• DDoS Protection Solutions & DDoS Attack Prevention

    Radware's family of DDoS attack prevention and DDoS protection solutions provide integrated application and network security and security tool management for a best of breed, multi-layered security architecture and DDoS attack prevention. Our Attack Mitigation Systems (AMS) is the industry's first fully integrated IT security solution that protects application infrastructure in real time against network and application downtime, application vulnerability exploitation, malware spread, information theft, Web services attacks and Web defacement.

    Our Attack Mitigation Network (AMN) is a holistic DDoS attack prevention and DDoS protection solution designed to address the emerging DDoS protection challenges. AMN combines distributed detection and mitigation elements which are maintained synchronized with legitimate traffic baselines and DDoS attack information in real-time. AMN expands the detection coverage across all enterprise resources and automates the DDoS mitigation by selecting the most effective tools and locations – in the data center, at the perimeter or in the cloud. As a result AMN offers unprecedented DDoS protection against today's and tomorrow's availability-based DDoS threats on all fronts.

    • Maintain business continuity and productivity
    • Improve customer satisfaction
    • Successfully block attacks launched at the network

    As methods of DDoS attacks increase in frequency, sophistication, and severity, application and security solutions need to meet and surpass these threats. Radware's real-time DDoS attack prevention solution provides the necessary level of defense for today's application and network security needs, and is ready for tomorrow's challenges. Based on adaptive behavioral-based and signature based technologies the intrusion prevention systems and DDoS protection solutions provide organizations with integrated intrusion detection and DDoS attack prevention systems of DoS attacks and DDoS attacks. Radware's DoS and DDoS attack prevention solutions defend against both network- and application-level DDoS attacks, delivering a holistic approach to application- and network-level threats, while enhancing the overall performance of security across the organization.

    DefensePipe is a cloud-based DDoS protection solution used to mitigate volumetric DDoS attacks and protect against Internet pipe saturation. Available to Radware customers that deploy an on-premise Attack Mitigation Systems (AMS), DefensePipe is a scalable DDoS attack prevention solution that automatically engages once the customer's AMS detects that pipe saturation is imminent.

    • Widest DDoS protection coverage - protection from a wide range of DDoS attacks that cannot be detected and mitigated by other DDoS attack prevetion solutions that are deployed in the cloud or on-premise
    • Shortest response time - detection and mitigation of network, application and low and slow attacks, offering guaranteed clean pipe to the organization
    • Single DDoS protection contact point - Radware's Emergency Response Team (ERT) mitigates the DDoS attack during the entire attack campaign. No need to manage complicated transition of responsibilities between multiple vendors during a DDoS attack.
    • Integrated reporting system - more efficient DDoS forensics enabling a better understanding of threats and better planned attack mitigation strategies for future threats.

    Radware DefensePro is a real-time network device that provides reliable DoS and DDoS attack prevention, security and protection for both networks and applications.

    DDoS flood attacks intentionally misuse bandwidth resources in order to bring down your sites, networks and applications. These types of DDoS attacks can be launched at any time and many make use of automated programs that allow thousands of users to attack a network or application. DefensePro is a DDoS protection solution that protects against these threats by analyzing user behavior and requests and matching behavior to recognized patterns and attack signatures in its memory. When a DDoS/DoS attack is detected, DefensePro, part of Radware's Attack Mitigation Systems (AMS), prevents DDoS attacks without blocking legitimate users from your network or applications. You will be able to have DDoS attack prevention of flood attacks without stopping real users from accessing the information they need.

    DDoS Attack Prevention with DefensePro

    DefensePro rapidly and accurately distinguish between three broad categories of behavior: legitimate normal traffic, attack traffic and unusual patterns created by legitimate activity. This module has two features to provide this DDoS protection.

    • A behavioral-DoS feature which rapidly mitigates zero-day DDoS/DoS attacks by automatically generating real-time signatures allowing for DDoS attack prevention and DDoS protection without need for human intervention
    • A DoS shield feature which protects against known DDoS/DoS floods

    Blocked Flood Attacks Include

    • TCP SYN floods
    • TCP Push, Fin and Reset floods
    • UDP and DNS floods
    • ICMP and IGMP floods

    If you're a cloud/hosting provider, take a look at our DDoS-as-a-Service solution.

    Radware's DefenseSSL is a DDoS protection module within Radware's Attack Mitigation System (AMS) that protects online businesses from SSL based-DDoS attacks. AMS is comprised of multiple DoS & DDoS layers of defense including network based protections and application layer protections, which also cover SSL based DoS & DDoS attacks. The integrated solution which mitigates both clear and encrypted traffic is enabled by:

    DefensePro - DefensePro is an advanced SSL attack mitigation solution with dedicated high performance hardware to confront all types of DDoS attacks. DefensePro's layers of defense contain DDoS protection and DDoS attack prevention technologies that were designed to detect and mitigate both high rate DoS & DDoS and "low & slow" attacks in the network and application layers, traffic anomaly attacks, connection-based misuse attacks, service cracking attacks, and application scan pre-attack probes – all of which misuse network and application resources and are part of multi-vulnerability based DDoS attack campaigns.

