An Evolved Approach To Intrusion Prevention

Protect Your Network With Top Layer Security’s IPS 5500 ES-Series. Keeping bad guys out–and critical data in–is one of the most challenging tasks in IT security. Thankfully for IT managers looking for an edge, intrusion detection and prevention systems have evolved into the silent sentinels of network security.

Protect Your Network With Top Layer Security's IPS 5500 ES-Series

Keeping bad guys out–and critical data in–is one of the most challenging tasks in IT security. Thankfully for IT managers looking for an edge, intrusion detection and prevention systems have evolved into the silent sentinels of network security. 

These appliances, also known as IDS/IPS or IDP, sit at the edge of the network and scan inbound and outbound traffic for any attempts to remotely exploit the network, propagate malware, or otherwise disrupt the organization's operations. That's the detection part. IPS appliances take this capability a step further by blocking identified threats before they can do any damage. They stop remote exploits in their tracks, keep malware out, and thwart application-focused attacks. Unfortunately for IT professionals, the landscape isn't getting any friendlier. 

"Every year, between 7,000 and 8,000 new vulnerabilities are discovered in the software that's used to run IT hardware," says Mike Paquette, chief strategy officer of Top Layer Security (, maker of the IPS 5500 ES-Series appliances. "The vast majority of these resources can be taken advantage of by malicious software""a process called remote exploit. IPS reduces the follow-on risks of other negative things happening." 

Taking IPS One Step Further 

Those other negative things extend not only to firewall breaches designed to compromise internal resources and steal data. They also include DDoS (distributed denial of service) attacks, which have grabbed headlines throughout 2010 thanks to high-profile cases such as those against MasterCard and Visa that followed the latest round of WikiLeaks leaks and the Stuxnet worm that targeted infrastructure at power-generating stations. 

Unlike more traditional security threats, DDoS attacks are relatively unsophisticated and are focused on disrupting instead of breaking in. They leverage relatively small groups of attackers–in some cases as few as three individuals–who, working manually or using automated scripts or botnets, simultaneously bombard an online target, typically a Web site, with access requests. Eventually the site either slows down or crashes altogether. 

Conventional Solutions Are Lacking 

Unfortunately for IT shops looking to mitigate the impact of DDoS attacks on operations, most conventional IPS solutions aren't designed to counter this kind of threat. Top Layer Security's IPS 5500 ES-Series, on the other hand, is. It monitors all incoming access requests in real time, using patented algorithms to distinguish legitimate requests from nefarious ones. It blocks the attack-based requests while allowing those from the intended audience to be processed. 

"The ES series keeps the services you're trying to offer up and available to customers while blocking, in real time, the requests that in any other scenario would compromise availability to legitimate users," Paquette says. 

It's a strategy that doesn't just rely on real-time intervention during an attack. The ES-Series IPS appliances analyze request signatures over extended periods of time, learning how to more effectively identify and intercept these kinds of attacks. 


"Our technology watches the behavior of a given requester over time," Paquette says. "This is a really hard thing to do because a lot of times those requests look completely legitimate. There's quite a bit of science that takes place behind the scenes to make this kind of adaptive process possible." 


Seamless Implementation 

That behind-the-scenes capability is crucial to successful deployment in a typical data center. IT professionals don't have the resources to babysit appliances to ensure that they remain capable of assessing and dealing with fast-evolving threats. 

The average IT professional "doesn't have to worry about how all of this works," says Paquette. "He basically sets up a policy that identifies the assets being protected. From that point on, it's all automatic: The IPS builds its own database by watching all communications, all without additional intervention or day-to-day management." 

In resource-strapped IT shops, the workflow benefits of this approach are clear. Staff members don't need to be retrained to derive the benefits of improved DDoS protection, and existing monitoring roles, processes, and protocols can stay pretty much intact. 

ISPs Play A Role, Too 

Paquette says the ISP plays a role. The impact of a DDoS attack on the service provider upstream means even the most sophisticated IPS appliance can't guarantee 100% protection. 

"To be honest, when DDoS attacks happen at such a large volume that the ISP is unable to let good traffic go through, these things are less effective," he says. "The good traffic could be getting dropped due to overload from the ISP." 

Still, Paquette says Top Layer Security has learned that about 70% of DDoS attacks cause a denial of service without actually filling up the network pipe–a reality that reinforces the value of solutions like the ES-Series that are capable of identifying and addressing different classes of requests. 

"The bulk of our business is in the network IPS space," Paquette says. "We compete with our competitors with that functionality, while DDoS protection in the ES-Series is a bonus because it's not an expected feature of a network IPS." 

It all adds up to visibility. Network administrators with better visibility into the security status of the network are better able to proactively manage hardware, software, and services. Whether or not the network is under attack, the benefits are tangible. 

"Within the industry, security people are increasingly using the term "˜visibility,'" Paquette says. "Not only does IDP protect you, it also improves visibility and lets you know what's going on in the network." He adds, "Network traffic is one of those things that the closer you look at it, the more things make you nervous until you understand it more closely." 

Beyond basic protection, that's the value proposition of Top Layer's ES solution. As DDoS attacks continue to grow in both scale and frequency, it's a capability data center managers will increasingly employ to ensure that the right users get in and the attacking hordes are turned away.   

by Carmi Levy