F5 Networks Herculon DDoS Hybrid Defender
Home SDNF5 Networks Software-Defined Networking — F5 Networks Herculon DDoS Hybrid Defender

With F5 Networks Herculon DDoS Hybrid Defender comprehensive DDoS threat coverage in a simple, dedicated appliance with native, cloud-based scrubbing services. More sophisticated attacks demand more sophisticated protection. Today’s DDoS attacks are rapidly becoming more severe, more sophisticated, and more complex. Now, an attack will likely blend different attack vectors that are run simultaneously, designed to find the weakest link in your infrastructure — whether it’s your network devices, your applications, or your network bandwidth — and then exploit it. Different types of attacks are best handled different ways. And, because you can’t be sure what type of attack will be leveled at your business, you have to protect against all of them or leave your apps and data vulnerable. Many DDoS attacks aim to render a service unavailable by overwhelming it using multiple sources. All connections look OK. It’s only getting easier  to launch an attack.

It’s essential to defend against multiple attack types that target the weakest link, whether that’s your network, WAN bandwidth, or applications. Multiple vulnerability vectors have spawned multiple point solutions. Network layer (or flood) attacks are best handled at the edge of the network, protecting the assets that are behind the firewall. But the usual defense of black holing or rate limiting can cripple the connections of legitimate users. Application layer attacks, which are more sophisticated and targeted, require SSL decryption in front of app servers inside the network. WAN bandwidth saturation shuts down your connection to the Internet. So any on-premises defense is useless against it. Simply put, traditional point DDoS solutions are only partially effective because they focus solely on one type of attack. Herculon DDoS Hybrid Defender is the only multi-layered defense that protects against blended network attacks.

F5 Networks Herculon DDoS Hybrid Defender Protection

Multiple vulnerability vectors have spawned multiple point solutions. Network layer (or flood) attacks are best handled at the edge of the network, protecting the assets that are behind the firewall. Application layer attacks, which are more sophisticated and targeted, require SSL decryption in front of app servers inside the network. Typical solutions are blind to SSL traffic and dependent on their placement in the network. WAN bandwidth saturation shuts down your connection to the Internet. So any on-premises defense is useless against it.  In contrast with competing products, Herculon DDoS Hybrid Defender provides comprehensive protection for both the data center and the application. Out-of-band monitoring was fine when DDoS attacks weren’t so sophisticated, but now it’s too little, too late, especially when trying to protect against Layer-7 attacks. Attacks require processing, other solutions don’t have the performance to simultaneously decrypt SSL, process traffic, and mitigate attacks in-line.

F5 Networks Herculon DDoS Hybrid Defender

In contrast with competing products, Herculon DDoS Hybrid Defender provides comprehensive protection for both the data center and the application. Here are a few reasons why it’s more effective than the competition. Out-of-band monitoring was fine when DDoS attacks weren’t so sophisticated, but now it’s too little, too late, especially when trying to protect against Layer-7 attacks. Sophisticated attacks require a lot of processing. Other solutions don’t have the performance to simultaneously decrypt SSL, process traffic, and mitigate attacks in-line. Herculon DDoS Hybrid Defender delivers a multi-layered defense with a dual-mode appliance that supports both out-of-band and inline mitigation. Identifies good vs. bad traffic using behavioral attack detection with the ability to sustain DDoS under high connect rates and volume. Enables a faster response to volumetric and blended attacks with a dedicated solution that stops attacks on your data center immediately and integrates with Silverline cloud services for sub-second off-loading.

