SlideShare a Scribd company logo

Rethinking Security: Corsa Red Armor Network Security Enforcement

Corsa Technology, profile picture
Corsa Technology

The document outlines Red Armor's innovative network security enforcement solutions designed to combat escalating DDoS attacks through a high-performance, purpose-built infrastructure. It highlights the NSE7000 series, which installs easily within existing architectures and provides line-rate enforcement without performance degradation. The architecture features best-of-breed analysis and enforcement, enabling both efficiency and scalability while addressing the growing threats in network security.

Technology
Related topics:
Service Provider InsightsNetwork Security
1 of 16
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
Red Armor
Network Security Enforcement Rethinking Network-Based Security To Protect against DDoS Attacks
• Perfectly simple high performance infrastructure – Purpose-built high capacity networks – Our architecture and advanced features set us apart • Product Innovation with market-leading support • Customers use this for rapid service creation and delivery within their networks – ISP, SP, IX, CDNs, hosting providers and NREN customers worldwide – Very large networks: Each moving >50Petabytes of data per month
A Bad Trend in DDoS Attacks BBC – 602Gbps 31/12/2015 Krebs – 665Gbps 20/09/2016 OVH – 1Tbps 20/09/2016 Dyn – 1.2Tbps 21/10/2016 Incapsula– 650Gbps @ 150Mpps 21/12/2016 Mirai Botnet Leet Botnet NWH Botnet
Anatomy of DDoS Attacks >90% of Attack Traffic is Volumetric Verisign Oct.2016
“IoT denial of service attacks ….will be orders of magnitude greater than what we have seen. The 2016 IoT DDoS attacks were…merely designed to calibrate their weaponized software. 2017 will see serious internet outages.” 2017 – Tip of the Iceberg
Today’s Network Security Scrubbing Center Traditional Router-Based
Security for high volume networks Insufficient performance against escalating intensity of attacks: huge # attack sources, massive increase in attack size, multiplying attack types Mitigation is not keeping pace with detection and analysis Cost prohibitive Not line-rate Limited scale Restricted placement Inadequate evolution Too complex
Red Armor NSE7000 Series • Installs in 10 minutes within existing architectures • Operates as a bump on the wire • Interoperates with every DDoS detection technology • Provides 100G line rate enforcement at a fraction of the cost Red Armor Turbo Charges Network Security
Separation of Network Security Functions An evolved security architecture: • Best-of-breed Analysis • Best-of-breed Inspection • Line-rate Enforcement Mitigation/ Enforcement Inspection Analysis
Line-rate Enforcement Red Armor: Network Security Enforcement 64 Byte line-rate performance: 100Gbps @ 150 Mpps Ultimate precision to protect both network and customer No performance penalty with small packets or number of rules Responsive to evolving security threats Universal Solution Fits in any existing architecture Distributed or centralized with ability to scale up AND scale out Link best of breed inspection and analysis with best enforcement Performance monitoring and reporting for every rule Right-Sized Economics Simplified enforcement Affordable for building truly distributed defence Ability to scale security with scaling the network No software licensing fees or transceiver lock in Universal enforcement for any size volumetric DDoS attack
Network Security Enforcement for DDoS BGP Flow Spec NetFlow Data Analysis/Detection Bump in the wire Red Armor Line Rate EnforcementAny existing DDoS detection such as Network Routing  Add to existing architecture  No shared resources with routing  No degradation of performance based on packet size  No degradation of performance based on # of rules
Red Armor – How It Works • Enforcement broken down into simple security rules • Packets parsed and matched on any field at L3 and L4 – TCP Flags, SYN in addition to IP src/dst and TCP/UDP src/dst • Rules can be programmed via BGP FlowSpec, REST API or OpenFlow • Real-time per rule statistics for extremely granular performance monitoring and reporting Enforcement Rules Accept Drop Rate-limit DSCP Remark
NSE Performance: RFC2544 Test Traffic composition: 100% 64byte packets Traffic rate: 100Gbps Performance result: 150Mpps at 100Gbps
Red Armor NSE7000 Series • Installs in 10 minutes and is additive to existing architectures • Operates as a bump on the wire • Interoperates with every DDoS detection technology • Provides 100G line rate enforcement at a fraction of the cost Red Armor Turbo Charges Network Security
Red Armor

