ddos mitigation - defensepro - radware
TRANSCRIPT
Radware’s New Attack Mitigation Platform (DefensePro x4420)Deivid [email protected] Services
25 de Setembro 2015
Current Trends
The Rise of the Continuous Attack
Longer, larger and more sophisticated attacks. Constant attacks on the rise.
In previous years - attacks that were considered “constant” never exceeded 6%
In 2014 - 19% were considered “constant”
Attack size also increases – 1 of 7 attacks larger than 10G in 2014.
Less than a day
1 hour-1 day 1 day-1 week over a week Constantly%
500%
1000%
1500%
2000%
2500%
3000%
3500%
4000%2011 2012 2013 2014
In 2014, 19% of attacks were considered “constant”
No One is Immune – Unexpected Targets
Threats in new industries, organizational sizes and technology deployments
Healthcare and Education – unexpected targets now at risk
Gaming, Hosting and ISP companies – increased likelihood
2014 Change from 2013
4
Reflective Attacks – the Largest DDoS Headache
Attacks evenly split across network and application layers
Web-based attacks remain the single most common attack vector
– 1 in every 4 are HTTPS
Increase reflective attacks cause UDP attacks to increase
– From 7% in 2013 to 16% in 2014
Reflective attacks represent 2014’s single largest DDoS “headache”
10%
16%
6%
18%
Network 51%
TCP- Other UDP
IPv6 1% TCP-SYN Flood
ICMP
9%
23%
16%
Application 49%
VoIP 1% Web (HTTP/HTTPS)
SMTP DNS
Complexity of Attacks Continues to GrowMulti-vector attacks target all layers of the infrastructure
IPS/IDS
“Low & Slow” DoS attacks (e.g.Sockstress)
Large volume network flood attacks
Syn Floods
Network Scan
HTTP Floods
SSL Floods App Misuse
Brute Force
Cloud DDoS protection DoS protection Behavioral analysis IPS WAF SSL protection
Internet Pipe Firewall Load Balancer/ADC Server Under Attack SQL Server
6
The Need: High Performance with Comprehensive Protection
Protection from both sophisticated and volumetric attacks.
Carriers and cloud providers
- Need to support a growing number of customers with increased complexity and capacity.
- Require high end devices that can handle growth and scale (mitigation, bandwidth, complexity and number of served customers).
Current competitor offerings today require to chose between high performance and attack mitigation coverage/quality
7
Platform OfferingDefensePro x4420
Radware’s New Attack Mitigation Platform
Widest range of protections at high mitigation capacity, including UDP reflection attacks, fragmented and out-of-stack floods
Up to 300Gbps throughput inspection while allowing customers to enjoy the widest range of simultaneous cyber-attack protection in the industry
230M PPS anti-DDoS along with best-in-class DNS, SIP, SMTP, HTTPS, and other application protections
Commercial grade out-of-the-box compliance and customer tenancy managing over 1,000 policies in a secure Role-Based Access control format
First dedicated attack mitigation platform to offer 100G interfaces
No compromise: High performance + High mitigation capacity + Widest protection
9
DefensePro x4420 - Technical Highlights
Total throughput up to 300G - Legit traffic throughput up to 160G- BW license 50G/100G/160G
High port density (with any port type support)- 4x100G (QSFP28) - 4 x 40GbE (QSFP+)- 20 x 1/10GbE (SFP+)
New ‘Performance’ mode - up to 230M Attack PPS (supports SYN protection, packet anomaly, BL/WL)Up to 1,000 active policiesSpace conservative - only 2U of rack space
DefensePro x4420
DefensePro Layers of Defense
Behavioral-based protections
DMEDDoS Mitigation Engine
(230M PPS)
L7 Regex Acceleration ASICMulti Purpose Multi Cores CPU’s
& Reputation Engine
Hardware Architecture – Tailored for Attack Mitigation
11
Multi Tenancies SupportSeparate processing capabilities per tenantRole based access control for management permissions per policyEach tenant can view and monitor only the resources that are relevant for themPersonalized, per tenant, historical reporting, dashboards and event management
12
DefensePro x4420 - Summary
Highest rate mitigation with widest coverage - up to 230M PPS
Any port connectivity - including 100G ports
Designed for multi tenancy (MSSP/Carriers/Cloud) - Up to 1000 policies
New scalable SW Architecture
Compact form factor – 2U only
Technical Specs
DefensePro x4420 Technical SpecificationFeatures DefensePro x4420DefensePro Model DP model 504420 – 50 Gbps
DP model 1004420 – 100 Gbps DP model 1604420 – 160 Gbps
Network Location Core NetworkHardware Platform OnDemand Switch HTPerformanceCapacity 300 GbpsMax Legit Throughput 160 GbpsMax Concurrent Sessions 25,000,000Maximum DDoS Flood Attack Prevention Rate
230,000,000 packets per second
Latency 60 micro seconds Real time signatures Detect and protect attacks in less than 18 secondsPhysical PortsTraffic Ports 4x 100 GbE QSFP28
4 x 40 GbE QSFP+20 x 10GbE SFP+
Management Ports 2 * 1 Gbe Copper, out of band RS-232 RJ-45 Serial Connection
16
DefensePro x4420 Technical Specification – Cont.Features DefensePro x4420Operation Mode
Network Operation Transparent L2 Forwarding, IP Forwarding
Deployment Modes In-line; SPAN Port Monitoring; local out-of-path; Out-of-path mitigation (scrubbing center solution)
Tunneling protocols support VLAN Tagging, L2TP, MPLS, GRE, GTP, IPinIP
IPv6 Full IPv6 support for detection and mitigation
Policy Action Block & Report, Report Only
Block Actions Drop packet, reset (source, destination, both), suspend (source, src port, destination, dest port or any combination), Challenge-Response for TCP, HTTP and DNS suspicious traffic
High Availability
Dual Power Supply Yes
Advanced internal overload mechanism
Yes
High Availability deployment - Active-Passive
Yes
17
DefensePro x4420 Technical Specification – Cont.Features DefensePro x4420Physical
Dimensions (W x D x H) mm 2U: 424x600x88 mmEIA Rack or Standalone: 482 mm (19 in)
Weight (kg, lb) 18.7Kg
Power Supply Auto-range supply:AC: 100-240 V, 47-63 HzDC: -36~-72 VDual power supply (AC/DC)
Power Consumption 890W
Heat Dissipation (BTU/h) 2930 BTU/hr
Operating Temperature 0-40°C (32-104°F)
Humidity (non-condensing) Humidity: 5% to 95% non-condensing
Certifications Safety: CE LVD( EN 60950-1), CB - IEC 60950-1, CCC, cTUVus, C-TickEMC: CE EMC (EU directive 2004/108/EC), FCC Part 15B Class A, ICES-003, VCCIRoHS Compliant (EU directive 2011/65/EC)
18