Data sheet

Redefine next-generation intrusion

prevention systems with the latest
in multi-gigabit NGIPS technology
Introducing HP TippingPoint NX Platform Next Generation Intrusion Prevention Systems

HP is transforming the enterprise security landscape

with its Security Intelligence and Risk Management
(SIRM) Platform. The HP TippingPoint NX Platform Next
Generation Intrusion Prevention System (NGIPS) is a key
component of this overall offering. The SIRM Platform
uniquely leverages advanced threat research with the
powerful correlation of security events and vulnerabilities.
By delivering unparalleled visibility across security assets
in context of business critical processes and applications
we help our customers manage their risk and maximize
their security investments.

Product overview
The HP TippingPoint NX Platform Next Generation Intrusion Prevention
System (NGIPS) achieves a new level of in-line, real-time protection,
providing proactive network security in a smaller footprint for todays
and tomorrows real-world network traffic and data centers. The
NX Platform next-generation architecture adds significant capacity for
deep packet traffic inspection, and its modular software and hardware
design enables the addition of valuable network protection services as
NGIPS continues to evolve from first generation IPS technology. The
HP TippingPoint NX Platform represents the highest performing NGIPS
for its size. This new improved NGIPS platform redefines the next
generation of intrusion prevention as a foundation for comprehensive
network security across all critical areas in the enterprise.

Features and benefits

Technical features

The next generation of IPS and beyond: The NX Platform NGIPS

enables the convergence of new security services such as:
Intelligent blocking via contextcustomer-defined IP DNS
reputation entries, HP TippingPoint Reputation Digital Vaccine
(RepDV), and location-based policies (perimeter, core, and so on).

Next Generation Intrusion Prevention System (NGIPS):

The HP TippingPoint NX Platform NGIPS achieves a new level of
in-line, real-time protection, providing proactive network security
for todays and tomorrows real-world network traffic and data
centers. Its architecture adds significant capacity for deep packet
traffic inspection, and its modular software design enables the
convergence of additional security services.
Proven in-line threat protection: In 2001, HP TippingPoint
developed the in-line IPS to provide the first proactive, in-line
network protection solution that also provided high network
performance and availability. Since 2009, HP TippingPoint has
provided the capabilities defined as NGIPS over two years after
Gartner Research,1 released their definition of NGIPS. The new
HP TippingPoint S7100NX provides 13Gbps of protection in just
two rack units (2U). The NX represents the highest performing
NGIPS per rack unit, saving enterprises rack and data center space,
power consumption, and cooling costs.
Highest port density of any NGIPS available in the market today:
The new NX Platform NGIPS supports a market leading number
of segments across multiple configurations. We can support 16
segments or 24 segments of 1GbE or 4 segments of 40GbE.
New extensible security framework provides a foundation for
growth: The NX Platform NGIPS, similar to the HP TippingPoint
N Series, includes an extensible security framework that has a
modular software design built to support faster development
and deployment of new software protection packages, security
services, and partner security solution integrations.

Application awareness, visibility, and control with deep packet

InspectionHP TippingPoint Application Digital Vaccine
(AppDV), Web Application Digital Vaccine (WebAppDV), and
customer-developed protection filters.
Content awareness and control for inspecting specific file types
and protecting critical information.
Integration with HP Enterprise Security solutions to provide
additional security intelligence, visibility, and control across the
entire data center.
Modular design for solutions integration: The modular design
of the HP TippingPoint NGIPS platform enables integrations with
partner security solutionssuch as vulnerability assessment
and vulnerability management (VA/VM) products, HP WebInspect,
forensics solutions, security event information management
(SIEM) systems (including HP ArcSight Logger), and network-based
anomaly detection (NBAD) products.

Source: Defining next-generation network intrusion prevention, by John Pescatore and

Greg Young, Gartner Inc, Oct 7, 2011.

