Showing posts with label DDoS. Show all posts
Showing posts with label DDoS. Show all posts

Tuesday, November 25, 2014

A10 Networks Adds Advanced DDoS Mitigation

A10 Networks introduced new advanced DDoS mitigation capabilities for its Thunder TPS platform.

The new functionality blocks additional attacks such as the recent POODLE attack, and provides advanced rate-limiting for granular Layer 4-7 control to enable mitigation.  The company said its Thunder TPS Release 3.1 includes comprehensive detection capabilities with access to over 400 global, destination-specific and behavioral counters, to eliminate false positives. These granular forensics protect applications and networks while they remain highly available. Significant visibility enhancements expose enhanced traffic details to provide a comprehensive understanding of regular and anomalous traffic patterns. The enhanced easy-to-use GUI provides dashboard, incident and rich report views, which can be analyzed to improve any DDoS protection strategy.

"Network and security staff will greatly benefit from the new mitigation and visibility options provided by Thunder TPS 3.1. More detailed threat analysis and updated tools help to combat the impact of DDoS attacks by preventing damage to critical online resources and the bottom line," said Raj Jalan, CTO of A10 Networks. "With these enhancements, A10 Networks sets the stage to provide additional correlated analytics and ease of administration, including centralized management and automatic traffic baselining features in the near future."

http://www.a10networks.com/news/pr.php?id=1903525

Tuesday, October 21, 2014

Arbor Networks Defends Against Fast Flood DDoS attacks

The latest release of Arbor Networks' Peakflow distributed denial-of-service (DDoS) platform can now detect Fast Flood DDoS attacks in as little as one second and initiate mitigation in less than thirty seconds.

The Peakflow platform includes two main components, Peakflow and the Peakflow Threat Management System. Peakflow combines network-wide anomaly detection and traffic engineering with the Peakflow Threat Management System’s carrier-class threat management, which automatically detects and surgically removes only attack traffic, while maintaining other business traffic. With the ability to mitigate only the attack traffic, customer-facing services remain available while providers actively mitigate attacks. The Peakflow platform also powers many of the world's leading cloud-based DDoS managed security services.

The Peakflow Threat Management System now includes an optional on-box SSL acceleration card to deliver an integrated, one-appliance solution to inspect encrypted traffic for DDoS threats. DDoS attacks are blocked in real time as normal traffic passes uninterrupted – all without forcing changes to existing network and application infrastructure.

Arbor noted that through the end of the third quarter, more than 130 attacks larger than 100Gbps have occurred, a dramatic spike in the frequency of volumetric attacks compared to previous quarters.

“The majority of the world’s service providers rely on the Peakflow platform for network intelligence and DDoS protection. More than sixty providers utilize the Peakflow platform to also offer DDoS managed services to their customers. Our continued innovation in the area of DDoS attack detection and mitigation has duel benefits for our service provider customers, helping protect their own infrastructure while also improving their ability to deliver DDoS managed security offerings,” said Arbor Networks President, Matthew Moynahan.

http://arbornetworks.com

Sunday, October 19, 2014

NSFOCUS Unveils Anti-DDoS for Hosting SPs and Data Centers

NSFOCUS has launched an active DDoS attack mitigation appliance that defends against both known and unknown attacks and is specifically designed for hosting service providers, Internet data centers (IDCs), telecom carriers and managed security service providers (MSSPs).

The ADS 8000 boasts up to 40 Gbps of mitigation capacity with a single unit and provides hundreds of Gbps of larger scalable mitigation capacity via simple cluster deployment.

NSFOCUS said it is able to counter DDoS threats with up-to-the-minute behavior statistics, reputation mechanisms and mitigation algorithms targeted at new botnet-based DDoS attacks, providing a more granular and precise DDoS mitigation.


Tuesday, September 23, 2014

High-Intensity, Short Duration DDoS Attacks Rise in Frequency

The majority of DDoS attacks are short in duration and repeated frequently, according to a newly issued 2014 Mid-Year Threat Report from NSFOCUS, which specializes in distributed denial of service (DDoS) mitigation solutions.

However, the number of high-volume and high-rate DDoS attacks continued to rise in the first half of 2014 as well.  The report drew on statistical analysis of actual DDoS attacks.

