IBM

introduction: Top Layer

The Most Experience in Network Intrusion Prevention Solutions

Are you under a cyber attack? Contact Us

Top Layer is a market-leading provider of Network Intrusion Prevention Systems (IPS), developing and bringing to market network security infrastructure solutions that help commercial and government organizations protect their critical on-line assets from the losses and risks associated with cyber threats.

Intrusion Preventions System Solution - Attack Mitigator IPS

Stops HTTP, DDoS, SYN Flood, IP Spoofing, Protocol and Traffic Anomalies, plus More

Today's security infrastructure has several shortcomings when dealing with the complexity and subtleties of a new generation of cyber attacks. Many intrusions get through the firewall, and traditional network Intrusion Detection Systems (IDS) simply detect and record attacks. These security challenges require an Intrusion Prevention Solution (IPS) that accurately blocks attacks before damage occurs.

Top Layer's Attack MitigatorT IPS is a family of high performance, ASIC-based intrusion prevention solutions with precision blocking and control against the most prevalent cyber attacks. Hybrid attacks such as HTTP worms, DoS / DDoS attacks, protocol and traffic anomalies, IP spoofing, SYN flood attacks, and more, are accurately detected, and stopped in real-time. The Attack Mitigator IPS allows the network security administrator full control in selecting how the device will respond to detected attacks. Precise but flexible actions against blocking malicious and suspicious traffic include monitoring, alerting, limiting and blocking. Attack Mitigator IPS offers 100 megabit through
multi-gigabit solutions for maximum performance.

Attack Mitigator Intrusion Prevention System (IPS) Solution

• Provides pinpoint accuracy for stopping cyber (i.e., DoS / DDoS, SYN Flood, and more) attacks before they affect your critical resources.
• Achieves multi-gigabit performance due to ASIC design and optimized packet inspection-mechanisms. Embedded application library for quick configuration.
• In-line device capable of accurately detecting and precisely blocking attacks.
• High availability.
• Advisory and update service for protection from future attacks

Features

• Blocks HTTP worms and other hybrid threats, using advanced "normalized" deep packet and multi-packet HTTP URI matching and wildcard checking.
• Pre-configured to identify hundreds of HTTP URI exploits, Denial of Service Attacks (DDoS / DoS), trojan horses, and other prevalent attacks.
• Patented SYN flood detection and blocking mechanisms.
• Flexible response mechanisms including monitor, report, limit, and block.
• Easy to use, wizard-based design.
• Centralized management capabilities.
• Available in a variety of configurations: 10/100, Gig, Multi-Gig.

Attack Mitigator IPS 5500 - COMING SOON

The Attack Mitigator IPS 5500 is the first family of high-performance in-line security devices to deliver non-stop protection against both network and application level cyber threats. Top Layer has developed this new platform using advanced TopInspectT deep packet inspection technology to provide protection of critical on-line assets while meeting demanding network security infrastructure requirements.

Click here for a Product Brief

Intrusion Detections Systems Balancing Solution

Optimized Intrusion Detection System Balancing

Network Intrusion Detection Systems (IDS) typically have problems with missed intrusions, unmanageable log files, inability to handle traffic loads in real-time, and false positives from irrelevant traffic. Additionally, IDS installations create major deployment obstacles in asymmetrical, heavily switched, highly trafficked, and redundant networks. Cost-effectively solving these IDS problems and detecting all attacks, protects your network, preserves confidentiality of corporate information, and provides uninterrupted service to customers and employees.

The Top Layer IDS Balancer family of products are the only balancers optimized specifically for overcoming IDS performance issues. The IDS Balancer maximizes the effectiveness, availability, and performance of your IDS solution, and addresses specific deployment issues these devices face in several environments. The IDS Balancer is a dedicated security appliance that provides simultaneous monitoring of multiple network segments at a full range of network speeds up to multi-Gigabit configurations.

The newest addition to the line, the IDS Balancer 4500, provides multiple Fast Ethernet ports and eight Gigabit ports. This multi-Gigabit platform provides unmatched scalability and performance. The IDS Balancer 3500 product line offers a Fast Ethernet only version and a Fast Ethernet/dual Gigabit port variant.