 Support for a broad set of traffic types: The HP TippingPoint

NX Platform NGIPS supports a wide variety of traffic types and
protocols. It provides uncompromising IPv6/v4 simultaneous
payload inspection and support for related tunneling variants
(4in6, 6in4, and 6in6). It also supports inspection of IPv6/v4 traffic
with VLAN and MPLS tags, mobile IPv4 traffic, GRE and GTP (GPRS
tunneling), and jumbo frames. This breadth of coverage gives IT
administrators the flexibility to deploy NGIPS protection wherever
it is needed.
State-of-the-art threat suppression engine (TSE): The NGIPS
platform employs the latest advancements in our TSE to keep
pace with the changing threats and evolving demands of todays
enterprise networks and data centers. The TSE architecture
utilizes custom ASICs and high-performance network processors
to perform total packet flow inspection at Layers 27, performing
thousands of checks on each packet flow simultaneously, and
delivering a significant deep-packet inspection capacity increase
to support new and future security services.
Proven reliability and redundancy: The NGIPS platform is
designed to deliver unparalleled high availability. This ensures that
network traffic always flows at wire speed in the event of network
error or internal device failure. There are two complementary high
availability modes of operationIntrinsic High Availability and
Stateful Network Redundancythat ensure maximum uptime
and availability for both the NGIPS platform and the security
management system (SMS) devices.
Built-in high availability features: The NGIPS platform has
multiple features for Intrinsic High Availability, including dual
hot-swappable power supplies; watchdog timers to continuously
monitor the security and management engines, so if an internal
error is detected, the NGIPS can automatically fail to wire.
Redundant configuration options: Two NGIPS platforms can be
provisioned using redundant links in a transparent Active-Active or
Active-Passive high availability mode. Because an NGIPS platform
acts as a bump in the wire, does not have an IP address, and does
not participate in routing protocols, it can be deployed in existing
network designs without changing network configurations
including high availability routing protocols such as VRRP, OSPF,
and HSRP, which are passed transparently by the NGIPS.
High throughput inspection for data center and core network
deployments: The HP TippingPoint NGIPS N Series is designed for
data center and network core protection. For these mission-critical
network areas, the HP TippingPoint S7100NX NGIPS platform
delivers automated, in-line inspection up to 13Gbps to protect
network devices, virtualization software, operating systems, and
applications from attack without impeding performance.
Low application latency ensures no degradation of the end-user
experience: The NGIPS platforms unique design ensures that
packet flows are fully inspected and move unimpeded through
the platform with typical latency of less than 80 microseconds,
independent of the number of filters or security services that are
enabled. This eliminates any noticeable application performance
impact from an end-user perspective.

Unmatched filter accuracy assures that legitimate traffic is

not blocked: We use two simple filter writing rules to guarantee
filter accuracyNo False Positives and No False Negatives.
Thats why our HP TippingPoint DVLabs security research team
focuses on creating filters to guard entire vulnerabilities, not just
known exploits. Vulnerability filters block all exploits of software
vulnerability and provide unmatched levels of accuracy so the
NGIPS will not block legitimate traffic while protecting the network.
Virtual patching protects unpatched systems: HP TippingPoint
DVLabs creates vulnerability filters that block all exploits for a
given software vulnerability, creating a virtual patch. These
vulnerability filters protect vulnerabilities in virtualization
software, operation systems, and applications, and are not
exploit specific. They behave like a network-based virtual
software patch to protect downstream hosts from network-based
attacks on unpatched vulnerabilities.
Leading security research team: HP TippingPoint Digital Vaccine
Labs (DVLabs): DVLabs is the premier security research team for
vulnerability discovery in the security industry. The team consists
of industry-recognized researchers who apply cutting-edge
engineering and analysis in their daily operations. DVLabs is the
undisputed leader in annual vulnerability discoveries, and the
result is the creation of vulnerability filters that are delivered to
customers NGIPS platforms through the Digital Vaccine Service.
HP TippingPoint ThreatLinQ security portal: HP ThreatLinQ is a
service that allows our NGIPS customers to view the latest threats
across the globe from data that is collected from a global network
of Lighthouse Monitoring devices, as well as from data collected
from thousands of our customers NGIPS platforms. ThreatLinQ is
available to all our customers and provides valuable data that can
enable enterprises to more effectively hone their network security
policies to meet the demands of the latest threat trends.
Industrys fastest threat protection keeps ahead of threats:
Our HP TippingPoint Digital Vaccine Service ensures evergreen
(always up-to-date) protection against emerging threats. Digital
Vaccines are delivered to customers twice a week, or immediately
when critical vulnerabilities emerge, and they can be deployed
automatically with no IT interaction required. Digital vaccines are
created not only to address specific exploits, but also potential
attack permutations, protecting customers from zero-day threats.
Zero-Day Initiative (ZDI) delivers leading zero-day threat
protection: HP TippingPoint DVLabs manages the ZDI program,
which is designed to reward worldwide researchers for responsibly
disclosing vulnerabilities they discover. Whether from DVLabs
internal vulnerability research or the ZDI program, DVLabs passes
all vulnerability discoveries to affected software vendors and
creates NGIPS filters to protect customers from potential zero-day
attacks before vulnerabilities are disclosed to the public.

