Network Security & Service Integrity
Utilizing the three zeros concept – zero-touch, zero-minute and zero-false positives – DefensePro’s® network-based, behavioral security delivers wire-speed, advanced DPI/DFI technologies to mitigate attacks securing network and service integrity and enforcing traffic policies to meet service level agreements (SLAs) across the carrier core.
Network-based DPI/DFI Behavioral Technologies
Radware’s DPI/DFI security is based on innovative network behavioral analysis capable of detecting (zero-touch) and mitigating all types of known and unknown (zero-minute) network IPS/DoS and DDoS floods.
The network behavioral analysis module monitors network-wide behaviors, establishing the traffic and service baselines needed to immediately identify anomalies and potential service attacks. Using advanced statistics, fuzzy logic and adaptive, self-learning feedback mechanisms, this behavioral network analysis module automatically and proactively blocks high-volume self-propagating worms and service floods to safeguard network resources and services in real time, without affecting legitimate traffic or impacting service performance.
DPI/DFI Multilayer Defense: Edge to Core
DPI/DFI security may be deployed in several configurations
DPI/DFI-based Infrastructure DoS/DDoS Protection at the Carrier Perimeter/Peering Edge
Operating at multi-gigabit speed as a transparent in-line device, DefensePro affords complete visibility, blocking and rate limiting of all ingress attack traffic extending a first line of defense at the point of entry to the carrier core. By cleansing (coarse grain granularity) carrier networks from all mass-volume attacks at the peering edge, DefensePro prevents attacks from ever impacting the carrier network or subscribers1.
DPI/DFI-based Service Protection at the Service PoPs and Data Centers
DefensePro DPI/DFI technologies protect servers and other mission-critical network resources including
- DNS
- DHCP
- RTP/RTSP streaming servers
- SIP-aware applications
- Soft switches
DefensePro’s attack signature IPS protection, DoS prevention, worm propagation mitigation and anti-scanning, secure against known and unknown server exploits and application vulnerabilities. DefensePro’s advanced behavioral IPS/DoS technologies detect and deliver zero-minute mitigation of service and resource abuses – including DNS query floods, spoofed Syn attacks, BOTs (HTTP and SIP) detection and mitigation, providing fine-grained detection capabilities.
DPI/DFI-based Premium Business Broadband Security and Misbehaving Customer Detection
By routing paying business customers (MSS traffic) to scrubbing centers, DefensePro lets operators provide Clean Link services for premium business broadband. With DefensePro, operators can immediately detect and mitigate attacks originating from subscribers, to block even low-rate attacks including preliminary worm propagation, network scanning activity, BOTs identifying misbehaving customers and preventing zombie-server attack propagation while forwarding all legitimate traffic to ensure ongoing service performance and continuity. DefensePro bi-directional signature-based IPS provides additional access-edge security blocking and cleaning traffic from high risk viruses, Trojans and other intrusions.
Network Security and Service Integrity solutions include these features and benefits
1 Regulation limitations may limit detection triggers to headers information only. As mobile operators open their networks to the Internet, new Internet-to-mobile attacks are causing severe service disruptions, making DDoS and worm propagation prevention critical.