Tippingpoint gets security nod

Tippingpoint Technologies Inc. recently earned a security stamp of approval that could make the company's intrusion prevention appliances more attractive to government agencies.

After completing rigorous testing last month, the company's UnityOne high-speed intrusion prevention systems became the first products in this category to earn the highly-regarded Common Criteria security certification, according to TippingPoint officials.

Intrusion prevention systems, an emerging class of security products, block cyberattacks in real-time rather than merely notifying information technology administrators about attacks and recommending actions to take.

Common Criteria certification is a worldwide, standardized testing and approval process for security products, recognized by 16 countries, including the United States. To achieve certification, UnityOne products went through security testing at an accredited lab and were validated by officials from the National Security Agency and Aerospace Corp., according to Gary Swenson, program manager at Tippingpoint.

The certification is "significant because [companies] can't sell [security products] to the U.S. government without Common Criteria designation," said Diann Carpenter, technical director for Common Criteria at Cable & Wireless' testing lab, which performed the UnityOne tests. Cable & Wireless is one of eight labs designated to perform testing in the United States.

The UnityOne systems received Evaluation Assurance Level Two (EAL2) certification. Officials said the company will work to achieve higher levels of certification such as EAL 4 in the future.

The company's UnityOne product line also became the first to obtain certification in all four Protection Profiles — analyzer, sensor, scanner and system — validated by the National Institute of Standards and Technology.

Other intrusion prevention vendors will also make moves to get the Common Criteria stamp of approval, said Eric Ogren, a senior analyst with The Yankee Group, an IT consulting firm. "Tippingpoint is leading the parade," he said.

But it is not an inexpensive process. Becoming certified cost the company a "six-figure" sum, said James Cahill, vice-president of homeland security solutions for Tippingpoint. However, Common Criteria "is a standard with teeth," he said. Companies have to make the investment if they want to undergo the variety of testing.