• Security Solutions

    Radware's family of security solutions provide integrated application and network security and security tool management for a best of breed, multi-layered security architecture. Our Attack Mitigation Systems (AMS) is the industry's first fully integrated IT security solution that protects application infrastructure in real time against network and application downtime, application vulnerability exploitation, malware spread, information theft, Web services attacks and Web defacement.

    Our Attack Mitigation Network (AMN) is a holistic security architecture designed to address the emerging security challenges. AMN combines distributed detection and mitigation elements which are maintained synchronized with legitimate traffic baselines and attack information in real-time. AMN expands the detection coverage across all enterprise resources and automates the mitigation by selecting the most effective tools and locations – in the data center, at the perimeter or in the cloud. As a result AMN offers unprecedented protection against today's and tomorrow's availability-based threats on all fronts.

    • Maintain business continuity and productivity
    • Improve customer satisfaction
    • Successfully block attacks launched at the network

    As methods of attack increase in frequency, sophistication, and severity, application and security solutions need to meet and surpass these threats. Radware's dynamic real-time security solutions provide the necessary level of defense for today's application and network security needs, and are ready for tomorrow's challenges. Based on adaptive behavioral-based and signature based technologies the solutions provide organizations with integrated intrusion detection and prevention systems and Denial of Service (DoS) and Distributed Denial of Service (DDoS) DoS protection. These defend against both network- and application-level attacks, delivering a holistic approach to application- and network-level threats, while enhancing the overall performance of security across the organization.

    DefensePipe is a cloud-based service to mitigate volumetric DDoS attacks and protect against Internet pipe saturation. Available to Radware customers that deploy an on-premise Attack Mitigation Systems (AMS), DefensePipe is a scalable solution that automatically engages once the customer's AMS detects that pipe saturation is imminent.

    • Widest security coverage - protection from a wide range of attacks that cannot be detected and mitigated by other solutions that are deployed in the cloud or on-premise
    • Shortest response time - detection and mitigation of network, application and low and slow attacks, offering guaranteed clean pipe to the organization
    • Single contact point - Radware's Emergency Response Team (ERT) mitigates the attack during the entire attack campaign. No need to manage complicated transition of responsibilities between multiple vendors during an attack.
    • Integrated reporting system - more efficient forensics enabling a better understanding of threats and better planned attack mitigation strategies for future threats.

    Radware DefensePro is a real-time network device that provides reliable DDoS/DoS protection for both networks and applications.

    DDoS flood attacks intentionally misuses bandwidth resources in order to bring down your sites, networks and applications. These types of DDoS attacks can be launched at any time and many make use of automated programs that allow thousands of users to attack a network or application. DefensePro protects against these threats by analyzing user behavior and requests and matching behavior to recognized patterns and attack signatures in its memory. When a DDoS/DoS attack is detected, DefensePro, part of Radware's Attack Mitigation Systems (AMS), blocks attacks without blocking legitimate users from your network or applications. You will be able to defend against intrusions and flood attacks without stopping real user from accessing the information that you need.

    DefensePro rapidly and accurately distinguish between three broad categories of behavior: legitimate normal traffic, attack traffic and unusual patterns created by legitimate activity. This module has two features to provide this protection.

    • A behavioral-DoS feature which rapidly mitigates zero-day DDoS/DoS attacks by automatically generating real-time signatures to prevent the attack without need for human intervention
    • A DoS shield feature which protects against known DDoS/DoS floods

    Blocked Flood Attacks Include

    • TCP SYN floods
    • TCP Push, Fin and Reset floods
    • UDP and DNS floods
    • ICMP and IGMP floods

    If you're a cloud/hosting provider, take a look at our DDoS-as-a-Service solution.