    Alteon NG - Alteon NG provides a powerful SSL acceleration engine. Through a dedicated hardware accelerator, the Alteon product delivers the extendable throughput that large on-line businesses need to encrypt and decrypt SSL traffic.

    This integrated DDoS attack prevention solution uniquely mitigates floods that are directed to HTTPS pages and it provides unlimited SSL decryption and encryption capabilities. Additionally, Radware's DDoS protection solution for SSL DDoS attacks can operate in symmetric and asymmetric environments.

    Radware offers organizations a hybrid web application firewall solution to protect against web-based DDoS attacks. At the core is AppWall - an advanced web application firewall (WAF) securing Web applications and enabling PCI compliance. AppWall incorporates advanced, patent-protected Web application security filtering technologies to seamlessly detect threats, block DDoS attacks and report events. It is recognized by ICSA for its ease of implementation, low cost operation overhead, depth and breadth of Web application vulnerability protection.

    The industry's first Hybrid Cloud WAF Service helps organizations with migrating applications to the cloud by protecting applications everywhere from web-based attacks. Radware's hybrid cloud WAF offering is based on its AppWall WAF product and provides a fully managed, always-on enterprise grade WAF that protects both on-premise and cloud-based applications, using a single technology solution. This single technology approach makes migrating applications to the cloud safer, easier and more secure.

    Radware's WAF offering is the most comprehensive Web application threat mitigation, protecting against:

    • SQL injection
    • Cross-site scripting
    • Parameter tampering
    • Hidden field manipulation
    • Session manipulation
    • Cookie poisoning
    • Stealth commanding
    • Backdoor and debug options
    • Geo location-based blocking
    • Application buffer overflow attacks
    • Brute force attacks
    • Data encoding
    • Unauthorized navigation
    • Gateway circumvention
    • Web server reconnaissance
    • SOAP and Web services manipulation
    • Parameters pollution

    If you're a cloud/hosting provider, take a look at our WAF-as-a-Service solution.

    Radware AppWall provides a real-time security patching solution for web applications in continuous application deployment environments via tight integration with Dynamic Application Security Testing (DAST) solutions.

    As web applications continuously introduce new features and resources, Radware’s AppWall automatically detects any real-time changes in the web applications and invokes a DAST tool to explicitly scan the specific application zones that have been changed. This scan is accomplished in minutes versus a complete web application scan that can take hours. AppWall reads the DAST vulnerability report, and uses it to automatically update the application security policy by creating the applicable virtual patches.

    Radware's DDoS attack prevention and DDoS protection solutions help companies become PCI DSS compliant in a cost-effective manner. The DDoS protection solutions are fully integrated into the existing infrastructure in the data center with nearly non-existent disruption to existing, non-PCI compliant projects. Radware's integrated solution set for PCI compliance includes:

    • AppWall: Advanced Web Application Firewall (WAF) provides the easiest path to comply with PCI requirements 6.5 and 6.6.
    • Alteon: Intelligent application delivery controller enables organizations to comply with different PCI requirements including access control requirements, network segmentation requirements and card holder data protection requirements.
    • AppXML: Radware's Web services and XML gateway help enforce security and access control policies for web services as required by several of the PCI DSS requirements
    • DefensePro: Real-time network Intrusion Prevention System (IPS) and DoS and DDoS protection against zero-minute and non-vulnerability-based attacks that misuse the service. Enables organizations to comply with different PCI requirements including requirement 11 and specifically requirement 11.4.
    • Inflight: Real-time detection of business and security events that provides a quick and easy path to implement auditing and logging related requirements (including PCI requirement 10). Inflight enables organizations to create enhanced, PCI compliant, audit logs from a central network location with no change or integration required with Web applications.

    Radware outbound SSL traffic inspection solution based on Alteon NG ADC, oversees all of the organization’s traffic to and from the Internet. Based on its advanced URL and Layer 4-7 classification capabilities, Alteon NG seamlessly intercepts and decrypts outbound SSL sessions and forward the clear traffic to any content inspection security solution such as firewalls, anti-malware, data leakage protection, etc, enabling those solution to gain full visibility into both encrypted traffic, even when the organization doesn’t own the SSL key. Safe traffic is then forwarded back to the Alteon which re-encrypt it and forward it to the internet towards its destination.

    Contact Us to Get Started.