Intrusion Prevention: Top Layer's Attack Mitigator IPS 5500

Attack Mitigator IPS 5500

This article can also be found in the Premium Editorial Download: Information Security magazine: Spotlight on the incident response hot seat:

Attack Mitigator IPS 5500
Top Layer
Price: Starts at $25,000

 

Attack Mitigator IPS 5500

 

Enterprises that cast a skeptical eye at network IPSes a couple of years ago can no longer afford to ignore them. The sheer volume and complexity of traffic, the exposure to frequent attacks and the maturing of the IPS market are driving businesses to deploy automated response tools at the perimeter and in front of key subnets and mission-critical assets.

With Attack Mitigator IPS 5500, Top Layer has established itself as a major IPS player. It detects and blocks malicious traffic through predefined and user-configurable rules, which are applied to a series of security subsystems without blocking legitimate traffic.

False positives, the bane of IDSes, can be absolute show-stoppers for IPSes. The latest upgrade to Attack Mitigator addresses false positives by throttling down anomalous traffic instead of throwing it off the wire.

Attack Mitigator does this in two ways: It tracks the number of concurrent connections from host to host on the network and measures the number of connection requests from a client in one-minute intervals. If the number of concurrent connections or client requests exceeds user-defined thresholds, Attack Mitigator will either throttle down traffic or sever the connection, depending on policy.

Attack Mitigator protects networks by applying rules that define malicious activity against a series of subsystems--firewall, protocol checks, SYN flood mitigation, IP/ARP and layer-2 packet-checking, and the two rate-limiting sub- systems.

We configured Attack Mitigator to monitor traffic and report on anomalies in our lab--a T1 Internet connection to clustered firewalls.

We detected several types of anomalous traffic and received a tidy report detailing suspect and malicious traffic; invalid IP addresses and malformed packets topped the list of anomalies in our lab.

We were impressed by the detail with which Attack Mitigator reported anomalous traffic. The appliance categorized event types into groups, including top attackers, blocked packet details and security event summaries. We needed only to review the report and apply an associated policy to the appropriate subsystem to stop malicious traffic.

Although the management console is complex, it's also deep and flexible, with extensive, well-organized configuration options on aspects ranging from admin access and report settings to IPS filter configurations. The configuration options are organized into categories, such as reports and statistics, LAN port settings and maintenance, and IPS configuration; each tab contains a corresponding configuration capabilities.

With connection-rate limitation, innovative detection technology, flexible configuration and robust management, Attack Mitigator IPS 5500 is a practical IPS for a variety of environments.

--Ryan Guzal

This was first published in March 2005

Dig deeper on Network Intrusion Prevention (IPS)

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close