Distributed Denial of Service (DDoS) attacks are ever-evolving and use a variety of technologies. To successfully combat these attacks, you need a dynamic, multi-layered security solution. DDoS Network Security protects from both known and zero day attacks with very low latency. It’s easy to deploy and manage, and includes comprehensive reporting and analysis tools. DDoS Network Security Protection includes 100% security processor (SPU-based Layer-3, Layer-4, and Layer-7 DDoS Network Security protection application-aware traffic management, behavior-based DDoS protection to eliminate need for signature files, minimal false-positive detections through continuous threat evaluation, ability to monitor hundreds of thousands of parameters simultaneously, defense against every DDoS attack: bulk volumetric, Layer-7 application, and SSL/HTTPS, and attack protection for DNS services via specialized tools.
DDoS attacks are some of the oldest of Internet threats. Despite that, due their simplicity and effectiveness, they continue to be a top risk for public services around the world. As protections have evolved, the technology used by hackers has adapted and become much more sophisticated. New attack types now target applications and services, and not only are bulk Layer-3 and Layer-4 DDoS events becoming more sophisticated but many times they are masked in apparently legitimate traffic, or combined in unique new “zero day” attacks, making it very difficult to detect them. State-of-the-art technology must rely on Application Specific Integrated Circuits (ASICs), inline symmetric or asymmetric deployments, a wide-spectrum of analysis methods covering from Layer-2 (Data-Link layer) to Layer-7 (Application layer) of the OSI model, and why this must be done with high-performance, hardware-based architectures.
DDoS Network Security — Application Security
DDoS Network Security is a key component of our Application Security solution. Learn how it and other components deliver a complete, end-to-end solution to protect hosted applications from attack. Web applications and email systems have long been favorite targets of hackers. Because they have access to valuable information and they are relatively easy to exploit. A successful attack can result in a variety of devastating consequences. Including financial loss, damage to brand reputation, and loss of customer trust. Most organizations do not recover from a major security breach, making it absolutely critical to protect your users and customers from threats that target applications and email systems. Our Data Center Application Security solution consists of a robust and integrated set of products to protect against these attacks. We deliver a complete solution with the proven performance and security effectiveness to meet the increasing demands of today’s data centers.
SSL-Based Attacks use SSL-based encryption methods to hide the content of the attack packets. Additionally, the encryption methods employed will often mean that there are far fewer resources available that need to be exhausted. Most signature-based solutions require decryption of the traffic to perform matching against known attack profiles. With a behavioral system, these attacks are detected without decryption as they will cause a change in behavior. This change can then be compared with normal behavior and an understanding of the resources available. When the relevant resources become threatened, DDoS Network Security responds to the attack with the correct mitigation. DNS-based attacks target root, TLD, Authoritative and Recursive DNS servers. Enterprises and Carriers that host DNS servers are at risk from DDoS attacks that specifically target these resources by exploiting weaknesses in the way DNS servers handle requests and traffic.
Flexible Defense Mechanisms
Bulk Volumetric Attacks were the first DDoS attack types and continue to pose significant threats today. While ISPs may prevent simple attacks of this type. The attacks are increasingly used to mask more complex application-level attack methods. The easiest way to deal with these types of threats is to simply block all abnormal traffic until the attack stops. The FortiDDoS IP Reputation scoring system continues to let “good” traffic in while mitigating Source IP addresses that are causing the problem. This process not only provides the protection you need. But also minimizes the effects of a “false positive” match from halting good client traffic. Layer-7 Targeted Attacks are a fast-growing source of DDoS attacks. They attempt to exploit vulnerabilities within a service or within a server to exhaust its resources rendering it unavailable. As these types of attacks require considerably less bandwidth to deny service, they are more difficult to detect and regularly pass from ISPs directly to your network.
DDoS Network Security