Tolly Group Test Results Verify That Top Layer’s IPS 5500 Offers the Highest Levels of Protection and Performance for Real-World Networks

December 14, 2004 – Top Layer Networks, Inc., provider of widely deployed inline Intrusion Prevention System (IPS), today announced that independent research and testing agency Tolly Group has performed real-world Doomsday DDoS attack tests and have found that Top Layer’s Attack Mitigator IPS 5500 offers the best protection and performance available. Using test scenarios that mirror real-world customer networks and traffic loads, Tolly Group validated that the Top Layer platform offers the highest levels of performance without sacrificing protection. Customers can have the utmost confidence in Top Layer’s IPS solutions providing the best protection available for their critical IT assets.

“We created tests that were based on real-world network traffic conditions, embedding attacks into legitimate traffic to examine the true effectiveness of the intrusion prevention solutions we were evaluating,” said Kevin Tolly, president/CEO of the Tolly Group. “Test results clearly show that Top Layer’s Attack Mitigator IPS 5500 performed at levels of both protection and performance that far exceeded those of other leading IPS products in real-world network environments.”

Top Layer Provides Superior Protection Against Malicious Content
The Tolly Group’s results show that Top Layer’s IPS 5500-1000 product provides superior protection against Internet worm attacks while mixed with legitimate HTTP transactions. Results of the testing show that the IPS 5500 was able to maintain full connection rates of legitimate traffic, while blocking all worm traffic. Other platforms are not only unable to handle typical traffic loads thereby blocking legitimate traffic, but also allow malicious worm traffic to penetrate the internal network. All it takes is a single worm or other exploit to cripple an entire infrastructure. Only Top Layer was able to pick the malicious “needle” out of the network “haystack.”
v Top Layer Provides the Best Protection Against DDoS Attacks v According to The Tolly Group, Top Layer’s IPS-5500-1000 provided the best protection and performance while under SYN Flood attack. Tests show that the IPS 5500 was able to block high-volumes of SYN Flood attack packets without degrading the performance of the legitimate traffic. By contrast, other IPS products blocked good traffic and allowed SYN Flood traffic to penetrate their internal networks. Allowing SYN Flood traffic to penetrate the internal network may cripple the protected assets, rendering them unavailable for normal business use.

Top Layer Delivers the Industry’s First IPS Solution to Provide 8Gbps of Non-Stop Protection
Tolly Group has verified that the Attack Mitigator IPS 5500 ProtectionClusterTM provides 8 Gbps of protection in a compact 4U form factor. Top Layer maintains full stateful protection capabilities through its intelligent stateful load sharing. More state information provides better protection through a thorough understanding of all flows in a session. Most other solutions aren’t capable of employing full-time stateful inspection. Even worse, when handling asymmetric traffic, other solutions must completely “dumb down” their protection to simple packet filtering (IP or MAC address filtering) due to architecture and performance limitations. Competing solutions can provide performance and reliability only by severely exposing an organisation’s critical assets to potentially devastating attacks.

Top Layer Continues to Provide Drop-In Deployment with Microsecond Latency
Throughout the various tests, Top Layer’s Attack Mitigator IPS 5500 continuously held a distinct advantage in the area of response times. The IPS 5500 maintains microsecond latency versus millisecond latency for the other platform, proving that the IPS 5500-1000 processes data streams more quickly than its competitors.

Performance without Sacrificing Protection
Through real-world testing, the IPS 5500 proves itself as the best solution that can handle today’s network performance requirements, while:

” Avoiding being a bottleneck by introducing only microsecond latency under load
” Blocking malicious traffic, without blocking legitimate traffic
” Scaling for additional user and performance requirements

“The results of The Tolly Group’s rigorous real world testing demonstrate Top Layer’s technology leadership. Our superior non-stop protection and performance capabilities are a direct result of Top Layer’s second generation TopFireTM ASIC and TopInspectTM Deep Packet Inspection Technology,” said Mike Paquette, Vice President of Product Marketing and Management at Top Layer Networks.

Overview of Tolly Group’s Test Environment
The test environment used for this IPS evaluation was a departure from previous methodologies where vendors test their products in non real-world test scenarios. Many vendors employ improper methods to improve their perceived capabilities. The Tolly Group’s test infrastructure used the following methodologies for performing the various test scenarios:

” Used Routers and not just Layer 2 Switches – Some vendors use Layer 2 switches to connect test tools to their IPS. This technique allows the IPS to quickly identify the MAC address of the attacker, and block attacks based on simple MAC address filtering rather than on more advanced IPS capabilities. When forced to test in an environment more typical of routed network topologies, the performance at which the IPS can protect against attacks is usually much lower.

” Tested with Real-World Protocols – Most real-world attacks are intertwined with legitimate user traffic. It is much more difficult to pick out malicious traffic hidden amongst legitimate background traffic. A mix of typical protocols (i.e. web file transfer and email) can also affect how well a device’s protection policies perform.

” Simulated Actual Business Traffic Levels – The challenge for most security devices is to detect and block attacks at real-world user traffic levels. Higher traffic loads reveal the true capabilities of an IPS.

Testing procedures and scripts are available upon request. Complete test results are available at both Top Layer’s Web site ( and The Tolly Group’s Web site (

About The Tolly Group
The Tolly Group, an independent testing and strategic consulting organisation based in Boca Raton, FL, offers a full range of services designed to furnish both the vendor and end-user communities with authoritative and unbiased information. Additionally, The Tolly Group is recognized worldwide for its expertise in assessing leading-edge technologies. For more information on The Tolly Group’s services, visit its Web site at, E-mail, call (561) 391-5610, or fax (561) 391-5810.

About the Attack Mitigator IPS 5500
Top Layer’s IPS 5500 offers the best network-level and application-level protection from cyber threats including undesired access, malicious content (viruses, worms, Trojans and other remote exploits), and rate-based attacks (DoS, DDoS and other Flood attacks). Top Layer’s IPS 5500 solution has been uniquely designed to defend against not only known threats but also provide protection from newly discovered “zero-day” exploits. Top Layer provides high performance, non-disruptive full content inspection and analysis coupled with intelligent blocking of attacks through TopFireâ„? second-generation ASIC technology and TopInspectâ„? Deep Packet Inspection algorithms.

For more information on The Attack Mitigator IPS 5500, please contact, or call +1 508-870-1300.

About Top Layer Networks, Inc.
Founded in 1997, Top Layer Networks ( develops network security solutions that enable enterprises worldwide to protect their infrastructure and critical online assets from cyber threats. The Company’s patented, ASIC-based products are engineered to deliver accurate and reliable protection mechanisms while operating as robust in-line network security devices. Top Layer Networks is headquartered in Westboro, Massachusetts with sales and support presence in Canada, France, Germany, Japan, Korea, the Netherlands and the United Kingdom.

Don't miss