IDS mailing list archives
RE: Top Layer Attack Mitigator - Experience?
From: James Pichardo <james.pichardo () gmail com>
Date: Fri, 27 Aug 2004 13:01:17 -0400
Hi, We've been using TL 2800 platform for about 6 months and recently switched to their new 5500 platform. Our experience has been quite good regarding the hardware and also we feel we are working with guys who really have experience in DDoS. That's the best part of TL; They have very knowledgeable security engineers with real experience on high traffic attacks and they just make sure the IPS fits well on your infrastructure. Hardware side, let me tell you this: we went through really dificult times with huge attacks. As most companies it took us completely unprepared. Our PIX 535 behaved like a small hub during the attacks, completely unoperational and unable to sustain the SYNs/sec traffic. So we went shopping and of course went to the big names first. We initially deployed a NetScreen 5200 and after a couple of attacks it became useless as well. At that point our ISP suggested TL. We were not sure at the beginning since the company can be considered small if compared with Cisco and NS, but TL offered us a trial. This just worked well. They even tested the IPS deployment with IXIA traffic generators and proved to us that the 2800 (it is a cluster of 8 IPS) sustained attacks of 550-600,000 SYNs/sec. We haven't had very large attacks since then (only small attacks of about 60,000 SYNS/sec), but after the equipment being working flawlessly for the las 6 months we are pretty confident we are in good hands. The only thing I could mentioned for the 2800 was the management interface. It seemed clumsy to me at times but the new platform (5500) has made excellent improvements on this side. They also lack a very comprehensive MIB but the enhancements to the alarms triggering mechanism (you can now generate syslog messages that alert when SYNs/sec are above a threshold level), are steps on the right direction. This guys seemed to work hard improving their IPS offer, they have made the architecture more modular and even added a Firewall module which should help network engineers to enforce security policies and save some CPU cycles on the IPS unit. Overall I see the TL guys in a very confortable position on the IPS market and if their support continues to be as good, they'll just doing the right stuff. James.
Current thread:
- Top Layer Attack Mitigator - Experience? Michael McDonough (Aug 16)
- <Possible follow-ups>
- Re: Top Layer Attack Mitigator - Experience? Zul-Azry Alias (Aug 20)
- RE: Top Layer Attack Mitigator - Experience? James Pichardo (Aug 29)