Top Layer Network Security (IPS)
In addition to its content-based IPS capabilities, the Top Layer IPS solution also has features to defend against a wide variety of botnet-based attacks that are designed to render computers, servers and/or the network incapable of providing normal services. Using the Top Layer's IPS solution, multi-gigabit/sec attacks can be mitigated all the while allowing legitimate traffic to continue passing through.
Sitting in-line, the Top Layer IPS performs stateful packet inspection to keep track of the millions of network connections travelling across it. Using patented algorithms, the Top Layer IPS is able to identify attacks and mitigate them. The Top Layer IPS solution can be used by any organization that requires dedicated infrastructure to protect against DDoS attacks. In addition, service providers can protect their own critical infrastructure or that of their individual customers. The Top Layer family of appliances are best suited to protecting links that have a capacity exceeding 100Mbit/sec.
All Features
DoS & DDoS Protection
Patented algorithms provide comprehensive protection against SYN floods, ICMP floods, UDP floods and application overload attacks.
Application Rate Limits
Using policy-based rules, traffic rates to applications and servers can be limited based on acceptable application usage.
Connection Limits
Configurable rules that protect network resources (such as servers and routers) from being overwhelmed by too many connections.
Client Request Rules
Configurable rules that limit the rate at which individual clients can initiate transactions.
DShield Updates
DShield is a community-based collaborative log correlation system. It receives logs from numerous sensors throughout the world and analyzes attack trends. It is also used as the data collection engine behind the SANS Internet Storm Center. Top Layer collects data feeds from the DShield engine and forwards lists of badly-behaving IP addresses to the IPS which in turn can block any traffic sent to or from these malicious IP addresses. Typical blocked IP addresses include those used in cross-site scripting, SQL injection attacks, directory traversals, spam and other botnets and zombies.
Shunning
Attackers can be identified in a configurable dashboard and blocked en masse with a simple mouse click. Any traffic received from these shunned IP addresses can be temporarily or permanently blocked.
Stateful Inspection
The IPS contains built-in state tables that hold in memory significant attributes from start to finish for all network connections. Included are details such as IP addresses, ports involved in the connection and the sequence number of the packets traversing the connection. From these tables, the IPS is able to gather significant context from which it can determine attack type, direction of attack, and attack frequency.
ProtectionCluster™
The Top Layer IPS can be deployed in configurations of up to 8 parallel appliances, particularly useful when 10Gig/sec of protection is required or the network is asymmetric. Management of multiple devices is achieved with a centralized IPS Controller software module. The IPS Controller shows real-time data and includes drill-down incident response capabilities. Editing configurations is intuitive and simple and applying new TopResponse protection packs across the entire IPS appliance infrastructure couldn't be easier.