Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

OPSEC Partners

SecureWatch

Product Version Certified: V2.22
Certified for use with: Next Generation (NG) & Check Point 2000

Product Description: Top Layer's OPSEC solution combines the Attack Mitigator™ and SecureWatch™ product offerings.

The Attack Mitigator is a high-performance security appliance that monitors traffic for anomalies and protects networks against DoS, DDoS, worm and flood attacks by intelligently filtering and removing malicious packets.

SecureWatch is traffic monitoring and event reporting software.
   
Key Features and Benefits
OPSEC Integration
View Architectual Diagrams
Stopping Attacks guide
Release Notes		 Top Layer Networks, Inc.
 
The Company: Founded in 1997, Top Layer Networks Inc. provides a family of high-speed network security products to hundreds of enterprises worldwide. Built on a patented ASIC-based architecture, Top Layer's line of products increases the performance of a security infrastructure to ensure that customers derive the highest possible levels of availability, reliability, and performance from their network assets. At Top Layer we boast best performance and the highest return on security investment. For customers who desire a comprehensive security infrastructure, Top Layer is an imperative component. All Top Layer products work in harmony with existing securityinfrastructures.
 
Key Features and Benefits

When purchasing the Attack Mitigator, the SecureWatch ELA agent is included.

The Top Layer Attack Mitigator/ SecureWatch bundled solution is an integral part of "defense in depth" security architecture and provides seamless integration with Check Point's VPN-1/FireWall-1 environments.

The Attack Mitigator resides between your Check Point VPN-1/FireWall-1 firewall and your router to monitors traffic for anomalies and identify and mitigate in-line a wide range of Denial of Service (DoS) Distributed Denial of Service (DDoS), worm and flood attacks by using a combination of packet filters, packet sequence signatures, HTTP URI filters, TCP connection counters and threat-level assessment based on network connection behavior. By coupling Check Point extensive firewall capabilities with Top Layer's high-speed hardware-based network security appliances, new levels of protection can be achieved providing more comprehensive security protection that offers Firewalling, VPN, traffic anomalies, protocol anomalies, extensive attack identification and protection and Stateful-pattern matching.

SecureWatch is a WINDOWS based traffic analysis and reporting application that imports detailed events and alarm records from one or more Attack Mitigator security appliances. In turn, SecureWatch can export these events and alarms via a wide range of protocols and interfaces for centralized viewing.

For the Next Generation & Check Point 2000 environment, the Attack Mitigator, working in conjunction with SecureWatch's analysis, monitoring, and reporting capabilities, logs events and alarms to a VPN-1/FireWall-1 management server utilizing OPSEC protocols and interfaces.

Through this centralized logging, users can obtain a holistic view when responding to DoS attacks being mitigated via Top Layer's Attack Mitigators installed throughout their network. This provides users with better, coordinated responses to intrusions by allowing network operators to perform more complete event correlation between security systems and a means for forensic reconstruction as required.
 
OPSEC Integration

Integrate the SecureWatch Product with Check Point ELA NG
[See Release Notes for full integration procedures]

When purchasing the Attack Mitigator, the SecureWatch ELA agent is included.

There is no ELA proxy for Check Point ELA NG. The SecureWatch ELA Agent sends reports directly to the firewall, which either connects to a management station or writes the files locally.The steps to integrate the SecureWatch ELA Agent (Client), with Check Point™ VPN-1/VPN-1/FireWall-1® and the ELA Server include:

  • Install VPN-1/FireWall-1 as described in the Check Point Management Guide. The VPN-1/FireWall-1 installation procedure installs the ELA Server.
  • Enable ELA reporting in the SecureWatch Administrative Interface.
  • Set up the form of authentication that the SecureWatch Agent uses when connecting to the ELA Server. The remainder of this addendum provides details for setting up authentication.

NOTES: The SecureWatch product uses TCP port 2885 for TopFlow Report Protocolcommunication between the SecureWatch Producer and the Top Layer system unit. Ituses port 3885 for SSL communication. When you deploy the SecureWatch product in afirewall environment, you must ensure that this port (whichever one you use) is availablefor SecureWatch report traffic.

To use the Check Point ELA, you must also set up a local subnet address on the TopLayer system unit. Refer to the SecureWatch Installation and Configuration guide.

Benefits:

  • Real-time notification of network security events
  • Simplified network security management
  • Seamless integration with Check Point Log Viewer