Through a technology partnership with Cisco, TMS technology is an available option as ASR 9000 vDDoS Protection on Cisco’s Virtualized Services Module (VSM) for the Cisco Aggregation Services Router (ASR) 9000 Series of Routers. With up to 40 Gbps of intelligent mitigation capacity and Tbps of Openflow enabled blacklisting, the ASR 9000 virtual distributed denial of service solution protects the edges of your network and serves as a powerful line of defense in a multi-tier defense strategy. The ASR 9000 is Cisco’s best in class router and does not require additional rackspace, power, cooling, ports or wiring. It eliminates the need to backhaul attack traffic over the backbone network.
Beyond the democratization of DDoS are the advancements in attack techniques and targets. A DDoS attack today is in fact a series of attacks that target not just connection bandwidth, but multiple devices that make up your existing security infrastructure, such as Firewall/IPS devices, as well as a wide variety of applications that the business relies on, like HTTP, HTTPS, VoIP, DNS and SMTP.
DDoS attacks will generally fall into one of three categories:
Volumetric DDoS Attacks
Attempt to consume the bandwidth either within the target network/service, or between the target network/service and the rest of the Internet.
TCP State-Exhaustion DDoS Attacks
This type of DDoS attack attempts to consume the connection state tables which are present in many infrastructure components such as load-balancers, firewalls and the application servers themselves.
Application Layer DDoS Attacks
This is the most deadly kind of DDoS attack. It can be very effective with as few as one attacking machine generating a low traffic rate (this makes these attacks very difficult to proactively detect and mitigate).
Arbor provides the industry’s most comprehensive suite of DDoS attack protection products and services for the Enterprise, Cloud / Hosting and Service Provider markets. Whether it be fully managed DDoS protection services; virtual, in-cloud or on-premise DDoS mitigation appliances; or embedded DDoS solutions within existing Cisco ASR 9000 routers, Arbor has the deployment model, scalability and pricing flexibility to meet the DDoS protection needs of any organization operating online today.
When you’re under attack, every second counts. Time to mitigation is critical for service providers because Fast Flood attacks can ramp up to multi-hundred gigabits in size in a matter of seconds, and have the potential to cause significant collateral damage across a provider network. In 2014, the DDoS landscape has been dominated by these very large attacks that leverage reflection/amplification capabilities within such network elements as DNS, NTP and more recently Simple Service Discovery Protocol (SSDP). Through the end of the third quarter, Arbor has seen more than 130 attacks larger than 100Gbps, a dramatic spike in the frequency of volumetric attacks compared to previous quarters.
The majority of the world’s service providers rely on the Peakflow platform for network intelligence and DDoS protection. More than sixty providers utilize the Peakflow platform to also offer DDoS managed services to their customers. Our continued innovation in the area of DDoS attack detection and mitigation has duel benefits for our service provider customers, helping protect their own infrastructure while also improving their ability to deliver DDoS managed security offerings.