Some of the key findings from the report include:

  • Attacks continue to be short in duration with repeated frequency: More than 90 percent of attacks detected lasted less than 30 minutes. This ongoing trend indicates that latency-sensitive websites, such as online gaming, eCommerce and hosting service should be prepared to implement security solutions that support rapid response.
  • High-rate, high-volume attacks increased: DDoS traffic volume was up overall with a third peaking at over 500Mbps and more than five percent reaching up to 4Gbps. In addition, findings showed that over 50% DDoS attacks were above 0.2Mpps in the first half of 2014, increasing from around 16%. And over 2% of DDoS attacks were launched at a rate of over 3.2Mpps.
  • Top three DDoS attack methods revealed: HTTP Flood, TCP Flood and DNS Flood were the top three attack types, together making up 84.6 percent of all attacks. DNS Flood attacks held their place as the most popular attack method, accounting for 42 percent of all attacks. While the number of DNS and HTTP Flood attacks decreased, TCP Flood attacks grew substantially.
  • Increase in ISPs, enterprises and online gaming targets: Attacks targeting ISPs increased by 87.2 percent, enterprises by 100.5 percent and online gaming by 60 percent.
  • Longest, largest and highest-frequency attacks: The longest single attack lasted nine days and 11 hours, or 228 hours, while the single largest attack in terms of packet-per-second (pps) hit at a volume of 23 million pps. More than 42 percent of attack victims were targeted multiple times while one in every 40 victims was repeatedly hit more than 10 times. The highest frequency of attacks experienced by a single victim was 68 separate DDoS attacks.


“NSFOCUS has maintained a continuous review of DDoS attacks over recent years, and we have observed that the trends constantly change as attacks morph and hacker behavior evolves. To stay ahead of these trends, we strongly encourage our customers to take a defensive approach in identifying and mitigating these threats before they happen,” stated Terence Chong, Solutions Architect, NSFOCUS.

http://www.nsfocus.com

Thursday, July 17, 2014

Juniper Tunes its DDoS Protection for Upstream Mitigation

Juniper Networks announced a set of improvements to its Juniper DDoS Secure solution to provide tighter integration into routing and service provider infrastructures with BGP Flowspec and GPRS Tunneling Protocol (GTP) protocols.  The goal is to enable new forms of protection that can more effectively and efficiently mitigate a variety of DDoS attacks without restricting or impacting normal service.

Highlights of the announcement include:

Upstream Attack Mitigation

  • DDoS Secure provides distributed enforcement at the network boundary that protects the edge equipment and the resources behind it from becoming overwhelmed, especially with larger and more challenging volumetric attacks.
  • The solution scales DDoS mitigation by extending enforcement upstream to Juniper's MX at the edge, border or closest to the attack source, allowing only clean traffic to enter the network.
  • As DDoS Secure continuously monitors inbound and outbound traffic, it can determine if a high-volume DDoS attack is underway and subsequently communicate with the MX router by publishing Flowspec rules to block the malicious traffic upstream.
  • Flowspec provides the ability to take enforcement actions such as source-based black hole filtering to drop malicious packets or redirecting traffic to select network points for mitigation.

Accurate Enforcement on Mobile Networks with GTP Network Protocol Unwrap

  • New capabilities protect against the growing problem that service providers face in detecting and mitigating malicious traffic originating from botnets exploiting users' devices.
  • The ability to inspect different network protocols becomes a key enabler in identifying legitimate traffic.
  • DDoS Secure provides visibility into malicious and/or errant mobile devices, identifying both User Equipment (UE) to UE and UE to Internet traffic.
  • DDoS Secure's ability to inspect GTP packets and identify malicious endpoints allows service providers to enforce mitigation, maintain performance and protect their Radio Access Network (RAN) bandwidth.
  • The new GTP packet unwrap capability allows DDoS Secure to identify inside-out bot attacks originating in the mobile service provider's access network. Botnet malware that enters mobile devices from home, at work or in the macro RAN can degrade legitimate user experience and also consume valuable mobile bandwidth. 

DNS Inside-Out Attack Protection

  • DDoS Secure protects the core DNS infrastructure from participating in DNS amplification and reflection attacks that are difficult to detect and can have disastrous effects on network availability.
  • In these attacks, the DNS server can become the victim of a DNS attack or can be used to launch a DNS amplification attack on another server.
  • DDoS Secure applies heuristics-based intelligence to automatically mitigate these attacks by black listing and rate limiting certain DNS requests. The solution can also generate a BGP Flowspec rule, allowing attack traffic to be blocked upstream at the MX. 

http://newsroom.juniper.net/press-releases/juniper-networks-delivers-the-first-holistic-distr-nyse-jnpr-1131859

Wednesday, July 16, 2014

A10 Adds Application Networking Appliances for Policy Enforcement

A10 Networks introduced a new line of high-speed, high-capacity application networking appliances that leverage specialized hardware to perform security and policy enforcement at ultra high speeds, including protection against large-scale DDoS attacks, without impacting system performance.