More Related Content

PDF
Corsa Giga Filter
Corsa Technology
 
PDF
Corsa DP2000 Platform
Corsa Technology
 
PDF
Corsa Technology DP2000: Open Programmable Networking & Virtualizing Network ...
Corsa Technology
 
PPTX
PLNOG 17 - Artur Kane - DDoS? You shall not pass!
PROIDEA
 
PPTX
PLNOG 17 - Marek Karczewski - Mity i fakty skutecznej ochrony aplikacji inter...
PROIDEA
 
PPT
Vpn presentation
Ram Bharosh Raut
 
PPTX
Virtual Private Networks (VPN) ppt
OECLIB Odisha Electronics Control Library
 
PPT
TFI2014 Session I - State of SDN - Gary Hemminger
Colorado Internet Society (CO ISOC)
 
Corsa Giga Filter
Corsa Technology
 
Corsa DP2000 Platform
Corsa Technology
 
Corsa Technology DP2000: Open Programmable Networking & Virtualizing Network ...
Corsa Technology
 
PLNOG 17 - Artur Kane - DDoS? You shall not pass!
PROIDEA
 
PLNOG 17 - Marek Karczewski - Mity i fakty skutecznej ochrony aplikacji inter...
PROIDEA
 
Vpn presentation
Ram Bharosh Raut
 
Virtual Private Networks (VPN) ppt
OECLIB Odisha Electronics Control Library
 
TFI2014 Session I - State of SDN - Gary Hemminger
Colorado Internet Society (CO ISOC)
 

What's hot (20)

PPT
Vpn rsvp
Swarup Kumar Mall
 
PDF
Wireless Technologies For The Internet Of Things
Geek Girls Carrots Switzerland
 
PPT
V P N
bhathiji
 
PDF
128 Technology Webinar - Remove Overhead and Complexity with Tunnel-Free SD-WAN
128 Technology
 
PPTX
VPN (virtual Private Network)
Chandan Jha
 
PPTX
Virtual private network, vpn presentation
Amjad Bhutto
 
PPT
VPN presentation - moeshesh
Mohamed Shishtawy
 
PDF
Nuage Networks: Gluecon 2013 Keynote: The True Potential of Network Virtualiz...
Nuage Networks
 
PPTX
Webinar: The Software Matters in Open Networking
Storage Switzerland
 
PDF
Nuage Networks: Delivering Datacenter Networks As Consumable as Computee_scot...
Nuage Networks
 
PPTX
Challenges of Network Optimization in a WAN-Cloud World
Atchison Frazer
 
PDF
Time for Change
Amdocs
 
PPTX
Realising the Immediate Benefits of SDN and NFV
Napier University
 
PPT
Vpn
Nure Alam
 
PDF
BreakingPoint & Fortinet RSA Conference 2011 Presentation: Evaluating Enterpr...
Ixia
 
DOC
Virtual private network
Parth Akbari
 
PDF
Vpn security
AnushiyaAron
 
PPTX
VIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALA
Saikiran Panjala
 
PPTX
How to use SDN to Innovate, Expand and Deliver for your business
Napier University
 
PPTX
SDN/NFV architecture vision and reality
Colt Technology Services
 
Vpn rsvp
Swarup Kumar Mall
 
Wireless Technologies For The Internet Of Things
Geek Girls Carrots Switzerland
 
V P N
bhathiji
 
128 Technology Webinar - Remove Overhead and Complexity with Tunnel-Free SD-WAN
128 Technology
 
VPN (virtual Private Network)
Chandan Jha
 
Virtual private network, vpn presentation
Amjad Bhutto
 
VPN presentation - moeshesh
Mohamed Shishtawy
 
Nuage Networks: Gluecon 2013 Keynote: The True Potential of Network Virtualiz...
Nuage Networks
 
Webinar: The Software Matters in Open Networking
Storage Switzerland
 
Nuage Networks: Delivering Datacenter Networks As Consumable as Computee_scot...
Nuage Networks
 
