-----Original Message-----
From: Bourque Daniel [mailto:Daniel.Bourque () loto-quebec com]
Sent: 22 October 2003 04:19
To: 'Alvin Wong'; Pat Stangler
Cc: focus-ids () securityfocus com
Subject: RE : Experiences with Toplayer Attack Mitigator IPS
What you are saying is how can I justify to my boss to
install a new security device after investing in 1 FW, IDS,
failover FW, second layer of fw, antivirus, second level of
antivus, third level of antivirus, anti-spam software, 24x7
monitoring, second e-mail server, encryption, vpn server, ...
It's easy, you scare him...
:o)
Btw, when the report is available, please post a note here...
-----Message d'origine-----
De : Alvin Wong [mailto:alvin.wong () b2b com my]
Envoyé : 21 octobre, 2003 04:23
À : Pat Stangler
Cc : focus-ids () securityfocus com
Objet : Re: Experiences with Toplayer Attack Mitigator IPS
Hi Pat,
Thanks for sharing your experiences, i can understand how it
would be like in your situation. According to toplayer guys,
toplayer is great at dealing with DOS attacks. I'm still
waiting for the report from the network intrusion uk guys
who are coming out with the IPS shootout comparison soon.
Hopefully, a clearer picture performance wise can be
obtained and allow me to make a recommendation.
Just attended a seminar today where fortinet introduced
their products, seems impressive but how's the comparison
with other all-in-one products, as security vendors are so
fond of touting nowadays?
The thing i can't figure out is how can the enterprise
justify purchasing an all in one solution on top of their
existing network infrastructure which presumably is made up
of parts and more of what the integrated solution is
offering?e.g. firewall...vpn..antivirus..
Regards,
Alvin
On Tue, 2003-10-21 at 00:47, Pat Stangler wrote:
In-Reply-To: <1066388506.2643.130.camel () localhost localdomain>
Hi,
I am currently looking at toplayer's attack mitigator IPS
and looking
for people who are currently utilising toplayer in their
organisations to share their experience. How do you rate
the product
so far? Any difficulties and whether it serves it's
purpose/product
satisfaction? I've heard stories by the netscreen sales
guys whereby
toplayer becomes just another switch in the organisation and not
doing anything much. Of course, i'm sceptical of all this
talk which
is why i'm hoping for some 'real world' input from any
guys out here
who are deploying it.
Thanks in advance,
Alvin
Alvin,
I truly can't say enough about both the Top Layer staff and the
products they develop!
Netscreen says it's just another switch? That's so far
from the truth
it's pathetic!!
I own a small, but large hosting company serving over 3000 clients,
domains, etc. Back in July, we were attacked by a "very"
sophisticated
DDoS attack from over 800 compromised servers/machines
across the globe, traffic exceeded 80-Mbps a second of
traffic, locking up routers, firewalls, etc. We were down
for 3 days while our backbone provider worked diligently to
stop these attacks by placing various filters on the switch
directly on the backbone just before our network interface,
nothing seemed to work, they'd block port 53 and the attack
would grab another port instantly so it was impossible to
block this thing with the current network infrastructure,
layer 7 switches, firewalls, routers, etc.
After a day or so of trying anything and everything, we
found the Top
Layer folks, made the call and started the process of
obtaining an IPS
device. This was approx 6pm CST on a Friday night ( 7pm EST,
where the Top Layer folks are located) Anyway, I was given
one of the sales guys cell number to make arrangements to
obtain an IPS unit. We talked a couple of times, and being
in St. Louis/Chicago it was sort of difficult to get a
flight at such late notice to Logan in Boston, they offered
to overnight the device on Monday, but we couldn't go
another 3 days of being down waiting for it, so I got the
next flight to Boston on Saturday, Dave from Top Layer
agreed to meet me closer to the airport. I left St. Louis at
10:30am CST and was back on a plane to Chicago by 4pm or so,
landed in Chicago and shot over to our NOC, I plugged the
IPS unit in, set a few filters to mitigate various protocols
and within 20 minutes our network was up at 100%, while
still getting hit with 80Mbps+ a
second.
I really can't say enough about the Top Layer IPS device. We get
attacked on a daily basis for some reason and from dozens
of sources
and we never see any network latency or deficiencies. You can set
custom filters within the control panel to block all of the new
exploits/vulnerabilities, etc as well.
If you need further info, let me know and I'll be glad to help out,
but as it stands now, I couldn't sleep at night without
knowing the
IPS was securing our network.
Thanx!
Pat Stangler
Chicago Webs
-------------------------------------------------------------
---------
-----
FREE Whitepaper: Better Management for Network Security
Looking for a better way to manage your IP security?
Learn how Solsoft can help you:
- Ensure robust IP security through policy-based management
- Make firewall, VPN, and NAT rules interoperable across
heterogeneous
networks
- Quickly respond to network events from a central console
Download our FREE whitepaper at:
http://www.securityfocus.com/sponsor/Solsoft_focus-ids_031015
-------------------------------------------------------------
---------
-----
-------------------------------------------------------------
--------------
FREE Whitepaper: Better Management for Network Security
Looking for a better way to manage your IP security?
Learn how Solsoft can help you:
- Ensure robust IP security through policy-based management
- Make firewall, VPN, and NAT rules interoperable across
heterogeneous
networks
- Quickly respond to network events from a central console
Download our FREE whitepaper at:
http://www.securityfocus.com/sponsor/Solsoft_focus-ids_031015
-------------------------------------------------------------
--------------
-------------------------------------------------------------
--------------
FREE Whitepaper: Better Management for Network Security
Looking for a better way to manage your IP security?
Learn how Solsoft can help you:
- Ensure robust IP security through policy-based management
- Make firewall, VPN, and NAT rules interoperable across
heterogeneous
networks
- Quickly respond to network events from a central console
Download our FREE whitepaper at:
http://www.securityfocus.com/sponsor/Solsoft_focus-ids_031015
-------------------------------------------------------------
--------------
Intro
