NSFOCUS On-Premises Defenses
Comprehensive, Multi-Layered DDoS Protection
Today, Service Providers understand that a significant percentage of DDoS attacks targeting their customers can be defeated by anti-DDoS technology deployed within the providers network itself. Statistics demonstrate that nearly 50 percent of DDoS attacks observed are under 10Gbps in size, and last less than 30 minutes in duration. These attacks can easily be defended or mitigated by NSFOCUS On-Premises DDoS Defenses.
In order to defeat a DDoS attack against their customers, providers of all sizes must “detect” a DDoS attack first. Time-and-time again providers have been notified of DDoS attacks against their customers; however, without the proper detection technology in place, they had no ability to see the attack while in progress. DDoS defenses always begin with detection first. The most economical and effective way to detect DDoS attack traffic is to monitor xFlow data coming from the provider’s border, core, and/or edge routers.
Once a DDoS attack is detected by the provider, the most economical and effective way to protect customers is to divert both good and bad traffic for the IP address(s) under attack to out-of-path mitigation technology. This technology is located “within” the providers’ network itself. Once mitigation of the DDoS traffic is performed, legitimate traffic is re-injected back into the network for the entity under attack. This ensures that attack traffic is blocked and legitimate traffic continues to flow, without the use of null routes.
Once DDoS detection and mitigation have been addressed, a centralized management system is needed to control the overall solution. This system must allow service providers to implement multi-tenant configurations that control customer policies and rule sets, while providing real-time alerting, reporting, and analytics to the provider.
NSFOCUS provides a complete, on-premises anti-DDoS solution that provides detection, mitigation, and management as follows:
Network Traffic Analyzer (NTA) – Detects DDoS Attacks
NTA is a DDoS detection appliance that identifies attacks via traffic flow monitoring
Anti-DDoS System (ADS) – Mitigates DDoS Attacks
ADS is a DDoS mitigation appliance that removes unwanted, malicious traffic
Anti-DDoS System Manager (ADS-M) – Manages Complete Solution
ADS-M is a multi-tenant management system designed for providers. It provides centralized management of the ADS and NTA appliances as well as support for multiple, separate configuration and reporting domains for each customer. A web-based customer portal is also included.
The NTA monitors network activity by receiving and analyzing xFlow data from border, core and/or edge routers. It uses an innovative, multi-stage DDoS detection engine made up of several algorithms and other mechanisms to accurately identify DDoS traffic from other traffic streams. User can customize NTA alert plugins with specific signatures, in order to extend NTA detection capability. Also, NTA auto-learning feature provides machine learning threshold baseline, which can be adopted in different scenarios. In addition, the NTA can integrate with NSFOCUS Threat Intelligence (NTI) to query the reputation of the suspicious source IP. On the deployment, the NTA can be deployed as a stand-alone system that provides DDoS detection only and supports Remotely Triggered Black Hole (RTBH) functionality. Under large network traffic scenarios, NTA-FLB can manage and collect flow data from multiple detect points, thus implement high performance detection and flow reuse.
When an ADS is added to the deployment, the ADS then comes under the direction of the NTA. The NTA communicates with the ADS, alerting it to the IP address(s) that are under DDoS attack. The ADS next announces the border routers to divert traffic via BGP to the ADS where malicious traffic is discarded. It then re-injects legitimate traffic back into your network with extremely low latency and high accuracy. Also, the ADS can integrate with NSFOCUS Threat Intelligence (NTI) to discard the traffic from known botnets immediately, and uploads the attack data to NTI for contributing to intelligence.
The ADS-M real-time views are highly optimized for traffic monitoring, reporting, ease of use, and improved user experience
The ADS-M is used for central configuration, management, and reporting. It can be configured in a multi-tenant mode of operation to provide separate administrative domains on a per-customer basis. The ADS-M includes a flexible, web services API to automate provisioning and reporting for your specific environment. Network operators can use the ADS-M to direct and collect packet captures from co-resident ADS systems to shorten problem resolution and incident response times. Extensive reporting options include information on attack types, attack targets, protocols, ports, network status, alert information, device logs, and more.
The ADS-M also supports a customizable “customer portal” designed for providers who desire to offer Managed DDoS Services. This portal allows providers to offer web-based access to their customers for traffic analysis, reporting, and analytics on a case-by-case basis.
