Top Layer gear boosts app protection

Top Layer Networks is announcing a faster hardware platform for its application filtering software and the addition of protection against three application-layer attacks it didn’t defend against before.

Called Attack Mitigator IPS 5500, the new appliance adds protection against attacks on DNS, e-mail and file servers. Before, Top Layer appliances defended only against SYN flood attacks and HTTP worms, the company says.

The new device also supports 2G bit/sec throughput, up from 1G bit/sec on its earlier platforms, the company says. The box can be placed in-line with traffic as it enters a LAN from the Internet or as it enters a network segment containing valuable network resources such as mail servers and file servers, the company says.

Top Layer competes against ForeScout Technologies, KaVaDo, NetContinuum, Sanctum and Teros, whose gear falls into the application gateway appliance category. Some of these companies’ products also perform other functions. NetContinuum’s also terminates Secure Sockets Layer sessions and proxies traffic to and from servers to protect data about the servers from being transmitted over the Internet.

Equity trading firm Orbit II Partners in New York says it plans to beta test the IPS 5500 for its speed advantages over the current that Top Layer box Orbit uses, the IPS 100. The firm is using the equipment to protect its network from SYN floods and buffer-overflow attacks coming through its Internet connection. “It alleviates strain on our firewall,” says Robert Newhouse, Orbit’s CTO.

SYN flood attacks had been caught by the firewall before the company bought Top Layer gear, but dealing with the attacks ate up firewall memory and slowed performance, he says. Placing a Top Layer box between the firewall and the Internet weeds out such attacks before they hit the firewall, he says, and with its increased speed, the IPS 5500 should keep any delay to a minimum.

In addition, the IPS 5500 has an application programming interface that will let Orbit write custom policies to filter proprietary applications in Orbit’s network, Newhouse says.

The beefed-up hardware will support future new protections against what Top Layer calls business logic exploits. These protections would scan traffic for legitimate-looking traffic attempting to perform forbidden transactions. So a user could set a rule banning use of XML for certain functions and block that traffic but let through XML traffic that perform approved transactions. Top Layer says it will use alliances with other vendors to support these business logic protections.

The IPS 5500 is set to be available in the first quarter of next year. Pricing has not been set.