High speed intrustion protection vendor TippingPoint is bringing its product to Europe. The UnityOne system will be sold by Citadel Group, and TippingPoint will open offices in Amsterdam in the next month.

UnityOne is a hardware appliance which filters incoming traffic looking for attack patterns. TippingPoint (whose name, readers will be pleased to know, is based on a term from chaos theory mathematics, not rubbish disposal) says its products can keep users safe even when they have not been able to apply a patch to all their systems, because the filter acts as a “virtual patch”.

The product is available in versions which support 200Mbit/s to 2Gbit/s links into a company, costing form $24,000 to $100,000. Patterns based on reported vulnerabilities are distributed as a so-called “digital vaccine” by Tipping Point, in many cases created when the vulnerability is published, in advance of the exploit.

“There is a high demand for network-based intrusion prevention in the UK,” said Julian Curtis, managing director at Citadel Group, “and we are looking forward to working with TippingPoint Technologies to offer a deeper level of protection against cyber threats."

“The hacker community is maturing and the time from the publication of a vulernability to the exploit is reducing,” said Marc Willebeek-LeMair, CTO of TippingPoint. “The only thing we haven’t seen yet, is a really destructive payload. If Blaster erased disks, it would be far worse than what we have seen so far.”

The device includes several ASICs operating in parallel, which classify packets and observe the application context in which they operate. As well as attacks, it can also spot misuse of network resources by activities like P2P file sharing and the box has been sold to several sites simply to free up bandwidth, according to Willebeek-LeMair: “Organisations cannot justify their infrastructure in terms of supplying the rest of the world with music. In one university, there was a 43 percent increase in bandwidth when they blocked P2P traffic.”

Other customers include Microsoft, which uses a box to protect their network from visiting servers under test and the Los Alamos laboratories, which was protected from Blaster by the boxes. “At the height of the Sobig.F outbreak, we were receiving more than 100,000 infected messages per hour,” said John Oberlin, vice chancellor for IT at the University of North Carolina. Putting their UnityOne boxes in front of the email servers brought them back to life.

“Sometimes our virtual patch covers more than the actual Microsoft patch,” said Willebeek-LeMair. “When we write our filters, we explore all the ways the vulnerability can be exploited.” Not only does this cover versions of the exploit that haven’t been written yet but also some angles that Microsoft misses.

The product was launched in February in the US, following a chassis-based version which was launched in September 2002.