 Comprehensive NGIPS threat and vulnerability coverage for

outstanding protection: The combination of talent, research, and
security intelligence from the world-class HP TippingPoint DVLabs
research team; the over 1,200 researchers in the ZDI program; the
ThreatLinQ global threat monitoring from thousands of sites; and
from security community partners like the SANS Institute, CERT,
and the National Institute of Standards and Technology (NIST)all
combine to provide the broadest threat and vulnerability coverage
for the outstanding protection available today.
Full attack surface threat protection: The HP TippingPoint
NX Platform NGIPS provides the best vulnerability coverage in
the NGIPS industry,2 including protection of network devices,
virtualization software, operating systems, enterprise and
Web applications, and industrial control system networks.
From Microsoft operating systems to Supervisory Control And
Data Acquisition (SCADA) and VoIP filters, and many more, HP
TippingPoint solutions provide true network protection for todays
complex enterprise IT environments.
NGIPS automated, proactive protection reduces most manual
event follow-up: Automated policy enforcement virtually reduces
the need to respond to myriad alerts (some real and some false),
or to clean up after cyber attacks have compromised network
resources. IT security costs are reduced by removing ad hoc
patching and alert response, while simultaneously increasing
IT productivity and profitability through bandwidth savings and
protection of critical applications.

Reduce emergency patching and protect systems from

zero-day events: Our vulnerability filters virtually remove the
need for ad hoc and emergency patching. By protecting software
vulnerabilities, IT staff can implement software patches using a
regular, scheduled process instead of costly, disruptive emergency
patching. The HP TippingPoint NX Platform NGIPS blocks attacks
and allows IT staff to test security patches before deployment.
Improve control of end-user desktops: Most IT teams cannot
adequately control end-user desktops. In a recent report,
client-side applications were shown to be increasingly difficult
to keep patched due to the growing number of vulnerabilities.
The NGIPS platform improves IT control through vulnerability
protection for unpatched systems and network segmentation to
stop the spread of malicious traffic from infected users, all while
notifying the administrator about where attacks originate.
Improve network performance by recapturing misused bandwidth:
The HP TippingPoint NX Platform NGIPS bandwidth management
capabilities stop rogue applications like peer-to-peer and streaming
media from running rampant throughout the network. By continually
cleansing the network of malicious and unwanted traffic, network
performance is accelerated for mission-critical applications.
And rate-shaping rogue applications can increase bandwidth
availability, in some cases by 40-70 percent.3

Source: Analysis of the Global Public Vulnerability Research Market in CY 2011,

Frost & Sullivan, May 2011.

Source: HP lab studyAbout HP Enterprise Security

 Easy to install in just minutes, minimizing IT burdens: The

NGIPS Platform significantly reduces the amount of time and
resources needed to maintain a healthy network. The NGIPS and
security management system (SMS) can both be easily installed
in the network, typically in 30 minutes to two hours. The NGIPS is
designed for network transparency and is deployed seamlessly
into the network with no IP address or MAC address, so it can
immediately begin filtering out malicious and unwanted traffic.

Automated enforcement of security policies for compliance:

The HP TippingPoint NX Platform NGIPS can be a critical component
in any IT compliance program. It addresses many compliance
program objectives, including vulnerability management with the
Digital Vaccine Service and network monitoring objectives with the
security management system. In addition, the NGIPS may provide
a compensating control, where a requirement is not specifically
satisfied with other solutions or processes.

Easy-to-manage solutions reduce IT staff workload: The SMS

easily discovers, monitors, configures, diagnoses, and reports on
multiple NGIPS platforms. It features a simple, state-of-the-art
secure Java client interface that enables big picture analysis
with trending reports, correlation and real-time graphs on traffic
statistics, filtered attacks, network hosts and services, as well as
NGIPS inventory and health.

Robust security reporting provides audit details: Reports from

the NGIPS and SMS allow administrators to show internal and
external auditors how the network is protected from the latest
threats. In addition to meeting regulatory and internal compliance
requirements, organizations can have the best security
enforcement available for their networks.