Complete service provider ready solution
Defend attacks against your customers
Lowest total cost of ownership (TCO)
Quick and easy install into your network
Deploy as much mitigation capacity as needed
Automatic hand-off with NSFOCUS Cloud Centers
Shorten time to redirection and cloud mitigation
Increased visibility and traffic threshold monitoring
Versatility of deployment options
Automated or manual BGP redirection
GRE, VLAN, MPLS, PBR traffic re-injection
All-in-one solution, multi-tenancy enabled
Low false positives, high performance
Easy to integrate and cohabitate
Automated and reliable DDoS mitigation
Efficient and intelligent protection from the botnet-based attacks with NTI
NSFOCUS SECURITY REPORT
DDoS and Web Application Attack Landscape Report
Annual Cybersecurity Insights Report
Botnet Trend Report
Fintech Security Analysis Report
DDOS ATTACK TREND
640,000 TBytes of attack traffic in total, 79.4% increase over 2016
14.1 Gbps of average peak traffic of individual attacks, 39.1% increase over 2016
1.4 Tbps of maximum peak traffic among individual attacks, nearly 100% over 2016
DDOS ATTACK TREND
Linux/UNIX hosts and servers constituted a strong base (55%) of DDoS attack sources. IoT devices were more frequently seen in small attacks (29.8% in small attacks and 10.3% in large attacks). Windows servers were often present in large attacks.
The trend of traditional reflection attacks, such as those based on the Network Time Protocol (NTP), slowed down, while modern ones that abused Memcached servers surged and related peak traffic hit a new record high of 1.35 Tbps
Industry-Leading Accuracy And Fastest Time To Mitigation
NSFOCUS On-Premises DDoS Defenses incorporate the latest from our internationally-recognized research labs and is developed with over 16 years of experience protecting the world’s largest banks, telecommunications, gaming, and streaming media companies. The NSFOCUS Security Labs is a cyber security threat research lab at the forefront of vulnerability assessment, threat detection, and mitigation research. Their work, combined with world-class engineering, has resulted in a solution with industry leading accuracy capable of automatically defeating advanced, multi-layer DDoS attacks in as little as 20 seconds.
The ADS series of appliances includes models that range from 1Gbps to 40Gbps of DDoS mitigation capacity that support flexible licensing, so providers can deploy as much mitigation capacity as needed. When deployed with an ADS-M appliance, the ADS systems can be clustered to withstand the most extreme volumetric and application-layer DDoS attacks.
Multi-Tenant, Centralized Management
The ADS-M provides a multi-tenant configuration interface that simplifies the administration and monitoring of Managed DDoS Services. It enables service providers to create and configure customer specific security policies and reports, including daily/weekly/monthly/yearly intervals with pie charts, bar graphs, line graphs, and more. It also provides real-time traffic monitoring, log information, and detailed attack history for post-incident forensic analysis.
Easy To Deploy And Integrate
The ADS is typically deployed at the ingress points to your network, while the NTA and ADS-M appliances can be installed at any location in your network. The ADS uses industry standard routing protocols to communicate with other routers in order to redirect suspicious traffic and forward legitimate traffic back into your network. A flexible web services API in the ADS-M further simplifies integration of the system into your network by providing a programmatic interface that can be used to automate labor intensive tasks.
NSFOCUS Hybrid DDoS Defenses
Many service providers utilize a hybrid approach to defeat the damaging effects of DDoS attacks. The approach combines NSFOCUS On-Premises Defenses (designed to defeat attacks against your customers) with NSFOCUS Cloud DDoS Protection Service (designed to defeat attacks that impact your infrastructure).
Working in unison, this Complete Service Provider DDoS Mitigation Solution eliminates smaller attacks on-premises, while defending infrastructures from larger attacks using the NSFOCUS Cloud. Both defenses are integrated, resulting in increased bandwidth visibility, reduced cloud redirect times for mitigation, and coverage for all L3-L7 DDoS attacks.
For Service Providers Of All Sizes
NSFOCUS On-Premises Defenses is the ideal solution for today’s service providers to defeat DDoS attacks against their customers. It is highly scalable and is performance optimized to meet the current and future needs of service provider environments. It is also easy to deploy, flexible, and provides a multi-tenant configuration interface to simplify the configuration and administration of large-scale Managed DDoS Services.