Posted by: Tony Bradley
Arbor Networks, DDoS
Arbor Networks, today introduced a new version of its Pravail Availability Protection System (APS) which protects enterprise networks from availability threats — specifically, application-layer distributed denial of service (DDoS) attacks. In addition to enhanced visibility, control and reporting, Pravail APS v.2.5 includes enhanced protections for critical services such as SSL and content delivery networks.
According to a recent report from Infonetics Research titled, DDoS Prevention Appliance Market Outlook, Arbor Networks was cited as “the dominant leader for DDoS prevention” overall as well as in the Carrier Transport and Wired Broadband, Enterprise Data Center and Mobile market segment.
Arbor Networks understands that enterprise networks are exposed to a growing variety of DDoS attacks ranging from flood attacks to smaller, more difficult to detect application-layer attacks that target email, web services, e-commerce and Voice over IP (VoIP). Attacks are becoming more sophisticated yet easier to perpetrate. As a result, enterprise network operators around the world are experiencing outages due to DDoS more frequently and with more severe consequences to their businesses than ever before.
“In the Pravail APS, Arbor’s taken our carrier-class DDoS attack identification and mitigation technology and put it in a purpose-built solution for the enterprise data center. In today’s complex threat landscape, application-layer attacks must be dealt with at the network perimeter, before they overwhelm existing security devices like Firewalls and IPS and certainly before they impact critical services like SSL,” said Arbor Networks President Colin Doherty.
Global Threat Intelligence and Automatic Updates
Anonymized traffic data from 100+ customer networks plus a global honeypot sensor network form the core of Arbor Networks ATLAS Internet monitoring system, which powers all Arbor Networks solutions including Pravail APS. ATLAS data enables Arbor Security Engineering & Response Team (ASERT) to develop a globally-scoped view of malicious traffic traversing the backbone networks that form the Internet’s core. When a new botnet or application-layer attack is detected, an attack signature is created, distributed via the ATLAS Intelligence Feed (AIF) and installed in Arbor’s Pravail APS product.
The AIF enables enterprise IT teams to leverage the global threat intelligence of the ATLAS data set together with the daily threat analysis of Arbor’s researchers, saving significant time by eliminating the need to manually update the latest attack detection signatures. Most importantly, this integrated, automated threat intelligence enables customers to quickly stop DDoS attacks before they impact critical business services.
SSL Protocol Attack Protection
Today, Secure Sockets Layer (SSL) provides the necessary security and encryption for enterprises and their customers to safeguard sensitive transactions and email over the Internet. As enterprises increasingly rely on SSL for their mission critical communications it becomes a more significant target for DDoS attacks. To ensure the availability of SSL-powered services, Arbor’s Pravail APS now delivers DDoS protections for SSL regardless of the application – HTTPS, POP3S, SMTPS, etc. Pravail APS blocks SSL DDoS attacks with ASERT-designed protections that guard against malformed traffic, attempts to continually renegotiate connections and other advanced attacks that aim to disrupt service availability.
CDN and Proxy Support
Traditionally, enterprises that employ CDNs and proxies have had limited options for availability protection because many DDoS mitigation solutions overly rely upon blacklisting of the attackers’ IP addresses. Because CDNs and proxies hide the IP address of clients, unsophisticated solutions would block all connections from the CDN or proxy – both legitimate traffic and attacking hosts – when a DDoS attack was identified. This mitigation approach essentially completes the attack for the attackers.
Pravail APS now supports CDNs and proxies to work within all enterprise environments without forcing a network re-design to accommodate availability protection. Arbor Networks relies on both global visibility and advanced security research to continually update its security content. The advanced anti-DDoS protections designed by ASERT enable Pravail APS to deliver effective availability protection with and without blacklists. Enterprises that rely on CDNs and proxies no longer have to sacrifice business needs for proven security.
Enhanced Visibility, Control and Reporting
Confidence in DDoS protection comes from viewing blocked attacks and service availability. Pravail APS v2.5 provides the user with confidence to deploy in-line by providing details on what specific hosts were blocked and why. The interface and reporting validates that valid traffic isn’t blocked and easily whitelist hosts that should not be blocked.