RE: Experiences with Toplayer Attack Mitigator IPS

From: Fergus Brooks (fergusb_at_evolve-online.com)
Date: 10/22/03

  • Next message: Bob Walder: "RE: RE : Experiences with Toplayer Attack Mitigator IPS"
    To: "'Alvin Wong'" <alvin.wong@b2b.com.my>, "'Pat Stangler'" <pat.private@chicagowebs.com>
    Date: Wed, 22 Oct 2003 14:30:43 +0800
    
    

    In order to get their equipment into clients who may already have other
    point products they drop their price and *sell you* a firewall or
    IDS/IPS or AV gateway while *giving you* an all-in-one.

    Two vendors who are doing that at the moment in Asia are Symantec and
    Fortinet. And nothing wrong with it I say. Especially if they are price
    competitive, which they are. It also gives the clients the option of
    using these boxes to dual-skin areas where they are already covered.

    If a client was already using ISS network sensors and the bought a
    Fortigate as an AV gateway then they could use the Fortinet as a backup
    or perimeter NIDS/NIPS.

    If you look at the recommendations of monatary authorities and that sort
    of thing there is always a mention of dual-skinning as a way to enhance
    security.

    The downside is more systems to manage and maintain.

    Rgds...

    -----Original Message-----
    From: Alvin Wong [mailto:alvin.wong@b2b.com.my]
    Sent: Tuesday, 21 October 2003 4:23 PM
    To: Pat Stangler
    Cc: focus-ids@securityfocus.com
    Subject: Re: Experiences with Toplayer Attack Mitigator IPS

    Hi Pat,

    Thanks for sharing your experiences, i can understand how it would be
    like in your situation. According to toplayer guys, toplayer is great at
    dealing with DOS attacks. I'm still waiting for the report from the
    network intrusion uk guys who are coming out with the IPS shootout
    comparison soon. Hopefully, a clearer picture performance wise can be
    obtained and allow me to make a recommendation.

    Just attended a seminar today where fortinet introduced their products,
    seems impressive but how's the comparison with other all-in-one
    products, as security vendors are so fond of touting nowadays?

    The thing i can't figure out is how can the enterprise justify
    purchasing an all in one solution on top of their existing network
    infrastructure which presumably is made up of parts and more of what the
    integrated solution is offering?e.g. firewall...vpn..antivirus..

    Regards,
    Alvin

    On Tue, 2003-10-21 at 00:47, Pat Stangler wrote:
    > In-Reply-To: <1066388506.2643.130.camel@localhost.localdomain>
    >
    > >Hi,
    > >
    > >I am currently looking at toplayer's attack mitigator IPS and looking

    > >for people who are currently utilising toplayer in their
    > >organisations to share their experience. How do you rate the product
    > >so far? Any difficulties and whether it serves it's purpose/product
    > >satisfaction? I've heard stories by the netscreen sales guys whereby
    > >toplayer becomes just another switch in the organisation and not
    > >doing anything much. Of course, i'm sceptical of all this talk which
    > >is why i'm hoping for some 'real world' input from any guys out here
    > >who are deploying it.
    > >
    > >Thanks in advance,
    > >Alvin
    > >
    >
    > Alvin,
    >
    > I truly can't say enough about both the Top Layer staff and the
    > products they develop!
    >
    > Netscreen says it's just another switch? That's so far from the truth
    > it's pathetic!!
    >
    > I own a small, but large hosting company serving over 3000 clients,
    > domains, etc. Back in July, we were attacked by a "very" sophisticated
    DDoS attack from over 800 compromised servers/machines across the globe,
    traffic exceeded 80-Mbps a second of traffic, locking up routers,
    firewalls, etc. We were down for 3 days while our backbone provider
    worked diligently to stop these attacks by placing various filters on
    the switch directly on the backbone just before our network interface,
    nothing seemed to work, they'd block port 53 and the attack would grab
    another port instantly so it was impossible to block this thing with the
    current network infrastructure, layer 7 switches, firewalls, routers,
    etc.
    >
    > After a day or so of trying anything and everything, we found the Top
    > Layer folks, made the call and started the process of obtaining an IPS
    device. This was approx 6pm CST on a Friday night ( 7pm EST, where the
    Top Layer folks are located) Anyway, I was given one of the sales guys
    cell number to make arrangements to obtain an IPS unit. We talked a
    couple of times, and being in St. Louis/Chicago it was sort of difficult
    to get a flight at such late notice to Logan in Boston, they offered to
    overnight the device on Monday, but we couldn't go another 3 days of
    being down waiting for it, so I got the next flight to Boston on
    Saturday, Dave from Top Layer agreed to meet me closer to the airport. I
    left St. Louis at 10:30am CST and was back on a plane to Chicago by 4pm
    or so, landed in Chicago and shot over to our NOC, I plugged the IPS
    unit in, set a few filters to mitigate various protocols and within 20
    minutes our network was up at 100%, while still getting hit with 80Mbps+
     a
    > second.
    >
    > I really can't say enough about the Top Layer IPS device. We get
    > attacked on a daily basis for some reason and from dozens of sources
    > and we never see any network latency or deficiencies. You can set
    > custom filters within the control panel to block all of the new
    > exploits/vulnerabilities, etc as well.
    >
    > If you need further info, let me know and I'll be glad to help out,
    > but as it stands now, I couldn't sleep at night without knowing the
    > IPS was securing our network.
    >
    > Thanx!
    > Pat Stangler
    > Chicago Webs
    >
    > ----------------------------------------------------------------------
    > -----
    > FREE Whitepaper: Better Management for Network Security
    >
    > Looking for a better way to manage your IP security?
    > Learn how Solsoft can help you:
    > - Ensure robust IP security through policy-based management
    > - Make firewall, VPN, and NAT rules interoperable across heterogeneous

