TippingPoint Technologies Inc. on Monday announced its first product, a system that not only detects intrusions, but blocks traffic that it deems to be malicious. In that sense, the company says its UnityOne offers "intrusion prevention."

UnityOne is based on custom-developed hardware, enabling it to operate at up to 2G bit/sec, much faster than a typical Pentium-based intrusion detection system, says John McHale, chairman and CEO of TippingPoint, based in Austin, Texas.

It sits in-line on a network, monitoring all traffic, looking for denial-of-service attacks, protocol and other anomalies as well as intrusion signatures.

When UnityOne detects traffic that has been previously defined as malicious, it drops those packets, thus preventing the attack. Traffic deemed to be "suspicious" would generate an alert to an administrator, who can decide whether to block that traffic type in the future.

While many users are wary of enabling a security device to block traffic, out of fear it will drop legitimate packets, McHale says UnityOne's attack filters can reliably recognize and prevent 2,000 different attacks. Many of them are well-known attacks that any customer would want to block.

"If you ask customers whether they want to block Code Red, everybody says yes, so we just put it in there," he says.

UnityOne also learns about the applications and systems in use on a network, so it can tell when a potential attack is benign, such as Code Red attacking a printer. In that case it will not generate an alert, thus reducing the number of false positives as compared with a typical IDS.

Using a vulnerability feed supplied by Security Focus, TippingPoint monitors some 10,000 IDS sensors worldwide around the clock, looking for new vulnerabilities. When it finds one, the company gets a new signature and/or anomaly algorithm out to customers within 12 hours, McHale says.

With its intrusion prevention approach, TippingPoint will compete with companies including IntruVert Networks, which recently introduced a similar hardware-based product.

IntruVert also on Monday announced an alliance with Check Point and OKENA, which makes a host-based intrusion detection system, to integrate their respective products.

Another TippingPoint competitor is OneSecure, which was recently acquired by NetScreen Technologies. OneSecure has a software-based product that doesn't offer the same level of performance as TippingPoint or IntruVert, but that could soon change given that NetScreen makes high-speed security appliances.

TippingPoint also announced an alliance with Science Applications International Corp. (SAIC) for joint marketing, sales, installation and support of UnityOne. The company also said UnityOne will be integrated with the Symantec Security Management System (SSMS).

UnityOne comes in two versions. The 2M bit/sec UnityOne 2000 starts at $99,995 for a unit with a single sensor; it supports a maximum of 20 sensors. The UnityOne 600 operates at 600M bit/sec and starts at $69,995.