Recently, vendors have begun to tilt the cybercrime-vs-security solution balance back in favour of the good guys. The most advanced next-generation threat protection solutions provide high performance, network-wide protection against DDoS attacks and ensure service availability against a variety of volumetric, protocol, resource and other sophisticated application attacks. Their multi-level DDoS protection is aimed at dramatically improving service availability. They protect against multiple classes of attack vectors, including volumetric, protocol, resource and advanced application-layer attacks, which can be detected quickly and mitigated to prevent a service from becoming unavailable.
Advanced solutions allow a baseline of normal traffic to be established, so that traffic anomalies can be recognised quickly. In addition, customised actions can be taken against advanced application-layer (L7) attacks as needed with deep-packet inspection (DPI) scripting technology.
Most of all, the next-generation threat protection solutions are required to provide performance scalability to meet growing attack scale. With DDoS mitigation capacity ranging up to 155 Gbps, DDoS attacks can be handled effectively. The best of these solution are equipped with high-performance field programmable gate array (FPGA)-based flexible traffic acceleration technology that allows the immediate detection and mitigation of 30-plus common attack vectors in hardware (SYN cookies, for example) without impacting on core system general-purpose CPUs. More complex application-layer (L7) attacks (HTTP, SSL, DNS, etc.) are processed by the latest CPUs. Scaling can be maintained by distributing multi-vector detection and mitigation functions across optimal system resources to mitigate application-layer attacks such as Slowloris.
Next-generation technology can be integrated easily into network architectures of any size, and interact with custom or third-party detection solutions. Some also provide robust support for best-in-class third-party security service integration, and can be utilised in blacklists, whitelists and other rule sets.
To ensure that data centre resources remain available, high performance and sophisticated features are provided in the most efficient hardware form factors, to mitigate the largest and most complex DDoS attacks. The combination of high performance in a small form factor results in lower operating expenditure through significantly lower power usage, reduced rack space, and lower cooling requirements.
Hayato Koeda is Vice President, Asia Pacific Japan, at A10 Networks Inc.
Sign up for Computerworld eNewsletters.