• DefenseFlow Features and Benefits

    Software Defined Networking Application & DDoS Protection Services

    Built as a native SDN application, Radware's DefenseFlow provides DDoS protection services and equips network operators with the following key advantages when adding DDoS protection into their infrastructure:

    Best design for attack mitigation

    Attack detection is always performed out of path; during attack period only suspicious traffic is diverted through the mitigation device

    Most scalable mitigation solution

    DefensePro mitigation devices can be placed in any location, DefenseFlow diverts the traffic to the nearest mitigation device

    Unprecedented coverage

    Against all type of network DDoS attacks

    Key Capabilities

      • DefenseFlow can collect various types of telemetries and statistics from various network elements and other control plane entities. This includes NetFlow, OpenFlow, DefensePro, Alteon, AppWall and more. In addition, the DefenseFlow collection interface is completely pluggable to enable the collection of data from a new type of network, security or control element is very quick.
    • Behavioral Detection
      • DefenseFlow can collect various types of telemetries and statistics from various network elements and other control plane applications and apply behavioral algorithms for accurate and false positive free detection. The behavioral detection mechanism is fully compatible with mitigation behavioral mechanisms that allows for the fastest and most accurate mitigation in the industry.
    • Attack Lifecycle Management
      • The most advanced and effective image optimization algorithm, reducing image payload by up to 80%
      • In order to handle several services, tenants or network elements in a reasonable TCO and with minimal effort, DefenseFlow employs strong algorithmic capabilities which enable automation of several common NOC/SOC operations within cyber-attack mitigation workflows. Examples for these are new service provisioning, mitigation activation, traffic blocking via RTBH or BGP Flowspec, traffic diversion / injection and attack termination. This enables service providers to handle large amounts of customers efficiently and with minimal errors. Each of the automation algorithms also includes a user confirmation mode in which the operative can validate and approve each action before it happens.
    • Abstraction of the Physical Layers
      • Security service provisioning, attack activation and traffic diversion/injection, and security monitoring are enabled in the context of the protected service across the different detection and mitigation systems involved.
    • Service Capacity
      • As mitigation is enabled only when needed, DefenseFlow enables provisioning of mitigation equipment to allow for a cost effective solution which is governed by the number of active attacks in the network rather than the number of customers. DefenseFlow allows simple building of mitigation device clusters so that the overall mitigation capacity can reach up to 3TB of mitigation. The cluster size can reach from one mitigation device and up to 10 devices with full support in a "pay as you grow" approach.
    • SDN Support
      • DefenseFlow supports SDN-based networks for statistics collection and traffic diversion operations and allows for hybrid modes so that service providers moving from traditional to SDN-based controls can be fully supported. This capability enables a future proof solution which supports both traditional and SDN networks and allows for a smooth transition.

    In addition to the many advantages associated with moving to an SDN-based network, SDN-based DDoS detection enables more accurate and fast detection of DDoS attack than traditional network statistics methods.

    Flexible SecOps Automation

    One of the key requirements for security operations is for the security control system to be flexible enough to integrate within any environment and enable integration of different systems, network elements and applications. Some of these may already exist in the environment and others may be new. On the other hand, this requirement, when interpreted in a trivial manner, comes in contrast to maintaining a simple system which enables low engagement from operatives and high levels of automation.

    DefenseFlow aims to tackle this conflict by being flexible enough to be deployed within any environment while keeping things simple to operate and abstracting many of the underlying complexities.

    Legacy DDoS protection services that make use of scrubbing centers are costly because they need hardware detectors in every network location, BGP for traffic diversion, and GRE tunnels to forward the traffic to its designated network object. With SDN, a DDoS protection solution turns into a software application that adds intelligence to the network. There is no need for additional hardware, BGP or GRE operations, which is a great cost reduction opportunity for operators.