Always On Clean Link Security
Managed Multi-Gigabit, Always On Clean Link Services
DefensePro
® lets carriers deliver multi-Gigabit managed intrusion prevention and Denial of Service (DoS) security services to protect customers from application and network threats including even the most aggressive high-volume, self-propagating worms and service floods. DefensePro provides carriers with a full set of security capabilities to block attacks and clean subscriber links, safeguarding customer infrastructure and online businesses in real time, for unparalleled customer service integrity.
In addition, by controlling all customer bandwidth, carriers can shape subscriber link bandwidth and guarantee quality of service (QoS), ensuring network service performance as part of their managed service offering.
Network-based, Hybrid Signature and Behavioral Intrusion Prevention Model for Multilayer Customer Security
DefensePro delivers a managed intrusion protection system (IPS) security service designed to block over 1,500 signature-based attacks in real time. Employing an ASIC-based StringMatchEngine
®, DefensePro inspects all subscriber link traffic to identify malicious content, Trojans, known worms, BOTs activity, viruses and other attack signatures and immediately blocks them to clean customer links from intrusions.
DefensePro inspects IPv6 traffic for attack signatures, scanning and DoS/DDoS floods as well as multiple carrier encapsulation and tunneling protocols including L2TP, GRE, GTP and MPLS to ensure maximum flexibility for carrier deployment. Radware’s attack database lets carriers configure security profiles and define custom attack signatures, simplifying IPS management while affording full flexibility to meet diverse subscriber needs.
Radware’s Security Update Service (SUS) provides ongoing updates of attack signature databases for continuous and automated protection against newly emergent threats.
Affording PoP-based IPS, DefensePro lets carriers leverage their unique ability to secure against network-based attacks on the customer end of links, utilizing stateless capabilities, to ensure the continuity of subscriber network and end-user operations.
Advanced Distributed Denial of Service Prevention Securing Against Network Floods
DefensePro’s DoS employs a powerful behavioral engine capable of identifying and immediately thwarting any form of DoS attacks for wire-speed mitigation of network floods including
- TCP Syn floods
- Other TCP floods (Ack, Psh+ack, Reset,...)
- UDP floods
- DNS floods
- ICMP floods
- IGMP floods
- Aggressive self-propagating worms (TCP and UDP worms)
Employing unique traffic monitoring and baseline behavioral mapping, DefensePro is capable of preventing both known and unknown DoS/DDoS attacks, creating a new filter to protect subscriber networks within 18 seconds, or activating a known filter from the Radware attack database, for unmatched protection. In addition to active DoS attack mitigation, DefensePro worm propagation protection algorithms identify misbehaving users, to proactively protect against suspect sources. By controlling all egress traffic, DefensePro’s rate limiting and bandwidth/traffic shaping capability moderates available network resources to guarantee service levels for mission-critical applications, while further protecting against worm propagation on top of uncontrolled peer-to-peer (P2P) traffic.
Granular, Virtualized Policy-based IPS and DoS
IPS and DoS managed security policies may be configured based on granular, multiple service parameters for automated customer identification using IP ranges, MPLS tags and VLANs, enabling the virtualization of subscriber network elements for simple DoS and IPS security service configuration and updating across multiple customer accounts.
DefensePro supports a multisegment approach, affording full flexibility in managed service policy enforcement to greatly simplify DoS security management and reduce OPEX.
DefensePro lets carriers service hundreds of customers with a single virtualized platform for highly economical service scalability. Employing DefensePro bandwidth licensing scheme’s scale-as-you-grow approach, carriers can further optimize their managed security CAPEX and OPEX by growing service capacity based on actual service revenue generation, controlling costs and exhibiting strong service ROI.
High Scalability for CAPEX/OPEX Savings
DefensePro accommodates multiple service deployments including operation at the carrier point of presence (PoP) as a transparent in-line device or as a service node over the MPLS cloud. This allows carriers to easily and flexibly deploy new security services, avoiding any intrusive network operations or changes in routing or network configurations.
Managed Security SLAs by Key Performance Indicators
Based on advanced virtualization capabilities and enhanced customer security reporting, operators can commit to customer service level agreements (SLAs) based on policy key performance indicators (KPI).
Carrier-grade Performance, Fault Tolerance and Network Transparency
DefensePro security reporting provides comprehensive DoS and IPS attack visibility, statistics and logs, enabling immediate identification of attack sources, attack analysis over time and full reporting of attack scope and effects for subscribers.
Security events may be seamlessly reported to existing carrier security event management (SEM) platforms including Symantec, ArcSight and others.
DefensePro is designed for carrier-grade performance, scalability and fault-tolerance requirements. It provides unmatched 4 Gbps processing power, built on top of a 4-tier ASIC switching architecture — with dual network processors, RISC processor and a hardware ASIC StringMatch Engine® for 1000X accelerated inspection speeds, even under the most demanding application processing and high-volume networking environments.
DefensePro’s internal bypass support, dual power supplies and fully redundant topologies ensure fault tolerance and 99.999% uptime for uninterrupted managed security service availability.
Reduced Customer Churn and Improved Subscriber Service Levels
DefensePro dramatically reduces the costs associated with managing customer churn associated with security attacks, including the servicing of connection failures and slow subscriber application performance.