Network-as-a-Sensor: A New Approach to the DDoS Problem
Mike Geller from Cisco’s CTO office and Ehud Doron of Radware’s CTO office presented at Cisco Live Berlin 2016 the revolutionary concept of Network-as-a-Sensor to fight DDoS attacks.
There are two approaches to detect against DDoS attacks: on-premise (also sometimes called in-line) and Cloud (out of path). When a DDoS protection solution is deployed on-premise, organizations benefit from an immediate and automatic attack detection and DDoS mitigation solution. Within seconds from the start of an attack, the online services are well protected and the attack is mitigated.
However, on-premise DDoS solutions cannot handle volumetric network floods that saturate the Internet pipe of the enterprise. Cloud solutions require the deployment of an overlay infrastructure that collects network statistics from various end points and redirects customer traffic to scrubbing centers for attack cleansing. Cloud DDoS protection solutions can remove volumetric attacks; however, they lack visibility into application level attacks, low and slow DDoS attacks, and encrypted attacks.
Network-as-a-Sensor: Extend Attack Detection to SMEs
At Cisco Live Berlin, Mike Geller and Ehud Doron presented at DevNet a new approach: Network-as-a-Sensor.
This approach is designed for small to medium enterprises (SMEs), which are, eventually, the mass market. Today, SMEs are forced to use cloud solutions because on-premise solution costs are too high. With this new approach DefenseFlow DDoS defense software is installed on existing routing solution (in the case of the DevNet session – Cisco ISR) and it acts as a virtual behavioral detection sensor.
DefenseFlow client signals attack information (rather than network statistics) to a central automated cyber incidents response server (DefenseFlow Server) using DOTS (DDoS Open Threat Signaling) protocol. DefenseFlow server automates the attack life-cycle workflow including traffic redirection to the scrubbing center and forwarding the clean traffic to its original destination.
The above solution has also been demonstrated with an end-to-end attack detection and mitigation life cycle.
What is the value proposition?
- Network-as-a-Sensor approach recruits existing network infrastructure and router resources to act as attack detectors.
- You gain cloud DDoS mitigation solution with the performance of an in-line (on-premise) solution characteristic. A very short time to detect of less than 10 seconds!
- Simplicity, flexibility and scalability in an IETF DOTS ready architecture.
Our team will be at Cisco Live Berlin this week at Booth G3. Stop by and learn more about the flexibility and scalability of our security solutions and how they can help your SME.