A New Depth Of Defense

F5 Networks DDoS Hybrid Defender is the only multi-layered defense that protects against blended network attacks and sophisticated application attacks, while enabling full SSL decryption, anti-bot capabilities, and advanced detection methods — all in one appliance. It also delivers the highest performance with line rate capabilities and without impacting legitimate traffic. Detect and protect against simultaneous attacks from Layer-3 through Layer-7. Integrated on-premises device with Silverline cloud-scrubbing service, protecting against WAN bandwidth saturation attacks. Protection against even the largest DDoS attacks at line rate. Sub-second attack detection, threshold based-packets per second, transactions per second, requests per second — and behavioral and signatures-based attack detection. Baseline the traffic to automatically size the configuration. SHUN, RTBH, BGP steer, and Herculon DDoS Hybrid Defender cloud-based services. Deployment options include inline, out-of-band, TAP, and bump-in-wire.
F5 Networks Herculon DDoS Hybrid Defender

Benefits

Is it possible to deploy and scale application services across public, private, and hybrid environments, without scaling out IT resources, infrastructure, and staff? Yes. And, F5 made it flexible, cost-efficient, and security-centric. F5 Networks Silverline gives your organization the ability to deploy app services across hybrid environments — minus upfront investments in IT infrastructure and support. Silverline cloud-based application services have the same features as F5’s leading on-premises application services.

They’re also highly customizable, so your configurations remain consistent with your existing BIG-IP implementations. Silverline services include anytime access to experts from the F5 Security Operations Center (SOC), so specialized personnel deploy and manage your application services, and you’re spared the time and expense of staffing your own team. The security support F5 provides isn’t outsourced to a third party. You’re talking to one of our own. F5 hires those hard-to-find, specialized security experts and they’re using F5 products combined with state-of-the-art security tools to ensure the best protection possible.

Features

Choose from two service options, provided via F5 Networks’ Silverline cloud based application services platform which is a fully managed service, set up, deployed, managed, and maintained by experts in F5 Networks Security Operations Center with 24/7 support. There is an express service option, enabling rapid self-service deployment of expertly maintained policies across hybrid environments to protect apps, anywhere. Both services allow you to remove the complexity of WAF management, increase the speed to deploy new policies, and decrease operational expenses. Service options include, Always Available — primary protection available on demand.

The F5 Networks Always Available subscription is pre configured for your systems, runs on standby, and can be initiated when under attack. The always on subscription stops bad traffic from reaching your network by continuously processing all traffic through the F5 Networks Silverline cloud-scrubbing services and returning only legitimate traffic to your site. F5 Networks Silverline WAF delivers comprehensive Layer-7 protection and compliance for enterprise data and web applications.

Silverline Threat Intelligence

This managed service adds critical context to policy decisions by integrating dynamic lists of threatening IP addresses with the Silverline cloud-based platform. Silverline Threat Intelligence is only available as an add-on to either Silverline DDoS Protection or Silverline Web Application Firewall. F5 Networks Silverline Threat Intelligence is a cloud-based service incorporating external IP reputation and reducing threat-based communications. By identifying IP addresses and security categories associated with malicious activity, this managed service integrates dynamic lists of threatening IP addresses with the Silverline cloud-based platform, adding context-based security to policy decisions.

F5 Networks Silverline Threat Intelligence is available only as an add-on managed service to either Silverline DDoS Protection or F5 Networks Silverline Web Application Firewall. All services are managed with 24/7 support from F5 Security Operations Center (SOC) experts, reducing risk and increasing network and application efficiency by eliminating the effort of processing threat-sourced traffic.

Web Application Firewall

F5 Networks Silverline Web Application Firewall is a cloud-based managed service or express self-service built on BIG IP Application Security Manager (ASM). It protects web apps and data anywhere, as well as ensures compliance with industry security standards, such as PCI DSS. F5 Networks Silverline Web Application Firewall is a cloud-based service built on BIG-IP Application Security Manager (ASM) — to help organizations protect web applications and data, and enable compliance with industry security standards, such as PCI DSS. Choose from two service options, provided via F5’s Silverline cloud-based application services platform:

  1. A fully managed service, set up, deployed, managed, and maintained by experts in F5 Networks Security Operations Center (SOC) with 24/7 support.
  2. An express service option, enabling rapid self-service deployment of expertly maintained policies across hybrid environments to protect apps, anywhere.

Both services allow you to remove the complexity of WAF management, increase the speed to deploy new policies, and decrease operational expenses.