TippingPoint to push into Euro security market

European firms will soon have another vendor encouraging them to secure their networks with an intrusion prevention system

American IT security firm TippingPoint is gearing up to begin selling its range of network intrusion prevention systems in Europe.

The company raised over £14m in funding from investors earlier this month, and is planning to spend a considerable chunk of this revenue on expanding into European countries.

ZDNet UK has learned that TippingPoint will open its European headquarters in Amsterdam within two weeks and is already planning to hire staff for other regional offices.

TippingPoint's intrusion prevention systems, sold under the UnityOne brand, analyse network traffic looking for patterns that suggest a cyberattack is taking place, and take action to stop the attack by inspecting the packets flowing across the network and dropping those which it decides are not legitimate.

TippingPoint says this ability to recognise suspicious network behaviour makes makes more sense than security systems that are just based on patches against specific known threats. With so many new vulnerabilities being found in software products each week, the firm says it is all but impossible for IT managers to keep patching against them all.

As an example, TippingPoint cites this August's spate of virus attacks. Both the MSBlast and the Nachi/Welchia worms took advantage of a security hole in various versions of Windows and Windows Server 2003 that had been first disclosed in mid-July. The company claims that no PCs on networks protected by UnityOne were compromised by either virus.

Speaking at NetEvents earlier this month, Marc Willebeek-LeMair, TippingPoint's chief technology officer, warned companies not to rely on intrusion detection systems (IDS) that only alert an IT department to the existence of a problem, rather than address it.

"If you're hit by a worm, all an IDS will do is tell you that 'by the way, you've got a worm in your system that's run riot through thousands of your machines, and I just wanted you to know that,'" Willebeek-LeMair said.

Willebeek-LeMair did add that IDSs have a role as auditing tools, allowing an IT manager to see how his network security is performing -- a point backed up by other experts.

"Saying that IDSs have no place is like saying 'we won't put weapons experts into this country to measure what threat it poses, we'll just invade it,'" insisted Dominic Storey, European technical director for Sourcefire, before adding: "Oops, that just happened." Sourcefire develops Snort, the open-source IDS technology.

UnityOne can also be used to block peer-to-peer applications, making it a popular choice for some American universities -- one of which managed to claw back 45 percent more bandwidth by blocking P2P traffic.

Current prices for the UnityOne range vary from $24,995 (£14,779) to $99,995 (£51,125).