Flexible local management options: Every NGIPS unit

also has an embedded local security manager (LSM) and
command-line interface (CLI). The LSM is a Web graphical
user interface (GUI) management application that provides
administration, configuration, and reporting capabilities in an
easy-to-use, secure Web interface.
Automated Digital Vaccine updates reduce ongoing
management time: Automated Digital Vaccine (DV) download
and distribution capabilities reduce the time required to manage
the NGIPS platform. The SMS allows for manual DV download and
distribution, or automated DV download and manual distribution.
Simple but powerful security policies: The HP TippingPoint
NX Platform NGIPS allows security administrators to manage
security policy with fine granularity. Administrators can set specific
network security policies by network segment, by VLAN, or by
Classless Inter-Domain Routing (CIDR). In addition, by utilizing the
NGIPS platforms reputation capabilities and the Reputation Digital
Vaccine, customers can now incorporate the use of IP addresses
and DNS names into their security policy management.

Key features
Award-winning proactive network security
Multiple security services to provide additional security context
Deep packet inspection with application and content awareness,
visibility and control
High efficiency, dual redundant load sharing power supplies
reduce power consumption and heat dissipation
Active and intelligent system-cooling design to minimize power
draw, reduce audible noise and maximize thermal performance
based on specific system needs.
Industry-leading security research teamHP TippingPoint DVLabs
NEBS and FIPS compatible.

Technical specifications

Specifications

S5200NX

S7100NX

Performance

Inspection throughput: 5 Gbps

Network throughput: 40 Gbps
Typical latency: <40 microseconds
Security contexts: 2,600,000
Connections per second: 300,000
Concurrent sessions: 30,000,000

Inspection throughput: 13 Gbps

Network throughput: 100 Gbps
Typical latency: <40 microseconds
Security contexts: 5,000,000
Connections per second: 450,000
Concurrent sessions: 60,000,000

Ports

Every NX chassis supports up to 4 NX I/O modules

There are 4 module types:
6 segments of 10/100/1000 Copper
6 segments of 1GbE SFP
4 segments of 10GbE SFP+
1 segment of 40GbE QSFP+
With the NX chassis populated with 4 of the SFP+ NX I/O modules, you
can achieve inspection of up to 16 segments of 10GbE, or a combination
of 1GbE, 10GbE, and 40GbE segments.

Every NX chassis supports up to 4 NX I/O modules

There are 4 module types:
6 segments of 10/100/1000 Copper
6 segments of 1GbE SFP
4 segments of 10GbE SFP+
1 segment of 40GbE QSFP+
With the NX chassis populated with 4 of the SFP+ NX I/O modules, you
can achieve inspection of up to 16 segments of 10GbE, or a combination
of 1GbE, 10GbE, and 40GbE segments.

Physical characteristics

Dimensions: 21.75(d) x16.8(w) x 3.5(h) in. (55.25 x 42.78 x 8.89 cm)

Weight: 42 lb. (19.1 kg)
Rack Units: 2
Includes mounting hardware for 2-Post Front, 2-post Mid, and 4-post
quick release slides rail mounting.

Dimensions: 21.75(d) x16.8(w) x 3.5(h) in. (55.25 x 42.78 x 8.89 cm)

Weight: 42 lb. (19.1 kg)
Rack Units: 2
Includes mounting hardware for 2-Post Front, 2-post Mid, and 4-post
quick release slides rail mounting.

Environment

Operating temperature: 32F to 104F (0C to 40C)

Operating relative humidity: 5% to 95% non-condensing
Non-operating/storage temperature: -4F to 158F (-20C to 70C)
Non-operating/storage relative humidity: 5% to 95% non-condensing
Altitude: Up to 10,000 feet (3,048m)

Operating temperature: 32F to 104F (0C to 40C)

Operating relative humidity: 5% to 95% non-condensing
Non-operating/storage temperature: -4F to 158F (-20C to 70C)
Non-operating/Storage relative humidity: 5% to 95% non-condensing
Altitude: Up to 10,000 feet (3,048m)

Safety

UL 60950-1; IEC 60950-1; EN 60950-1; CSA 22.2 60950-1; EN/IEC

60825-1; ROHS Compliance

UL 60950-1; IEC 60950-1; EN 60950-1; CSA 22.2 60950-1; EN/IEC

60825-1; ROHS Compliance

Emissions

FCC Class A; VCCI Class A; EN 55022 Class A; CISPR 22 Class A; CNS 13438
Class A

FCC Class A; VCCI Class A; EN 55022 Class A; CISPR 22 Class A; CNS 13438
Class A

Immunity

ESD EN 61000-4-2
Radiated EN 61000-4-3
EFT/Burst EN 61000-4-4
Surge EN 61000-4-5
Conducted EN 61000-4-6
Voltage dips and interruptions EN 61000-4-11
Harmonics EN 61000-3-2
Flicker EN 61000-3-3

