from investors earlier this month, and is planning to spend a considerable chunk of this revenue on expanding into European countries.
ZDNet UK has learned that TippingPoint will open its European headquarters in Amsterdam within two weeks and is already planning to hire staff for other regional offices.
TippingPoint's intrusion prevention systems, sold under the UnityOne brand, analyse network traffic looking for patterns that suggest a cyberattack is taking place, and take action to stop the attack by inspecting the packets flowing across the network and dropping those which it decides are not legitimate.
TippingPoint says this ability to recognise suspicious network behaviour makes makes more sense than security systems that are just based on patches against specific known threats. With so many new vulnerabilities being found in software products each week, the firm says it is all but impossible for IT managers to keep patching against them all.
As an example, TippingPoint cites this August's spate of virus attacks. Both the MSBlast and the Nachi/Welchia worms took advantage of a security hole in various versions of Windows and Windows Server 2003 that had been first disclosed in mid-July. The company claims that no PCs on networks protected by UnityOne were compromised by either virus.
Speaking at NetEvents earlier this month, Marc Willebeek-LeMair, TippingPoint's chief technology officer, warned companies not to rely on intrusion detection systems (IDS) that only alert an IT department to the existence of a problem, rather than address it.
"If you're hit by a worm, all an IDS will do is tell you that 'by the way, you've got a worm in your system that's run riot through thousands of your machines, and I just wanted you to know that,'" Willebeek-LeMair said.
Willebeek-LeMair did add that IDSs have a role as auditing tools, allowing an IT manager to see how his network security is performing -- a point backed up by other experts.
"Saying that IDSs have no place is like saying 'we won't put weapons experts into this country to measure what threat it poses, we'll just invade it,'" insisted Dominic Storey, European technical director for Sourcefire, before adding: "Oops, that just happened." Sourcefire develops Snort, the open-source IDS technology.
UnityOne can also be used to block peer-to-peer applications, making it a popular choice for some American universities -- one of which managed to claw back 45 percent more bandwidth by blocking P2P traffic.
Current prices for the UnityOne range vary from $24,995 (£14,779) to $99,995 (£51,125).
Talkback
I have been involved as a consultant with putting in solutions for IPS and a major drawback to these solutions is they have evolved from IDS and must route between 2 NICS and are notoriously inaccurate.
If there is an interface exposed on an IPS then it can be targeted, and brought down easily.
Also the inability of these software based IPS solutions to handle large DDOS attacks like synfloods mean they are like using some gum to stop a dam.
The only solution worthy of mention to date is an IPS solution from Toplayer Networks which can be deployed in the enterprise or at ISP's as it is L2 and does not interfere with BGP routing. and can handle in excess of 800K syn's/sec on the current platform.
They just released a new product IPS 5500 which can handle synfloods of 2M synsec which a few of my customers are keen to test out.
So it is time for the PC based solutions to stop clouding the market and stick to doing IDS, which they havent even got right 4 years later.
Havent really heard of Tipping point but from what I have heard it is hard to get one of their people to even explain how they deal with a specific threat scenario,