When firewalls and intrusion detection just aren't enough

Top Layer touts intrusion prevention appliances

Firewalls alone are not enough to thwart today's more sophisticated range of attacks, while Intrusion Detection Systems detect and record attacks, but do not block them. AV products, properly updated, can help protect against malicious code but are necessarily limited in their scope.

So enterprises and telecoms operators face a security gap which vendors are trying to plug with a fresh breed of security appliances, dubbed Intrusion Prevention Systems (IPS).

Into this arena comes Top Layer Networks, which is extending its line of appliances that guard against Denial of Service attacks to provide in-line protection against a wider range of Internet attacks. Top Layer's high speed ASIC-based appliances have impressed in tests on their effectiveness against DoS attacks so its entry into what is becoming a crowded marketplace is nonetheless significant.

Top Layer's Attack Mitigator IPS is designed to block intrusions and attacks that firewalls miss and that IDSes merely detect, reducing the risks associated with more sophisticated Internet attacks. The Attack Mitigator IPS suite of products allows good traffic to pass through while actively blocking malicious traffic such as hybrid attacks, HTTP worms, SYN floods, protocol and traffic anomalies, DoS, DDoS, and other attacks. It also blocks outbound attacks from any compromised machines within an internal network.

One of the main problems relating to IDS systems has been false positives, which Top Layer attributes to poor signatures.

Michael D Paquette (are you serious? - Ed), VP of Marketing and Product Development for Top Layer, said many attacks are well defined so companies can implement automatic detection and blocking for these kinds of attacks using Top Layer's Attack Mitigator IPS.

The Attack Mitigator IPS, which would normally sit behind corporate firewalls, does need to be tuned to customer's individual environments in order to make sure legitimate traffic is not blocked, Top Layer admits. So deployment of the product range is very much a consultancy sale.

Top Layer positions Attack Mitigator IPS as a complimentary product to firewalls and AV protection. One thing it doesn't do, for example, is scan email messages for all types of malicious code.

Attack Mitigator IPS will be offered as an additional device to users already deploying IDS systems but as an alternative to firms wanting to boost their security that don't already have IDS systems in place.

One of Top Layer's main lines of business is providing load balancing products for IDS software products, so with this week's general availability of Attack Mitigator IPS the company is going into copetition with its long-term partners.

Top Layer's Paquette was sanguine about this point saying that such co-operation/competition arrangements already exist in the industry. He says sites without IDS systems should prefer Intrusion Prevention Systems because the latter has failed to live up to its promise, and devices like Attack Mitigator IPS offer a more tangible early return on investment.

The Attack Mitigator IPS suite of products come in four flavours suited to different network configurations: Attack Mitigator IPS 100, for a departmental appliance suited to 100Mbps networks; Attack Mitigator IPS 1000, for 1Gbps networks; Attack Mitigator IPS 2400, a 2-Gbps product with redundant configuration and Attack Mitigator IPS 2800, a 2Gbps appliance with an active high availability configuration.

US list price for the Attack Mitigator IPS 100 starts at $15,000 going up to $250,000 for the IPS 2800. ®

Related Stories

Vendors sharpen tools to thwart DoS attacks
IDS users swamped with false alerts
Defending against SYN-flood DoS attacks

Sponsored: Driving business with continuous operational intelligence