Integrated System Gives Service Providers Full-Spectrum Volumetric, Network and Application DDoS Protection
A10 Networks announced A10 One-DDoS Protection, featuring software enhancements to its high-performance appliances to enable unmatched defense against distributed denial of service (DDoS) attacks.
A10 Networks One-DDoS Protection utilizes machine learning to automate the challenges of protected service discovery, peacetime traffic learning, detection threshold setting and fast mitigation response. Now, service providers can have a cost-effective, reactive DDoS defense topology with flow-based detection at the edge of the network and enable high resolution packet-based detection closer to the targeted critical services and applications. This proximity allows context to be applied to thwart sophisticated network or application assaults against their critical applications and services.
A10 One-DDoS Protection is available on A10 Thunder ADC (Application Delivery Controller), CGN (Carrier Grade Networking) and CFW (Converged Firewall) product lines with orchestrated attack scrubbing on Thunder TPS (Threat Protection System), providing a layered approach for full-spectrum volumetric, network and application DDoS protection.
Tactics for DDoS attacks are moving beyond just using request floods designed to bombard and overwhelm infrastructure to include low-bandwidth attacks that target the network or application layer of service provider services and their subscribers. These “low and slow” tactics are generally not detected until well into the attack progression and often enable threat actors to successfully disrupt the targeted service.
A recent Verisign report estimated that 82% of DDoS attacks in Q4 2017 were multi-vector as opposed to using a single vector of attack. At the same time, volumetric attacks are becoming larger, exceeding peaks 1.7 terabits per second. Service providers must move beyond just flow detection to be able to detect and defend against all types of attacks
“The DDoS landscape has changed and continues to evolve in potency and sophistication,” said Raj Jalan, CTO, A10 Networks. “The A10 Networks One-DDoS Protection enables service providers to defend against a full range of attacks with an integrated fabric of protection to help deny attackers the ability to disrupt or penetrate networks.”
In addition to ensuring uptime and protecting customers, service providers are looking for ways to monetize DDoS defense investments by providing clean pipe services to their business customers. These services require granular controls for each individual business subscriber and must scale to tens of thousands, and in some cases millions, of businesses. To scale these legacy systems, service providers must purchase expensive and complex arrays of appliances. Unlike legacy approaches, the A10 Networks One-DDoS Protection solution scales to hundreds of thousands of monitored entities out-of-the-box from a single appliance.
Legacy DDoS defenses also require frontline operators to have extensive knowledge about downstream subscribers and the internally offered services that are exposed to DDoS threats. In an increasingly dynamic IT environment, this can be an expensive and unsustainable practice, and it is further exacerbated by a shortage of skilled personnel. In contrast, the A10 Networks One-DDoS Protection solution utilizes machine learning to automatically learn about and understand downstream infrastructure and their services, creating a highly scalable, cost-effective model for serving customers.
The distributed detection also helps organizations achieve the common goal of protecting services while overcoming organizational silo ownership issues. For example, the application teams and CGN teams may continue to provision and manage their ADC and CGNAT systems as usual without needing any training on DDoS attacks and mitigation procedures. A10 One-DDoS Protection works transparently in the background enabling automatic signaling of identified DDoS attacks and intelligent invocation of DDoS defense when needed. The DDoS defense system and protection policies remain under the ownership of the security team where the required DDoS expertise and up-to-date knowledge already reside.