Review: IPS 5500 Attack Mitigator

By on
Review: IPS 5500 Attack Mitigator

This is a 2U chassis designed to block attacks before they cause damage. It sits between the WAN and firewall, rather than inside the firewall as with other products.

This is a 2U chassis designed to block attacks before they cause damage. It sits between the WAN and firewall, rather than inside the firewall as with other products.

With a throughput of 4.4Gbps, it is the top of the range product. But it works at switching speed, so won't put any extra lag on your network.

The basic configuration comes with eight Fast Ethernet, four GBIC and two fixed 1000base-sx ports. The latter ports are used for the High Availability mode with another IPS 5500. The device's availability is further ensured by its dual hot-swap power supplies.

Initial installation is performed through the console port. The set up guide is easy to follow, and you are soon connected to the Mitigator's Java management console.

It's very easy to use and has a wealth of online information. Set up wizards help you get running quickly and make the initial configuration steps less mundane.

The system works much like a regular firewall complete with a policy. A policy is made up of other objects, such as network ranges and applications, which you can define separately.

The 5500 offers several levels of protection. First, it can recognize harmful viruses, Trojans and exploits, blocking them at wire speed before they cause harm. Second, it can monitor rate-based attacks, such as DDoS and filter the damaging traffic. Finally, it offers access control to prevent unauthorized network access.

It can also create a baseline reading of the network to work out what's normal and then flag up any anomalies, helping you to stop zero-day attacks. However, the attack signature database isn't as comprehensive as it might be.

If this sounds like a lot to contend with, Top Layer's efficient user interface makes it very easy to deal with even complex tasks.

This is an excellent product. Its wire-speed filtering, first-class management and wide range of tools means it can help secure any network without slowing it down.

For:

Wire speed detection and blocking; SecureCommand gives enterprise-class management.


Against:

Small attack signature database compared to other products.


Verdict:

Its wire speed blocking and excellent DDoS protection provides top-class security, but it is best used in conjunction with other security products.

Tags:

Most Read Articles

Log In

Username:
Password:
|  Forgot your password?