For over a decade, Juniper Networks’ DDoS Secure technology has been ensuring availability of critical business resources for public sector, e-commerce, and financial customers, protecting applications against volumetric flood and application layer distributed denial of service (DDoS) attacks. DDoS Secure utilizes advanced heuristic DDoS mitigation technology that dramatically responds to over-loading of the protected resources, automatically providing the full spectrum of DDoS defenses to detect and block attacks. Today, DDoS Secure is the most comprehensive DDoS mitigation solution that is available, delivering protection against multi-vector DDoS attacks before they disrupt applications.
Recently, Juniper announced improvements to its DDoS Secure solution that help companies more efficiently and effectively mitigate complex attacks by leveraging security intelligence throughout the network fabric, bringing them one step closer to building a High-IQ Network. The goal is to deliver tighter integration into routing and service provider infrastructures with BGP Flowspec and GPRS Tunneling Protocol (GTP) protocols to enable new forms of protection that can mitigate a variety of DDoS attacks without restricting or impacting normal service. These new enhancements allow attacks detected by DDoS Secure at the network and application-layer to be stopped closer to the source through networking protocols to make the Juniper MX Series routers function as enforcement points.
Some highlights of Juniper’s announcement for upstream attack mitigation include distributed enforcement at the network boundary to protect the edge equipment as well as the resources behind it from becoming overwhelmed, especially when large or more challenging volumetric attacks take place. Also, the use of Flowspec provides the ability to take enforcement actions such as source-based black hole filtering to drop malicious packets or redirecting traffic to select network points for mitigation.
Accurate enforcement on mobile networks with GTP network protocol unwrap include new capabilities that protect against the escalating issue that service providers face in detecting and mitigating malicious traffic originating from botnets exploiting users’ devices. Also, DDoS Secure now also provides a look into malicious and errant mobile devices by identifying both User Equipment (UE) to UE and UE to Internet traffic.
For DNS inside-out attack protection, DDoS Secure now protects the core DNS infrastructure from participating in DNS amplification and reflection attacks that are difficult to detect and can have disastrous effects on network availability. DDoS Secure also applies heuristics-based intelligence to automatically mitigate attacks by rate limiting and black listing certain DNS requests. Also, this can generate a BGP Flowspec rule that allows attack traffic to be blocked upstream at the MX.
From a security standpoint, most businesses are completely REACTIVE. They don’t take action or implement protective measures until they experience a compelling event. When a DDoS attack does occur, not only does the business lose money, but also the trust and reputation of its employees and customers. DDoS Secure is necessary for all business to implement into their data centers as these types of attacks continue to increase each year.