Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security
Download as PPTX, PDF2 likes1,868 views
DDoS attacks are a significant threat to businesses, with many organizations experiencing multiple attacks annually. The document compares traditional NetFlow-based mitigation solutions with Radware's DefenseFlow, an SDN application that offers immediate attack detection and low-cost provisioning. DefenseFlow provides a scalable and efficient method for DDoS protection by diverting suspicious traffic and utilizing a streamlined detection process.
Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security
- 1. Radware DefenseFlow The SDN Application That Programs Networks for DoS Security Sales Presentation April 2013
- 2. • DDoS Threat is Evolving • Limitations of Legacy Out-Of-Path Deployments • Radware DefenseFlow Solution • Summary
- 3. US Banks Under Attack: From The News 3
- 4. Anonymous Attacks Grow Industry Security Survey Which of the following motivation(s) are behind the DDoS/DoS attacks that you experienced? Ransoms Competition 5% 6% Angry users 10% Motivation is unknown Political/Hacktivism 57% 22% 4
- 5. Ponemon Research 2012: DDoS Attacks are Mainstream of organizations had an average of 3 DDoS attacks in the past 12 months Minutes average downtime during one DDoS attack Average cost per minute of downtime Average annual cost of DDoS attacks 5
- 6. Limitations of Netflow Based Mitigation Netflow Based Capability Mitigation Detection Network DDoS flood attacks Full coverage Mitigation Mitigation response time Slow – 5 Minutes Requires BGP announcement, GRE Slow Network Operation Complicated tunneling and several detectors Complicated Diversion Traffic granularity Low Granularity Inaccurate Requires hardware detectors Cost Effective Requires scrubbing center Expensive Expensive Consumes routers CPU and ports 6
- 7. Introducing Radware DefenseFlow The SDN Application That SDN Applications Programs Networks for DDoS Protection API SDN Controller Controller OpenFlow API SDN Data Plane DefensePro 7
- 8. DefenseFlow: The SDN Application That Programs Networks for DoS Security Configure DefensePro Security Service with learned baselines Attack!!! Create baselines per: provisioning IP Address, Protocol & Programmable Service (Port) Probe – Collect Detection Analyze & Decide “Flow Diversion” SDN Controller - Control Internet DefensePro Slide 8
- 9. DefenseFlow Vs. Netflow Netflow Based Radware Capability Mitigation DefenseFlow Detection Network DDoS flood attacks Full coverage Full Coverage Mitigation response time Immediate – Mitigation Slow – 5 Min seconds Requires BGP announcement, Simple - Network GRE tunneling and several Slow Complicated diversion is a Operation detectors Complicated network service Inaccurate High Granularity Diversion Traffic granularity Low Granularity – divert only Expensive suspicious traffic Requires hardware detectors Cost Requires scrubbing center Expensive Low cost Effective Consumes routers CPU and ports 9
- 10. Operator Benefits • Designed for attack mitigation – Attack detection is performed out of path – During attack period only suspicious traffic is diverted through mitigation device • Scalable solution – DefensePro mitigation devices can be placed in any location – DefenseFlow diverts the traffic to the nearest mitigation device • Easy provisioning – Adding protection policy to a customer in a few seconds • Lowest cost solution – Detection as a native SDN stats collection – Diversion as a native SDN control operation 10
- 11. Summary • DDoS attacks are prevalent threat to every business and agency • Current Netflow based solutions fail to offer cost effective solution • DefenseFlow is a SDN application that programs networks for DDoS Protection, gaining: – Easy provisioning – Immediate attack detection – Low cost 11
Editor's Notes
- #6: Source: Cyber Security on the Offense:A Study of IT Security ExpertsCo-authored with RadwareIndependently conducted by Ponemon Institute LLCPublication Date: November 2012