Re: Experiences with Toplayer Attack Mitigator IPS

[Pat Stangler <pat.private () chicagowebs com>]

In-Reply-To: <1066388506.2643.130.camel@localhost.localdomain>

> Hi,
>
> I am currently looking at toplayer's attack mitigator IPS and looking
> for people who are currently utilising toplayer in their organisations
> to share their experience. How do you rate the product so far? Any
> difficulties and whether it serves it's purpose/product satisfaction?
> I've heard stories by the netscreen sales guys whereby toplayer becomes
> just another switch in the organisation and not doing anything much.
> Of course, i'm sceptical of all this talk which is why i'm hoping for
> some 'real world' input from any guys out here who are deploying it.
>
> Thanks in advance,
> Alvin

Alvin,

I truly can't say enough about both the Top Layer staff and the products they develop!

Netscreen says it's just another switch? That's so far from the truth it's pathetic!! 

I own a small, but large hosting company serving over 3000 clients, domains, etc. Back in July, we were attacked by a 
"very" sophisticated DDoS attack from over 800 compromised servers/machines across the globe, traffic exceeded 80-Mbps 
a second of traffic, locking up routers, firewalls, etc. We were down for 3 days while our backbone provider worked 
diligently to stop these attacks by placing various filters on the switch directly on the backbone just before our 
network interface, nothing seemed to work, they'd block port 53 and the attack would grab another port instantly so it 
was impossible to block this thing with the current network infrastructure, layer 7 switches, firewalls, routers, etc. 

After a day or so of trying anything and everything, we found the Top Layer folks, made the call and started the 
process of obtaining an IPS device. This was approx 6pm CST on a Friday night ( 7pm EST, where the Top Layer folks are 
located) Anyway, I was given one of the sales guys cell number to make arrangements to obtain an IPS unit. We talked a 
couple of times, and being in St. Louis/Chicago it was sort of difficult to get a flight at such late notice to Logan 
in Boston, they offered to overnight the device on Monday, but we couldn't go another 3 days of being down waiting for 
it, so I got the next flight to Boston on Saturday, Dave from Top Layer agreed to meet me closer to the airport. I left 
St. Louis at 10:30am CST and was back on a plane to Chicago by 4pm or so, landed in Chicago and shot over to our NOC, I 
plugged the IPS unit in, set a few filters to mitigate various protocols and within 20 minutes our network was up at 
100%, while still getting hit with 80Mbps+ a 
 second. 

I really can't say enough about the Top Layer IPS device. We get attacked on a daily basis for some reason and from 
dozens of sources and we never see any network latency or deficiencies. You can set custom filters within the control 
panel to block all of the new exploits/vulnerabilities, etc as well.

If you need further info, let me know and I'll be glad to help out, but as it stands now, I couldn't sleep at night 
without knowing the IPS was securing our network.

Thanx!
Pat Stangler
Chicago Webs

---------------------------------------------------------------------------
FREE Whitepaper: Better Management for Network Security

Looking for a better way to manage your IP security?
Learn how Solsoft can help you:
- Ensure robust IP security through policy-based management
- Make firewall, VPN, and NAT rules interoperable across heterogeneous
networks
- Quickly respond to network events from a central console

Download our FREE whitepaper at:
http://www.securityfocus.com/sponsor/Solsoft_focus-ids_031015 
---------------------------------------------------------------------------