Press Releases
Events
Webinars
Success Stories
 

IntruGuard Devices’ IG2000 Security Appliance Earns Certification From the Tolly Group 

Report confirms IntruGuard’s IG2000 DDoS Firewall Security Appliance delivers full gigabit performance while accurately blocking only malicious flood traffic in under two seconds without user intervention

SUNNYVALE, CA June 15, 2006. IntruGuard Devices, Inc., a leading provider of DDoS Firewall security appliances to web hosters, Internet service providers, financial institutions, enterprises, and data centers today announced IntruGuard’s IG2000 has achieved “Up to Spec” certification by The Tolly Group, a third-party information technology testing, research, and certification organization. Engineers from this firm evaluated IntruGuard’s IG2000 RBIPS based on its ability to properly identify and block denial-of-service (DoS) and distributed-denial-of-service (DDoS) flood traffic while permitting legitimate traffic to proceed. The IG2000 was evaluated for its performance, latency, and connectivity capabilities along with its ability to detect and block a variety of scans, protocol anomaly attacks, header and state anomalies, and the reaction time to block such attacks. The Tolly Group concluded the IG2000 exceeds the stated product specifications and stands out as the only such solution it has tested to date that is capable of this broad range of security protection, performance, accuracy, and ease of deployment.

“The IntruGuard RBIPS detected and stopped every attack within two seconds of the attack barrage we threw at it, ” said Kevin Tolly, President, CEO, and founder of The Tolly Group. “It is critical that DoS attacks be automatically and accurately blocked without manual intervention, even at gigabit rates. The IG2000 is the only solution we have seen with these capabilities.”

The Tolly Group subjected IntruGuard’s IG2000 to an unrelenting barrage of more than a dozen types of attacks including Layer 2 through Layer 4 floods involving TCP, UDP, SYN, RST and other protocols. In each case, 500 Mbps of legitimate real-world traffic was used and an additional 500 Mbps of flood traffic was added. In every case the attack was accurately distinguished and dropped while the legitimate traffic proceeded unaffected. No false positives occurred. A blended attack including SQL Slammer and Xmas Tree was launched where 750 Mbps of this traffic was sent to the RBIPS while 500 Mbps of valid bi-directional traffic was used. Again, only malicious traffic was dropped and such traffic was identified and repelled in less than two seconds. No manual intervention was required beyond initial configuration.

“Today’s service-conscious CIOs and CSOs are looking for automated, rapid-response best-of-breed appliances that can mitigate DoS/DDoS attacks while remaining easy to use,” said Hemant Jain, CTO of IntruGuard Devices. “We set out to stop Day Zero DDoS and other new attacks automatically, in two seconds without dropping any good traffic.” “This validation has proved beyond doubt that the IG2000 can guard mission-critical services for organizations that depend on Internet connectivity.

 

Low Latency Supports VoIP Networks

Switch-like performance levels are required to protect Voice over IP (VoIP) networks from DoS/DDoS attacks without adversely affecting voice quality. The Tolly Group certification showed that the IntruGuard’s Intrusion Gateway IG2000 provides carrier-class performance. The report states the IG2000 was able to maintain over 920,000 simultaneous open TCP connections and allow over 93,000 new TCP connections per second. The “new TCP connections” rate value reflects the upper limits of the testing tools; actual values are likely beyond these specifications. Latency calculations were made under an aggregate throughput of one gigabit per second; resulting values were under 26 microseconds for a 1,518-byte frame size and below 8 microseconds for 128-byte frames. 

Support for Eight Networks Reduces Implementation Costs

A test of the IG2000 was made to determine the device’s ability to segment incoming traffic into up to eight logical data flows. This feature allows one IG2000 to protect multiple independent servers or networks with unique traffic patterns. Network managers recognize the IG2000 can save many times its own cost in terms of a reduction of replicated network equipment because of this feature. The Tolly Group report shows how eight different servers were fed 100 Mbps of good traffic while simultaneously blocking 500 Mbps of SYN flood traffic on one of the servers. With a five-minute attack duration, there was no measurable loss in traffic to any of the servers.

Perfect Score in Stopping Wide Variety of Attacks

Tolly Group engineers ran a series of additional security tests for scan, header and state anomaly prevention and concluded that:

  • The IntruGuard appliance was able to block full-scale network scans. A massive flood of 222 million packets with continuously changing network addresses was sent to the device and they were immediately blocked while allowing 500 Mbps of real-world HTTP traffic to pass.
  • Port scans were similarly blocked immediately. A test involving flood traffic of 222 million packets involving continuously changing ports was stopped while HTTP traffic continued to pass.
  • Dark address scans involving non-legitimate addresses were immediately blocked using the same traffic rates. Packets with both source and destination dark addresses were prevented.
  • Header anomalies were blocked at line rate. 500 Mbps of TCP SYN traffic with illegal checksums were immediately blocked, while 500 Mbps of simultaneous normal HTTP traffic continued unimpeded.
  • The IG2000 is stateful with state anomalies blocked at line-rate. 500 Mbps of TCP packets with illegal TCP states were immediately blocked while 500 Mbps of HTTP traffic continued.

“We have addressed the shortcomings of the current generation IPS devices by using an extremely powerful ASIC-based engine. The IG2000 predicts flows to such a granular level that it stops the most difficult Day Zero DDoS attacks with no operator intervention in two seconds,” said Tom Bleier, Vice President, Marketing.  “CIOs and CSOs now have a great new tool validated by The Tolly Group to protect their company’s reputation and revenue.”

For The Tolly Group’s entire review of IntruGuard’s Intrusion Gateway IG2000, please visit www.Tolly.com or at IntruGuard at www.IntruGuardDevices.com.

About The Tolly Group

The Tolly Group, an independent testing and strategic consulting organization based in Boca Raton, FL., offers a full range of services designed to furnish both the vendor and end-user communities with authoritative and unbiased information. Additionally, The Tolly Group is recognized worldwide for its expertise in assessing leading-edge technologies. For more information on The Tolly Group’s services, visit its Web site at www.tolly.com, E-mail info@tolly.com, call (561) 391-5610 or fax (561) 391-5810.

About IntruGuard Devices, Inc.

IntruGuard’s mission is to secure high-value Internet services and network infrastructure by delivering built-for-purpose systems for Intrusion and Day Zero DoS and DDoS Attack Prevention. The company serves enterprises, government agencies and service providers that are under pressure to deliver surefire network and application performance under all conditions. IntruGuard’s IG200, IG 2000 and IG2200 security appliances will defeat any intruder attempting to mount a rate-based attack on servers, subnets or networks. The IG200, IG 2000, and IG2200 deliver maximum performance, intelligence and ease of deployment in rate-based security appliances. The company is headquartered in Sunnyvale, CA. (www.IntruGuardDevices.com)

Press Contact:
IntruGuard Devices, Inc.

John Gudmundson
Johng@IntruGuardDevices.com
Phone:408-400-4223
Fax: 408-400-4101