    Radware’s DefenseSSL is a module within Radware's Attack Mitigation System (AMS) that protects online businesses from SSL based-DDoS attacks. AMS is comprised of multiple DoS & DDoS layers of defense including network based protections and application layer protections, which also cover SSL based DoS & DDoS attacks. The integrated solution which mitigates both clear and encrypted traffic is enabled by:

    DefensePro - DefensePro is an advanced SSL attack mitigation solution with dedicated high performance hardware to confront all types of DDoS attacks. DefensePro's layers of defense contain security technologies that were designed to detect and mitigate both high rate DoS & DDoS and "low & slow" attacks in the network and application layers, traffic anomaly attacks, connection-based misuse attacks, service cracking attacks, and application scan pre-attack probes – all of which misuse network and application resources and are part of multi-vulnerability based attack campaigns.

    Alteon NG - Alteon NG provides a powerful SSL acceleration engine. Through a dedicated hardware accelerator, the Alteon product delivers the extendable throughput that large on-line businesses need to encrypt and decrypt SSL traffic.

    This integrated solution uniquely mitigates floods that are directed to HTTPS pages and it provides unlimited SSL decryption and encryption capabilities. Additionally, Radware's solution for SSL DDoS attacks can operate in symmetric and asymmetric environments.

    Radware's AppWall is an advanced Web Application Firewall (WAF) securing Web applications and enabling PCI compliance. AppWall incorporates advanced, patent-protected Web application security filtering technologies to seamlessly detect threats, block attacks and report events. It is recognized by ICSA for its ease of implementation, low cost operation overhead, depth and breadth of Web application vulnerability protection.

    AppWall is the most comprehensive Web application threat mitigation, protecting against:

    • SQL injection
    • Cross-site scripting
    • Parameter tampering
    • Hidden field manipulation
    • Session manipulation
    • Cookie poisoning
    • Stealth commanding
    • Backdoor and debug options
    • Geo location-based blocking
    • Application buffer overflow attacks
    • Brute force attacks
    • Data encoding
    • Unauthorized navigation
    • Gateway circumvention
    • Web server reconnaissance
    • SOAP and Web services manipulation
    • Parameters pollution

    If you're a cloud/hosting provider, take a look at our WAF-as-a-Service solution.

    Radware's solutions help companies become PCI DSS compliant in a cost-effective manner. The solutions are fully integrated into the existing infrastructure in the data center with nearly non-existent disruption to existing, non-PCI compliant projects. Radware's integrated solution set for PCI compliance includes:

    • AppWall: Advanced Web Application Firewall (WAF) provides the easiest path to comply with PCI requirements 6.5 and 6.6.
    • Alteon: Intelligent application delivery controller enables organizations to comply with different PCI requirements including access control requirements, network segmentation requirements and card holder data protection requirements.
    • AppXML: Radware's Web services and XML gateway help enforce security and access control policies for web services as required by several of the PCI DSS requirements
    • DefensePro: Real-time network Intrusion Prevention System (IPS) and denial-of-service protection (DoS) against zero-minute and non-vulnerability-based attacks that misuse the service. Enables organizations to comply with different PCI requirements including requirement 11 and specifically requirement 11.4.
    • Inflight: Real-time detection of business and security events that provides a quick and easy path to implement auditing and logging related requirements (including PCI requirement 10). Inflight enables organizations to create enhanced, PCI compliant, audit logs from a central network location with no change or integration required with Web applications.

    Radware’s client-side SSL sniffing solution, which consists of Content Inspection Director (CID) and AppXcel, allows fully addressing the aforementioned challenges. Radware CID, a transparent smart redirection and dynamic policy enforcement device, transparently intercepts traffic, enabling to load balance bump-in-the-wire devices (such as IDS, IPS, DLP, anti-Malware, etc.) and pin traffic for client-side SSL inspection. Using a deep packet/flow inspection (DPI/DFI) engine, CID enables to employ a logical topology of the network devices, meaning that they can be quickly bypassed inspections if needed.

    The client-side SSL inspection takes place by Radware AppXcel, which uses a highly-scalable SSL decryption/encryption architecture which is FIPS 140-2 Level 2 & 3 compliant. This allows sending clean traffic to further inspection by the designated security devices, and then re-encrypting traffic before it is sent out to additional services in the Internet.

    Contact Us to Get Started.