    > networks
    > - Quickly respond to network events from a central console
    >
    > Download our FREE whitepaper at:
    > http://www.securityfocus.com/sponsor/Solsoft_focus-ids_031015
    > ----------------------------------------------------------------------
    > -----
    >

    ------------------------------------------------------------------------

    ---
    FREE Whitepaper: Better Management for Network Security
    Looking for a better way to manage your IP security?
    Learn how Solsoft can help you:
    - Ensure robust IP security through policy-based management
    - Make firewall, VPN, and NAT rules interoperable across heterogeneous
    networks
    - Quickly respond to network events from a central console
    Download our FREE whitepaper at:
    http://www.securityfocus.com/sponsor/Solsoft_focus-ids_031015 
    ------------------------------------------------------------------------
    ---
    --
    This message has been scanned by AVMail
    ---------------------------------------------------------------------------
    FREE Whitepaper: Better Management for Network Security
    Looking for a better way to manage your IP security?
    Learn how Solsoft can help you:
    - Ensure robust IP security through policy-based management
    - Make firewall, VPN, and NAT rules interoperable across heterogeneous
    networks
    - Quickly respond to network events from a central console
    Download our FREE whitepaper at:
    http://www.securityfocus.com/sponsor/Solsoft_focus-ids_031015 
    ---------------------------------------------------------------------------
    

  • Next message: Bob Walder: "RE: RE : Experiences with Toplayer Attack Mitigator IPS"

    Relevant Pages

    • << SBS News of the week - Sept 26 >>
      ... And he points to the info you need to put the file on the server in the ... at the network perimeter. ... The Symantec Firewall/VPN and the Gateway Security ... by the firewall at risk. ...
      (microsoft.public.backoffice.smallbiz)
    • << SBS News of the week - Sept 26 >>
      ... And he points to the info you need to put the file on the server in the ... at the network perimeter. ... The Symantec Firewall/VPN and the Gateway Security ... by the firewall at risk. ...
      (microsoft.public.backoffice.smallbiz2000)
    • << SBS News of the week - Sept 26 >>
      ... And he points to the info you need to put the file on the server in the ... at the network perimeter. ... The Symantec Firewall/VPN and the Gateway Security ... by the firewall at risk. ...
      (microsoft.public.windows.server.sbs)
    • Re: IDS vs. IPS deployment feedback
      ... an enterprise network and its security? ... I manage information security for an organization of 3500 employees;-). ... You have to size your IPS accordingly. ... enterprise networks are complex and have limited resources to handle ...
      (Focus-IDS)
    • Re: Analysing and configuring IPS/IDS Policies
      ... If you have no faith in the firewall or you are concerned about more ... Remove the IPS from the network. ... policies and logs on those devices. ...
      (Focus-IDS)