This article can also be found in the Premium Editorial Download "Information Security magazine: Spotlight on the incident response hot seat."
Download it now to read this article plus other related content.
Attack Mitigator IPS 5500
Price: Starts at $25,000
|Attack Mitigator IPS 5500|
Enterprises that cast a skeptical eye at network IPSes a couple of years ago can no longer afford to ignore them. The sheer volume and complexity of traffic, the exposure to frequent attacks and the maturing of the IPS market are driving businesses to deploy automated response tools at the perimeter and in front of key subnets and mission-critical assets.
With Attack Mitigator IPS 5500, Top Layer has established itself as a major IPS player. It detects and blocks malicious traffic through predefined and user-configurable rules, which are applied to a series of security subsystems without blocking legitimate traffic.
False positives, the bane of IDSes, can be absolute show-stoppers for IPSes. The latest upgrade to Attack Mitigator addresses false positives by throttling down anomalous traffic instead of throwing it off the wire.
Attack Mitigator does this in two ways: It tracks the number of concurrent connections from host to host on the network and measures the number of connection requests from a client in one-minute intervals. If the number of concurrent connections or client requests exceeds user-defined thresholds, Attack Mitigator will either throttle down traffic or sever the connection, depending on policy.
Attack Mitigator protects networks by applying rules that define malicious activity against a series of subsystems--firewall, protocol checks, SYN flood mitigation, IP/ARP and layer-2 packet-checking, and the two rate-limiting sub- systems.
We configured Attack Mitigator to monitor traffic and report on anomalies in our lab--a T1 Internet connection to clustered firewalls.
We detected several types of anomalous traffic and received a tidy report detailing suspect and malicious traffic; invalid IP addresses and malformed packets topped the list of anomalies in our lab.
This was first published in March 2005