The new Thunder SPE appliances leverage A10's new Security and Policy Engine (SPE) to implement security and policy enforcement functions at up to 155 Gbps.  The company claims up to a 40 percent processing performance boost relative to current systems. All models are dual power supply-capable, feature solid-state drives (SSDs) and can be configured with 1 Gbps, 10 Gbps and 40 Gbps port options. Thunder SPE appliances start at $164,000.

A10 said the new appliances are particularly adept at dealing with volumetric DDoS attacks. Recently, the frequency and volume of DDoS attacks has risen dramatically, resulting in costly network and service outages.

"Threat detection and mitigation are rapidly becoming a performance game, where the sophistication and volume of attacks are specifically designed to overwhelm lesser performing network devices, thus rendering a provider's network infrastructure and applications vulnerable to downtime and further threats," said Jason Matlof, A10 Networks vice president of marketing. "With leading high-performance hardware systems, A10 is able to offer protection against aggressive attacks to customers in the most challenging threat environments."

A10 also announced integrated DDoS protection capabilities for its Thunder CGN product line.

http://www.a10networks.com

Tuesday, July 15, 2014

Arbor: DDoS Attacks Regularly Top 100 Gbps

Distributed Denial of Service (DDoS) attacks are now regularly exceeding the 100 Gbps threshold and have been measured at up to 325 Gbps, according to Arbor Networks. There were 72 attacks measured at over 100 Gbps in Q1, however the number dropped to 39 attacks at this level for Q2.

“Following on from the storm of NTP reflection attacks in Q1 volumetric DDoS attacks continued to be a problem well into the second quarter, with an unprecedented 100 attacks over 100GB/sec reported so far this year. We’ve also already seen more than twice the number of attacks over 20GB/sec than we saw in the whole of last year,” said Arbor Networks Director of Solutions Architects Darren Anstee. “The frequency of very large attacks continues to be an issue, and organizations should take an integrated, multi-layered approach to protection. Even organizations with significant amounts of Internet connectivity can now see that capacity exhausted relatively easily by the attacks that are going on out there.”

Some highlights from the Arbor study:

  • 1H 2014 saw the most volumetric DDoS attacks ever, with more than 100 events over 100GB/sec reported so far this year
  • At the mid-point of 2014, 2x the number of events over 20GB/sec have been reported, as compared to all of 2013
  • The largest reported attack in Q2 was 154.69GB/sec, down 101% from Q1 2014. This was an NTP reflection attack targeting a destination in Spain.
  • NTP reflection attacks are still significant, but size and scope is down versus Q1 2014. Average NTP traffic volumes are falling back globally, but still not back to the levels of November 2013 (pre the start of NTP attack proliferation)
  • Q2 2014 saw fewer very large attacks – with average attack size down by 47% compared to Q1 2014

http://www.arbornetworks.com

Tuesday, June 17, 2014

Infonetics: DDoS Appliance Sales Topped $348 Million Last Year

The worldwide DDoS prevention appliance market closed 2013 strong, reaching $348 million in revenue, an increase of 26% from the prior year, according to a new report from Infonetics Research. However, 1Q14 revenue was flat sequentially, totaling $91.5 million.

Some highlights:

  • North America comprised the majority of DDoS prevention appliance revenue in 1Q14, followed by EMEA, Asia Pacific, and the Caribbean and Latin America (CALA)
  • Consolidation and new product announcements continue, with F5 picking up cloud provider Defense.net, and ADC vendor A10 launching a new line of DDoS mitigation appliances
  • The data center and mobile DDoS prevention segments are projected to maintain healthy double-digit CAGRs from 2013–2018
  • Software-defined networking (SDN) and network functions virtualization (NFV) are pervasive trends in network and telecom infrastructure, and they will eventually touch all areas of security, including DDoS mitigation.

