Its latest product, the company says, is ready to handle your gigabit security needs.

by Alex Goldman ISP-Planet Managing Editor [June 22, 2006]

We've written about Top Layer Networks' IDS before. Now, Westboro, Mass.-based Top Layer says the company's hardware has been updated.

The new box is the IPS (Intrusion Prevention System) 5500 line. "We provide three dimensional protection," says Bruce Kane, Top Layer business development manager for the service provider market. "We provide firewall, mitigation, and deep packet inspection. We feel that differentiates our product, because the competition does not cover all three."

The firewall, Kane says, is stateful, but "we don't do VPNs and NAT." He says ISPs either deploy the IPS to be the firewall, or to be the first line of defense, protecting the firewall.

As to mitigation, Kane says that many ISPs are facing floods of various kinds (DDoS, SYN, etc.) and therefore this feature is important to the service provider market. For mitigation, the company uses RFCs. "If a header has too many characters in it, we know that's a buffer overflow attack, and we don't need to know the details of the specific exploit."

To defeat SYN floods, which can reach 1.5 million SYNs per second on a gigabit pipe, Kane says the company tracks SYNs that repeatedly fail to make successful TCP connections, rating senders as trusted, suspicious, or malicious (zero successful handshakes). A similar method defeats HTTP GET attacks.

Inspection is also important, Kane says. "We examine each packet in detail and identify any viruses, worms, trojans, or other malware. We are able to examine every packet at line speed because we use custom ASICs. There are no moving parts in our box at all."

A flagship customer, Burnaby, British Columbia, Canada-based In2net (founded in 1996) recently upgraded from the 3500 to the 5500 product line. In a Top Layer press release, Richard Wong, In2net network administrator, says, "We had used a previous version of Top Layer's IPS device in the past, and the latest version of the IPS 5500 is much easier to use with its new user interface."

In the release, Wong says he's also impressed with the box's new security features. "Top Layer's IPS 5500 delivers the three-dimensional protection from undesired access, malicious content, and rate-based attacks at the performance levels that will help In2net realize its business growth goals."

Kane explains that when Top Layer made the initial sale, In2net was using 100 Mbps upstream pipes, but has since upgraded to gigabit.

So, we ask Kane, what's next?

He says that ISPs are now interested in protecting their new VoIP networks.

Asked whether ISPs are moving to 2.5 Gbps or 10 Gbps pipes, Kane says that some of the company's largest customers are starting to talk about these speeds, but notes that clusters of the IPS 5500 can handle them. A cluster, he claims, is superior to a chassis because if one box fails, the service survives.

Asked whether the company supports boxes that are sold, a Top Layer PR rep e-mailed us, explaining that support contracts are between Top Layer and a particular customer and are therefore not transferable, but that the company will still answer support calls during normal business hours.

Pricing and availability
The IPS 5500 is available now from Top Layer Networks.

Pricing varies according to full duplex speed: the IPS 5500-50 is $14,995, the IPS 5500-100 is $24,995, the IPS 5500-500 is $49,995, and the IPS 5500-1000 is $79,995.

Volume discounts are available.

—End