Published: 30 Mar 2005
Attack Mitigator IPS 5500
Price: Starts at $25,000
|Attack Mitigator IPS 5500|
Enterprises that cast a skeptical eye at network IPSes a couple of years ago can no longer afford to ignore them. The sheer volume and complexity of traffic, the exposure to frequent attacks and the maturing of the IPS market are driving businesses to deploy automated response tools at the perimeter and in front of key subnets and mission-critical assets.
With Attack Mitigator IPS 5500, Top Layer has established itself as a major IPS player. It detects and blocks malicious traffic through predefined and user-configurable rules, which are applied to a series of security subsystems without blocking legitimate traffic.
False positives, the bane of IDSes, can be absolute show-stoppers for IPSes. The latest upgrade to Attack Mitigator addresses false positives by throttling down anomalous traffic instead of throwing it off the wire.
Attack Mitigator does this in two ways: It tracks the number of concurrent connections from host to host on the network and measures the number of connection requests from a client in one-minute intervals. If the number of concurrent connections or client requests exceeds user-defined thresholds, Attack Mitigator will either throttle down traffic or sever the connection, depending on policy.
Attack Mitigator protects networks by applying rules that define malicious activity against a series of subsystems--firewall, protocol checks, SYN flood mitigation, IP/ARP and layer-2 packet-checking, and the two rate-limiting sub- systems.
We configured Attack Mitigator to monitor traffic and report on anomalies in our lab--a T1 Internet connection to clustered firewalls.
We detected several types of anomalous traffic and received a tidy report detailing suspect and malicious traffic; invalid IP addresses and malformed packets topped the list of anomalies in our lab.
- Robust detection engine
- Reduces false positives
- Flexible management console
- Complex tool
We were impressed by the detail with which Attack Mitigator reported anomalous traffic. The appliance categorized event types into groups, including top attackers, blocked packet details and security event summaries. We needed only to review the report and apply an associated policy to the appropriate subsystem to stop malicious traffic.
Although the management console is complex, it's also deep and flexible, with extensive, well-organized configuration options on aspects ranging from admin access and report settings to IPS filter configurations. The configuration options are organized into categories, such as reports and statistics, LAN port settings and maintenance, and IPS configuration; each tab contains a corresponding configuration capabilities.
With connection-rate limitation, innovative detection technology, flexible configuration and robust management, Attack Mitigator IPS 5500 is a practical IPS for a variety of environments.