Challenges of Network Optimization in a WAN-Cloud World
Atchison Frazer
 
Time for Change
Amdocs
 
Realising the Immediate Benefits of SDN and NFV
Napier University
 
Vpn
Nure Alam
 
BreakingPoint & Fortinet RSA Conference 2011 Presentation: Evaluating Enterpr...
Ixia
 
Virtual private network
Parth Akbari
 
Vpn security
AnushiyaAron
 
VIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALA
Saikiran Panjala
 
How to use SDN to Innovate, Expand and Deliver for your business
Napier University
 
SDN/NFV architecture vision and reality
Colt Technology Services
 
Ad

Similar to Rethinking Security: Corsa Red Armor Network Security Enforcement (20)

PPTX
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PROIDEA
 
PPTX
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
Marta Pacyga
 
PDF
DETENIENDO LOS ATAQUES DDOS CON NSFOCUS
Cristian Garcia G.
 
PDF
SecurityDAM - Hybrid DDoS Protection for MSSPs and Enterprises (Infosecurity ...
Ziv Ichilov
 
PDF
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
BGA Cyber Security
 
PDF
Stephen Wallo
AFCEA International
 
PPTX
6° Sessione VMware NSX: la piattaforma di virtualizzazione della rete per il ...
Jürgen Ambrosi
 
PPTX
Scaling service provider business with DDoS-mitigation-as-a-service
Cloudflare
 
PPTX
INSECS: Intelligent networks security system
Nadun Rajasinghe
 
PPTX
Kentik and Cloudflare Partner to Mitigate Advanced DDoS Attacks
Cloudflare
 
PPTX
Security at the Speed of the Network
Hantzley Tauckoor
 
PPTX
Simplifying Wired Network Deployments with Software-Defined Networking (SDN)
Aruba, a Hewlett Packard Enterprise company
 
PDF
Microsegmentation for enterprise data centers
Narendran Vaideeswaran
 
PPTX
Network Bandwidth management - Mumbai Seminar
ManageEngine, Zoho Corporation
 
PPTX
Ransomware-Recovery-as-a-Service
Sagi Brody
 
PPTX
Who Moved My Network? Mastering Hybrid WANs with ThousandEyes and Cisco
ThousandEyes
 
PDF
Next-Gen DDoS Detection
Alex Henthorn-Iwane
 
PDF
Secure SDN
APNIC
 
PPTX
Mellanox Market Leading Solutions
Mellanox Technologies
 
PDF
[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'
OpenStack Korea Community
 
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PROIDEA
 
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
Marta Pacyga
 
DETENIENDO LOS ATAQUES DDOS CON NSFOCUS
Cristian Garcia G.
 
SecurityDAM - Hybrid DDoS Protection for MSSPs and Enterprises (Infosecurity ...
Ziv Ichilov
 
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
BGA Cyber Security
 
Stephen Wallo
AFCEA International
 
6° Sessione VMware NSX: la piattaforma di virtualizzazione della rete per il ...
Jürgen Ambrosi
 
Scaling service provider business with DDoS-mitigation-as-a-service
Cloudflare
 
INSECS: Intelligent networks security system
Nadun Rajasinghe
 
Kentik and Cloudflare Partner to Mitigate Advanced DDoS Attacks
Cloudflare
 
Security at the Speed of the Network
Hantzley Tauckoor
 
Simplifying Wired Network Deployments with Software-Defined Networking (SDN)
Aruba, a Hewlett Packard Enterprise company
 
Microsegmentation for enterprise data centers
Narendran Vaideeswaran
 
Network Bandwidth management - Mumbai Seminar
ManageEngine, Zoho Corporation
 
Ransomware-Recovery-as-a-Service
Sagi Brody
 
Who Moved My Network? Mastering Hybrid WANs with ThousandEyes and Cisco
ThousandEyes
 
Next-Gen DDoS Detection
Alex Henthorn-Iwane
 
Secure SDN
APNIC
 
Mellanox Market Leading Solutions
Mellanox Technologies
 
[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'
OpenStack Korea Community
 
Ad

Recently uploaded (20)

PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PPTX
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
PPTX
Spectroscopy.pptx food analysis technology
nawahassan45
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PDF
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PPTX
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
Cloud computing and distributed systems.
kkkkkhan
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
Encapsulation theory and applications.pdf
gurumoop
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
Spectroscopy.pptx food analysis technology
nawahassan45
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 

Rethinking Security: Corsa Red Armor Network Security Enforcement

  • 2. Network Security Enforcement Rethinking Network-Based Security To Protect against DDoS Attacks
  • 3. • Perfectly simple high performance infrastructure – Purpose-built high capacity networks – Our architecture and advanced features set us apart • Product Innovation with market-leading support • Customers use this for rapid service creation and delivery within their networks – ISP, SP, IX, CDNs, hosting providers and NREN customers worldwide – Very large networks: Each moving >50Petabytes of data per month
  • 4. A Bad Trend in DDoS Attacks BBC – 602Gbps 31/12/2015 Krebs – 665Gbps 20/09/2016 OVH – 1Tbps 20/09/2016 Dyn – 1.2Tbps 21/10/2016 Incapsula– 650Gbps @ 150Mpps 21/12/2016 Mirai Botnet Leet Botnet NWH Botnet
  • 5. Anatomy of DDoS Attacks >90% of Attack Traffic is Volumetric Verisign Oct.2016
  • 6. “IoT denial of service attacks ….will be orders of magnitude greater than what we have seen. The 2016 IoT DDoS attacks were…merely designed to calibrate their weaponized software. 2017 will see serious internet outages.” 2017 – Tip of the Iceberg
  • 8. Security for high volume networks Insufficient performance against escalating intensity of attacks: huge # attack sources, massive increase in attack size, multiplying attack types Mitigation is not keeping pace with detection and analysis Cost prohibitive Not line-rate Limited scale Restricted placement Inadequate evolution Too complex
  • 9. Red Armor NSE7000 Series • Installs in 10 minutes within existing architectures • Operates as a bump on the wire • Interoperates with every DDoS detection technology • Provides 100G line rate enforcement at a fraction of the cost Red Armor Turbo Charges Network Security
  • 10. Separation of Network Security Functions An evolved security architecture: • Best-of-breed Analysis • Best-of-breed Inspection • Line-rate Enforcement Mitigation/ Enforcement Inspection Analysis
  • 11. Line-rate Enforcement Red Armor: Network Security Enforcement 64 Byte line-rate performance: 100Gbps @ 150 Mpps Ultimate precision to protect both network and customer No performance penalty with small packets or number of rules Responsive to evolving security threats Universal Solution Fits in any existing architecture Distributed or centralized with ability to scale up AND scale out Link best of breed inspection and analysis with best enforcement Performance monitoring and reporting for every rule Right-Sized Economics Simplified enforcement Affordable for building truly distributed defence Ability to scale security with scaling the network No software licensing fees or transceiver lock in Universal enforcement for any size volumetric DDoS attack
  • 12. Network Security Enforcement for DDoS BGP Flow Spec NetFlow Data Analysis/Detection Bump in the wire Red Armor Line Rate EnforcementAny existing DDoS detection such as Network Routing  Add to existing architecture  No shared resources with routing  No degradation of performance based on packet size  No degradation of performance based on # of rules
  • 13. Red Armor – How It Works • Enforcement broken down into simple security rules • Packets parsed and matched on any field at L3 and L4 – TCP Flags, SYN in addition to IP src/dst and TCP/UDP src/dst • Rules can be programmed via BGP FlowSpec, REST API or OpenFlow • Real-time per rule statistics for extremely granular performance monitoring and reporting Enforcement Rules Accept Drop Rate-limit DSCP Remark
  • 14. NSE Performance: RFC2544 Test Traffic composition: 100% 64byte packets Traffic rate: 100Gbps Performance result: 150Mpps at 100Gbps
  • 15. Red Armor NSE7000 Series • Installs in 10 minutes and is additive to existing architectures • Operates as a bump on the wire • Interoperates with every DDoS detection technology • Provides 100G line rate enforcement at a fraction of the cost Red Armor Turbo Charges Network Security