ESD EN 61000-4-2
Radiated EN 61000-4-3
EFT/Burst EN 61000-4-4
Surge EN 61000-4-5
Conducted EN 61000-4-6
Voltage dips and interruptions EN 61000-4-11
Harmonics EN 61000-3-2
Flicker EN 61000-3-3

Electrical characteristics
(AC)

Voltage: 100/240 VAC

Current (Max. Fused Power): 12/6 A
Frequency: 50-60
Power consumption: 750 W (2559 BTU/hour)

Voltage: 100/240 VAC

Current (Max. Fused Power): 12/6 A
Frequency: 50-60
Power consumption: 750 W (2559 BTU/hour)

Electrical characteristics
(DC)

Voltage: -40/-60 VDC

Current (Max. Fused Power): 24/16 A
Power consumption: 812 W (2767 BTU/hour)

Voltage: -40/-60 VDC

Current (Max. Fused Power): 24/16 A
Power consumption: 812 W (2767 BTU/hour)

Management

One 10/100/1000 RJ-45 port

Manageable via Security Management Server (SMS),
command-line interface, Web browser,
HP TippingPoint IPS Management Information Base (MIB)

One 10/100/1000 RJ-45 port

Manageable via Security Management Server (SMS),
command-line interface, Web browser,
HP TippingPoint IPS MIB

Ordering Information:
NX IPS Models
JC644A
JC824A

S7100NX. Includes 2 AC power supplies (JC826A) and quick release slide rail kit (JC017A)
S5200NX. Includes 2 AC power supplies (JC826A) and quick release slide rail kit (JC017A)

NX I/O Modules
JC768A
JC769A
JC770A
JC771A

6-segment Gig-T Copper NX Module

6-segment 1GbE SFP Fiber NX Module
4-segment 10GbE SFP+ Fiber NX Module
1-segment 40GbE QSFP+ Fiber NX Module

Supported Transceivers
JC012A
JC013A
JC009A
JC859A
JC860A
JC858A

1G SFP LC LX Transceiver Bundle (2 pieces)

1G SFP LC SX Transceiver Bundle (2 pieces)
1G SFP RJ45 T Copper Transceiver
10G SFP+ LC SR Transceiver
10G SFP+ LC LR Transceiver
40G QSFP+ SR4 850nm Transceiver

Power Supplies and Accessories

JC825A
JC826A
JC827A
JC828A

NX IPS Fan Module

NX IPS 750W AC Power Supply
NX IPS 750W DC Power Supply
NX IPS CFast Card

About HP Enterprise Security

HP is a leading provider of security and compliance solutions for
the modern enterprise that wants to mitigate risk in their hybrid
environment and defend against advanced threats. Based on market
leading products from HP ArcSight, HP Fortify, and HP TippingPoint,
the HP Security Intelligence Platform uniquely delivers the advanced
correlation, application protection, and network defenses to protect
todays hybrid IT infrastructure from sophisticated cyber threats.

HP Services
HP ESP Global Services take a holistic approach to building and operating cyber
security and response solutions and capabilities that support the cyber threat
management and regulatory compliance needs of the worlds largest enterprises.
We use a combination of operational expertiseyours and oursand proven
methodologies to deliver fast, effective results and demonstrate ROI. Our proven,
use-case driven solutions combine market leading technology together with
sustainable business and technical process executed by trained and organized people.
Learn more about HP ESP Global Services at hpenterprisesecurity.com.

Learn more about HP Enterprise Security at: hpenterprisesecurity.com

For more information

To explore more about how to achieve a new level of in-line,
real-time protections, providing proactive network security with
the HP TippingPoint NX-Platform next-generation architecture,
please visit, http://www.hpenterprisesecurity.com/products/hptippingpoint-network-security.

Get connected
hp.com/go/getconnected
Current HP driver, support, and security alerts
delivered directly to your desktop
Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and
services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial
errors or omissions contained herein.
Microsoft is a U.S. registered trademark of Microsoft Corporation. Java is a registered trademark of Oracle and/or its affiliates.
4AA4-1063ENW, Created May 2012; Updated August 2012, Rev. 1