The IDS Balancer Optimizing Solution

• Gain 100% network intrusion coverage by optimizing your nIDS.
• Protect network resources and network availability.
• Reduce number of sensors while increasing intrusion coverage.
• Extend nIDS protection to previously unprotected network architectures.
• Reduce false positives and unmanageable log files.
• Cost effectively maximize performance of your existing nIDS deployment.
• Increase nIDS reliability with n+1 redundancy.

Features

• Flow MirrorT to intelligently distribute traffic in full context.
• Policy-based traffic distribution considers both the type and the source of the traffic.
• Wizard-based configuration, easy to use and deploy.
• 802.1Q VLAN tag stripping for nIDS that can't accommodate them.
• Flow Mirror traffic up to 4 groups to accommodate multiple nIDS vendors or the addition of analyzers or sniffers.

Taps

GigaBit SX Tap

Taps and monitors 1000 Base-SX (multimode) fiber networks

Fast Ethernet Copper Tap

Taps and monitors 100 Base-TX copper networks

Multifunction Network Security Device - AppSafeT

Multi-function Network Security Device

Top Layer's AppSafe 3500 systems are multifunctional devices that integrate a number of key functions and services including firewall/VPN load balancing, server load balancing, Quality of Service, IDS load balancing, and DDoS attack mitigation. AppSafe's high-speed, patented ASIC architecture allows deep packet inspection and stateful flow analysis for maximum performance at gigabit speeds.

The AppSafe Solution

• Integrated solution simplifies network complexities.
• Compliments existing network security infrastructures.
• Reduces network downtime and increases availability.
• Flexibility of network connectivity options increases network coverage.
• Protects against legal ramifications resulting from DDoS.

Features

• Custom ASIC design for top performance.
• Firewall load balancing.
• Bandwidth rate limiting.
• Quality of service (QoS) support.
• Fast Ethernet & Gigibit Ethernet support.
• GUI based management

Secure Controller

Secure Authentication Access to Network Resources

The Secure Controller is a focused hardware appliance that enforces security policies on unprotected network access points by forcing user authentication and controlling user activity. The product sits at or near the edge of the network in public and semi-public wired network access points (i.e. University classrooms, computer labs, conference rooms, hospitals) to provide security authentication.

The Secure Controller Solution

• Stops unauthorized use of the network by providing complete control of network access points in public and semi-public areas including in wired and wireless networks.
• Adds an additional layer of security to the network while preserving investment in existing architecture.
• Provides a high degree of network control.
• Prevents anonymous attacks being launched from public areas.
• Allows mobile users access to only authorized portions of the network (i.e. only e-mail access, only Internet access)

Features

• Compatible with any client OS.
• Integrates with RADIUS, LDAP, NTLM, and Active Directory.
• Fully customizable authentication process.
• Can deliver data either to a storage and analysis system directly attached or remotely connected over an IP network.

White Papers

Beyond IDS : Essentials of Network Intrusion Prevention (IPS) PDF 1.98Mb
Companies are now recognizing that it costs much less to prevent attacks than to repair the associated damages related to a cyber attack. This is the idea behind Intrusion Prevention Solutions (IPS). This white paper will review critical weaknesses of network intrusion detection technology (nIDS) that can affect the security of your network, and a new breed of IPS products that can help alleviate these issues. For years, the philosophy behind network Intrusion Detection could be summarized as "Detect as many attacks and intrusions as possible, and report them, so that others may take action." In contrast, network Intrusion Prevention Systems have been designed with a new philosophy: "Take decisive action on those attacks or intrusions which can be accurately detected."

Vulnerabilities of Network Intrusion Systems: Realizing and Overcoming Risks PDF 368Kb
This document provides an overview of some of the key problems that arise in network-based Intrusion Detection System (nIDS) deployments. These deployment issues result in missed intrusions, network degradation, and lost business. The document further demonstrates how a network-based load balancer with session-based flow mirroring developed by Top Layer Networks can cost-effectively overcome many of these deployment pitfalls.

Stopping Attacks: The Importance of Denial of Service (DoS) Security Appliances PDF 113kb
This paper outlines the growing DoS/DDoS (Distributed Denial of Service) problem and examines how a network can be secured against all types of DoS attacks by employing firewall and DoS mitigation systems together. It presents how the solution meets the varying application performance and security needs of enterprise customers, service providers and carriers. It also illustrates the business benefits of deploying DoS mitigation security appliances as opposed to using firewalls alone.