RE: Experiences with Toplayer Attack Mitigator IPS

["Chan Kien Eng" <eng () essasia net>]

All in one solutions. The good part is you got everything in one box,
thus need not to manage or deploy so many boxes. That's the trend that I
foresee. Most of the security vendor now going for all in one. ISS, also
announce that they going to have this in their new proventia series -
IDS+FW+AV.

The bad part is, Peformance. The performance of ALL-IN-ONE solutions
will be lower than individual solutions, and how about the
scalabilities? 

Its actually depend on the environment. For Small to medium network,
all-in-one might be a good idea :)

One more thing, for all-in-one, you stuck with ONE vendor (this can be
pro or cons), you can have best of the breed..

There is another solution if you want a all-in-one box and running best
of the breeds software, you can look at Crossbeam
(www.crossbeamsystems.com). They have a multi-purpose platform which can
support best of breed Security software (Checkpoint, ISS, Dragon,
Trendmicro AV, Websense) all in ONE box PLUS a great performance.

Thanks...

> -----Original Message-----
> From: Alvin Wong [mailto:alvin.wong () b2b com my]
> Sent: Tuesday, October 21, 2003 4:23 PM
> To: Pat Stangler
> Cc: focus-ids () securityfocus com
> Subject: Re: Experiences with Toplayer Attack Mitigator IPS
>
> Hi Pat,
>
> Thanks for sharing your experiences, i can understand how it would be
> like in your situation. According to toplayer guys, toplayer is great
at
> dealing with DOS attacks. I'm still waiting for the report from the
> network intrusion uk guys who are coming out with the IPS shootout
> comparison soon. Hopefully, a clearer picture performance wise can be
> obtained and allow me to make a recommendation.
>
> Just attended a seminar today where fortinet introduced their
products,
> seems impressive but how's the comparison with other all-in-one
> products, as security vendors are so fond of touting nowadays?
>
> The thing i can't figure out is how can the enterprise justify
> purchasing an all in one solution on top of their existing network
> infrastructure which presumably is made up of parts and more of what
the
> integrated solution is offering?e.g. firewall...vpn..antivirus..
>
> Regards,
> Alvin
>
>
>
>
> On Tue, 2003-10-21 at 00:47, Pat Stangler wrote:
> > In-Reply-To: <1066388506.2643.130.camel@localhost.localdomain>
> >
> > > Hi,
> > >
> > > I am currently looking at toplayer's attack mitigator IPS and
looking
> > > for people who are currently utilising toplayer in their
organisations
> > > to share their experience. How do you rate the product so far? Any
> > > difficulties and whether it serves it's purpose/product
satisfaction?
> > > I've heard stories by the netscreen sales guys whereby toplayer
becomes
> > > just another switch in the organisation and not doing anything
much.
> > > Of course, i'm sceptical of all this talk which is why i'm hoping
for
> > > some 'real world' input from any guys out here who are deploying
it.
> > > Thanks in advance,
> > > Alvin
> >
> > Alvin,
> >
> > I truly can't say enough about both the Top Layer staff and the
products
> they develop!
> > Netscreen says it's just another switch? That's so far from the
truth
> it's pathetic!!
> > I own a small, but large hosting company serving over 3000 clients,
> domains, etc. Back in July, we were attacked by a "very" sophisticated
> DDoS attack from over 800 compromised servers/machines across the
globe,
> traffic exceeded 80-Mbps a second of traffic, locking up routers,
> firewalls, etc. We were down for 3 days while our backbone provider
worked
> diligently to stop these attacks by placing various filters on the
switch
> directly on the backbone just before our network interface, nothing
seemed
> to work, they'd block port 53 and the attack would grab another port
> instantly so it was impossible to block this thing with the current
> network infrastructure, layer 7 switches, firewalls, routers, etc.
> > After a day or so of trying anything and everything, we found the
Top
> Layer folks, made the call and started the process of obtaining an IPS
> device. This was approx 6pm CST on a Friday night ( 7pm EST, where the
Top
> Layer folks are located) Anyway, I was given one of the sales guys
cell
> number to make arrangements to obtain an IPS unit. We talked a couple
of
> times, and being in St. Louis/Chicago it was sort of difficult to get
a
> flight at such late notice to Logan in Boston, they offered to
overnight
> the device on Monday, but we couldn't go another 3 days of being down
> waiting for it, so I got the next flight to Boston on Saturday, Dave
from
> Top Layer agreed to meet me closer to the airport. I left St. Louis at
> 10:30am CST and was back on a plane to Chicago by 4pm or so, landed in
> Chicago and shot over to our NOC, I plugged the IPS unit in, set a few
> filters to mitigate various protocols and within 20 minutes our
network
> was up at 100%, while still getting hit with 80Mbps+
>  a
> >  second.
> >
> > I really can't say enough about the Top Layer IPS device. We get
> attacked on a daily basis for some reason and from dozens of sources
and
> we never see any network latency or deficiencies. You can set custom
> filters within the control panel to block all of the new
> exploits/vulnerabilities, etc as well.
> > If you need further info, let me know and I'll be glad to help out,
but
> as it stands now, I couldn't sleep at night without knowing the IPS
was
> securing our network.
> > Thanx!
> > Pat Stangler
> > Chicago Webs
------------------------------------------------------------------------
> ---
> > FREE Whitepaper: Better Management for Network Security
> >
> > Looking for a better way to manage your IP security?
> > Learn how Solsoft can help you:
> > - Ensure robust IP security through policy-based management
> > - Make firewall, VPN, and NAT rules interoperable across
heterogeneous
> > networks
> > - Quickly respond to network events from a central console
> >
> > Download our FREE whitepaper at:
> > http://www.securityfocus.com/sponsor/Solsoft_focus-ids_031015
------------------------------------------------------------------------
> ---
> >
------------------------------------------------------------------------
--
> -
> FREE Whitepaper: Better Management for Network Security
>
> Looking for a better way to manage your IP security?
> Learn how Solsoft can help you:
> - Ensure robust IP security through policy-based management
> - Make firewall, VPN, and NAT rules interoperable across heterogeneous
> networks
> - Quickly respond to network events from a central console
>
> Download our FREE whitepaper at:
> http://www.securityfocus.com/sponsor/Solsoft_focus-ids_031015
------------------------------------------------------------------------
--
> -


*****Confidentiality Notice***************** 
This message contains confidential
information and is intended only for the 
individual named.If you are not the named
addressee you should not disseminate, 
distribute or copy this e-mail.  Please 
notify the sender immediately by e-mail if 
you have received this e-mail by mistake and
delete this e-mail from your system.
********************************************



---------------------------------------------------------------------------
FREE Whitepaper: Better Management for Network Security

Looking for a better way to manage your IP security?
Learn how Solsoft can help you:
- Ensure robust IP security through policy-based management
- Make firewall, VPN, and NAT rules interoperable across heterogeneous
networks
- Quickly respond to network events from a central console

Download our FREE whitepaper at:
http://www.securityfocus.com/sponsor/Solsoft_focus-ids_031015 
---------------------------------------------------------------------------