“Buyers need protection from a new wave of sophisticated application layer attacks and massive amplification attacks, and we're seeing renewed focus on DDoS mitigation from a wide range of established data center and security players like Check Point, Fortinet, Juniper, F5, and Huawei,” notes Jeff Wilson, principal analyst for security at Infonetics Research. “Arbor Networks maintains a strong leadership position in the DDoS mitigation space despite having a wide range of challengers, from focused product vendors in adjacent markets to large established networking and security vendors.”

http://www.infonetics.com

Thursday, May 22, 2014

F5 Networks Acquires Defense.Net for DDos Mitigation Service

F5 Networks (has acquired Defense.Net, Inc., a privately-held provider of cloud-based security services for protecting data centers and Internet applications from distributed denial-of-service (DDoS) attacks. Financial terms were not disclosed.

Defense.Net was founded by Barrett Lyon, one of the pioneers of DDoS mitigation.  The company operates a massive, cloud-based service designed to absorb even the largest DDoS attacks. The Defense.Net network supports multiple protocols and provides features for remediation and control to safeguard customers from unforeseen threat vectors, while maintaining application performance.

F5 said Defense.Net’s high-capacity cloud service is complementary to its own on-premise DDoS Protection capabilities. The advanced technologies and operational experience shared between the two companies will expand F5’s portfolio of security solutions for defense against Internet-based DDoS attacks on networks, data centers, and applications.

“F5’s DDoS product engineering shows a comparable focus on scale and performance to how Defense.Net has built its mitigation capability in the cloud,” said Barrett Lyon, Founder and CTO of Defense.Net. “Customers of all sizes will be able to ensure that business-critical applications and networks are protected and available under the most demanding conditions regardless of the volume, type, or source of DDoS attack. Wherever it makes the most sense to stop an attack, F5 will provide the customer with the right defense.”

http://www.defense.net/
http://www.f5.com


  • Defense.Net is based in Belmont, California.  It has data centers in San Jose, California and Ashburn, Virginia.

Wednesday, March 12, 2014

Prolexic: High-Bandwidth NTP Amplification DDoS Attacks up 371% in 30 days

Prolexic Technologies, a division of Akamai that specialize in Distributed Denial of Service (DDoS) protection services, issued a high alert threat advisory on NTP amplification DDoS attacks.

Due to the availability of new DDoS toolkits that make it simple to generate high-bandwidth, high-volume attacks with just a handful of servers, Prolexic has seen a surge in this attack method. With the current batch of NTP amplification attack toolkits, malicious actors could launch 100 Gbps attacks - or larger - by leveraging just a few vulnerable NTP servers.

Some highlights of the threat advisory -- in just one month (February 2014 vs. January 2014):

  • The number of NTP amplification attacks increased 371.43 percent
  • Average peak DDoS attack bandwidth increased 217.97 percent
  • The average peak DDoS attack volume increased 807.48 percent

"During the month of February, we saw the use of NTP amplification attacks surge 371 percent against our client base," said Stuart Scholly, SVP/GM Security, Akamai Technologies. "In fact, the largest attacks we've seen on our network this year have all been NTP amplification attacks."

http://www.prolexic.com/


In December 2013, Akamai agreed to acquire Prolexic, a start-up based in Hollywood, Florida, for a net cash payment of approximately $370 million.

Prolexic offers a FIPS 140-2 SSL/TLS Layer 7 DDoS detection, monitoring and analysis solution for protecting data centers and enterprise IP applications from attacks.  Prolexic operates a DDoS "scrubbing center" in Ashburn, Virginia and San Jose, California as well as other facilities in London and Hong Kong.  The company says its solution was used to mitigate the largest Gbps attack faced to date (167 Gbps), as well as the world’s most powerful attack campaign (144 million packets per second). Its customers include some of the world’s largest banks and the leading companies in e-Commerce, SaaS, payment processing, travel/hospitality, gaming, energy and other at-risk industries. The company has previously disclosed global partnerships with HP, Level 3, BT, NTT and Datacraft.

Monday, December 2, 2013

Akamai to Acquire Prolexic for Cloud-based DDoS Control

Akamai agreed to acquire Prolexic, a start-up based in Hollywood, Florida, for a net cash payment of approximately $370 million.

Prolexic offers a FIPS 140-2 SSL/TLS Layer 7 DDoS detection, monitoring and analysis solution for protecting data centers and enterprise IP applications from attacks.  Prolexic operates a DDoS "scrubbing center" in Ashburn, Virginia and San Jose, California as well as other facilities in London and Hong Kong.  The company says its solution was used to mitigate the largest Gbps attack faced to date (167 Gbps), as well as the world’s most powerful attack campaign (144 million packets per second). Its customers include some of the world’s largest banks and the leading companies in e-Commerce, SaaS, payment processing, travel/hospitality, gaming, energy and other at-risk industries. The company has previously disclosed global partnerships with HP, Level 3, BT, NTT and Datacraft.

