For over a decade, Juniper Networks’ DDoS Secure technology
has been ensuring availability of critical business resources for public
sector, e-commerce, and financial customers, protecting applications against
volumetric flood and application layer distributed denial of service (DDoS)
attacks. DDoS Secure utilizes advanced heuristic DDoS mitigation technology
that dramatically responds to over-loading of the protected resources,
automatically providing the full spectrum of DDoS defenses to detect and block
attacks. Today, DDoS Secure is the most comprehensive DDoS mitigation solution
that is available, delivering protection against multi-vector DDoS attacks
before they disrupt applications.
Recently, Juniper announced improvements to its DDoS Secure
solution that help companies more efficiently and effectively mitigate complex
attacks by leveraging security intelligence throughout the network fabric, bringing
them one step closer to building a High-IQ Network. The goal is to deliver
tighter integration into routing and service provider infrastructures with BGP
Flowspec and GPRS Tunneling Protocol (GTP) protocols to enable new forms of
protection that can mitigate a variety of DDoS attacks without restricting or
impacting normal service. These new enhancements allow attacks detected by DDoS Secure
at the network and application-layer to be stopped closer to the source through
networking protocols to make the Juniper MX Series routers function as
enforcement points.
Some highlights of Juniper’s announcement for upstream
attack mitigation include distributed enforcement at the network boundary to
protect the edge equipment as well as the resources behind it from becoming
overwhelmed, especially when large or more challenging volumetric attacks take
place. Also, the use of Flowspec provides the ability to take enforcement
actions such as source-based black hole filtering to drop malicious packets or
redirecting traffic to select network points for mitigation.
Accurate enforcement on mobile networks with GTP network
protocol unwrap include new capabilities that protect against the escalating
issue that service providers face in detecting and mitigating malicious traffic
originating from botnets exploiting users’ devices. Also, DDoS Secure now also
provides a look into malicious and errant mobile devices by identifying both
User Equipment (UE) to UE and UE to Internet traffic.
For DNS inside-out attack protection, DDoS Secure now
protects the core DNS infrastructure from participating in DNS amplification
and reflection attacks that are difficult to detect and can have disastrous
effects on network availability. DDoS Secure also applies heuristics-based
intelligence to automatically mitigate attacks by rate limiting and black
listing certain DNS requests. Also, this can generate a BGP Flowspec rule that
allows attack traffic to be blocked upstream at the MX.
From a security standpoint, most businesses are completely
REACTIVE. They don’t take action or implement protective measures until
they experience a compelling event. When a DDoS attack does occur, not only
does the business lose money, but also the trust and reputation of its
employees and customers. DDoS Secure is necessary for all business to implement
into their data centers as these types of attacks continue to increase each
year.
No comments:
Post a Comment