DDoS Mitigation with DefensePro

DefensePro DDoS mitigation utilizes innovative adaptive behavioral analysis technologies, with dedicated high performance hardware, to confront all types of DDoS attacks on a network. Using a layered defense concept, DefensePro detects and mitigates "low & slow" and high rate DDoS attacks in both the network and application layers.

Layers of DDoS Mitigation

Radware DefensePro works on the following four layers of defense:

Network Based Flood Attacks

The network-based layer of defense is constructed to detect, and mitigate, high volume DDoS attacks. Using an adaptive network behavior-based engine, this layer covers all types of L3 and L4 floods to protect a network. The network layer has the ability to differentiate between a sudden "flash crowd" and a real DDoS attack, and uses a real-time behavioral signature created on the fly to mitigate DDoS attacks.

This makes the system more accurate in detection and prevention of DDoS attacks, compared to other systems that use rate-based technology. Without the ability to create the differentiating signature of DefensePro, these systems can be prone to blocking legitimate traffic along with malicious traffic.

Direction Application Attacks

This layer is designed to specifically repel DDoS attacks that require "special" filtering. Advanced DDoS attacks cannot be defeated simply by generic methods, like rate-limiting or behavioral-based methods. In these cases, the Directed Application layer steps on.

Using the String Match Engine (SME), a L7 Regex engine that allows flexible L7 filters definitions that search for specific content patterns, networks are defended from the most insidious attacks. The SME allows security managers to analyze and react to signatures and events quickly.

Application Based Attacks

The application layer is configured to detect and mitigate DDoS attacks originating from a bot-net. Using application based behavioral analysis that learns application level parameters like HTTP request methods, reply types, average object size and more; this layer detects attacks that misuse application resources instead of network resources.

Further, this layer provides a protection against application cracking attacks and scanning, which are often part of an information gathering operation prior to attack and are notoriously difficult to detect.

By detecting abnormal repetitive patterns of transactions and learning to differentiate between legitimate and attacking transactions, this layer protects against many hard to detect bot attacks. This layer also uses innovative Radware technology to differentiate between flash crowds and real attacks - in a manner similar to the network layer - which is a difficult task.

Network Scanning

This layer of mitigation traces the source of abnormal behavior. For instance, it detects any type of network scanning (pre-attack probes), which are typically infected with malware designed to propagate through the network.

By analyzing the source IP address, traffic parameters, port and IP address distribution this layer reaches a conclusion about the source of the attack, which helps with creating a real-time signature used for mitigation.

The network scanning layer detects both high rate and low rate scans, with virtually no false positives. Combined with the accurate behavioral analysis system, which blocks scanning while allowing legitimate traffic, this powerful layer is crucial to DDoS mitigation.

DefensePro Attack Mitigation

The layer defense concept of DefensePro is powered by advanced hardware and mitigation technologies. Learn more about the dedicated hardware appliances of DefensePro.