"By joining forces with Prolexic, we intend to combine Akamai’s leading security and performance platform with Prolexic’s highly-regarded DDoS mitigation solutions for data center and enterprise applications protection. We believe that Prolexic’s solutions and team will help us achieve our goal of making the Internet fast, reliable, and secure," stated Tom Leighton, CEO of Akamai.

http://www.akamai.com/html/about/press/releases/2013/press_120213.html
http://www.prolexic.com


  • In July 2013, Prolexic closed a US$30 million Series C funding round led by new investors Trident Capital and Intel Capital. Prolexic’s existing shareholders include Kennet Partners, Camden Partners and Medina Capital.  The company said it planned to use the new funding to expand its worldwide scrubbing center footprint, increasing the capacity of its cloud-based DDoS mitigation platform beyond 1 Tbps, and to develop new cloud-based security services. 
  • Prolexic is headed by Scott Hammack, who previously served as CEO of e-dmz, which was acquired by Quest Software in 2011. Previously, he has served as CEO of Cyberguard Corporation, which was acquired by Secure Computing in 2004, and CEO of MasterChart, Inc., which was purchased by Allscripts in 2001.
  • Prolexic was founded in 2003.


Wednesday, June 5, 2013

Juniper Announces Data Center DDoS Solution

Juniper Networks announced Junos DDoS Secure for protecting data centers against increasingly complex Distributed Denial of Service (DDoS) attacks.

Juniper said its Junos DDoS Secure provides the granular visibility and control of network traffic needed for fully automated DDoS protection against "low-and-slow" application attacks and against volumetric attacks of up to 10 Gbps.  By continually monitoring and logging all inbound and outbound Web traffic using its unique behavioral algorithm, Junos DDoS Secure learns which IP addresses can be trusted. The algorithm is able to detect unusual activity coming from a user and then intelligently respond in real time by dropping suspect or noncompliant traffic as soon as the optimum performance from critical resources begins to degrade.

Further, using advanced dynamic distributed threat intelligence (DDTI) techniques, Junos DDoS Secure also ensures that when a threat is detected at one gateway, within seconds, all the other Junos DDoS Secure appliances on the network.

http://newsroom.juniper.net/press-releases/juniper-networks-announces-availability-of-compreh-nyse-jnpr-1023239

Friday, April 19, 2013

tw telecom Introduces DDoS Scrubbing Service


tw telecom introduced a DDoS Scrubbing service designed to protect customer networks during a denial of service attack.

DDoS Scrubbing filters out malicious traffic while allowing good data to flow through the network during an attack. The data inspection and DoS protection is enabled across tw telecom's nationwide network.

"Our DDoS Scrubbing service offers granular traffic management, which protects customer network resources so they can continue to operate at high levels of quality without impeding network performance," said Trent Pham, Director of Security Product Portfolio at tw telecom.

http://www.twtelecom.com

Monday, July 9, 2012

Infonetics: Demand for DDoS Prevention Solutions is Hot

 Sustained DDoS activity will drive the market for DDoS prevention appliances to 24% growth in 2012 over 2011, according to a new report from Infonetics.

“While the market for dedicated DDoS prevention solutions remains strong, going forward the overall performance of the market and the vendors in it will be challenged by the widening availability of hosted/SaaS solutions and new integrated security platforms that include DDoS prevention as a feature,” notes Jeff Wilson, principal analyst for security at Infonetics Research.
“Arbor Networks and Alcatel-Lucent recently announced a combined offering that couples Alcatel-Lucent routers and a specialized DDoS mitigation blade from Arbor. And F5 recently launched a specialized data center firewall product based on its BigIP traffic management platform, with DDoS prevention as a cornerstone feature.”

Some highlights:

  • The data center segment of the DDoS prevention market is growing fast and is expected to pass the carrier transport segment by the end of 2012.
  • Arbor Networks, the largest vendor in the DDoS prevention appliance market, maintains a commanding overall lead with nearly 3/5 of global revenue, although Radware is challenging in the government network segment.
  • Combined, all segments of the DDoS prevention market—data center, carrier transport, mobile, and government—are forecast by Infonetics to top $420 million by 2016.
  •  
  • Mobile networks will see the strongest growth in the DDoS prevention market, with a 30% CAGR over the 5 years between 2011 and 2016.
http://www.infonetics.com