Apr 22 2014

Product Review: HP TippingPoint S1050F

This next-generation firewall can easily replace a stand-alone intrusion prevention system.

The HP TippingPoint S1050F Next-Generation Firewall combines integrated deep-packet inspection, intrusion detection, application identification and granular control over network resources. A few years ago, these tasks would have required several devices, but today, single units are stepping up to handle end-to-end security for organizations of all sizes.

The S1050F’s filters act as front-line weapons, blocking known attacks by the ports from which they enter and also by the way they behave. Thanks to an intuitive interface, it took less than five minutes to activate filters on the firewall using our test network. And because the firewall regularly receives updates from Tipping Point, the latest hacking trends are always loaded up as part of the profile of activities to be automatically blocked. Tipping Point currently provides more than 8,000 filters in the S1050F, with more being added each week.

Beyond filtering, the S1050F can scan packets and network activity to look for suspicious behavior that might not specifically be blocked. Although an intrusion prevention system (IPS) consumes about half of the firewall’s computing cycles, most organizations will want to employ this function.

We reviewed the next-generation firewall using a device that could simulate hundreds of users on a test network. When used as a straight firewall, the S1050F could process 500 megabits per second without any slowdown. With the IPS features activated, the throughput dropped by half, but the S1050F still kept up a respectable pace for a 1U unit. It handled 245,000 concurrent sessions, with 9,800 new ones created every second before communications began to slow slightly.

Accuracy was also impressive. Most IPS firewalls score about 95 percent to 97 percent in accuracy tests, but the HP S1050F got significantly higher, finding 99.1 percent of the malicious data and packets pumped through the virtual test network. What’s more, there were no false positives recorded during a three-day network blast test, so users won't grow frustrated at having the firewall block on needed applications.

The HP TippingPoint S1050F Next-Generation Firewall can handle almost every threat to networks and data circulating today. And with constant updating and a smart intrusion detection engine, it should be able to keep the peace for years to come.

HP TippingPoint S1050F

Form Factor: Rack-mountable 1U
Dimensions: 17.7x1.7x16.8 inches
Weight: 15.3 pounds
Data Link Protocol: Ethernet, Fast Ethernet, Gigabit Ethernet
Throughput: 500Mbps firewall; 250Mbps firewall plus IPS
Concurrent Users: 250,000


Zero Trust–Ready?

Answer 3 questions on how your organization is implementing zero trust.