Stop DDoS Attacks with Corero's DDS
Corero's DDoS Defense System (DDS) is your organization’s First Line of Defense® against crippling, costly Distributed Denial-of-Service (DDoS) attacks, delivering the most comprehensive DDoS protection available. Purpose-built, on-premise DDS detects and blocks both familiar network-layer flooding attacks, and the newer, difficult to detect, low and slow application-layer attacks, which have become the attackers’ weapon of choice.
Traditional cloud-based anti-DDoS services are largely ineffective against these application-layer attacks. Corero’s DDS uses an adaptive, patented DDoS defense algorithm to ensure your online business is always up, always available — blocking malicious incoming requests while passing legitimate traffic to the company's protected servers. Positioned at the network gateway, DDS protects your existing IT infrastructure -- such as firewalls – allowing it to perform as intended.
The DDoS Threat
Time is money. Companies that do business on the Internet, such as eCommerce, financial services and online gaming — in fact, any organization that depends on its websites for customer, supplier and/or partner interaction and transactions — require absolute, continuous availability and fast response. If a site is unresponsive, or worse, offline, frustrated customers will quickly go to another for goods, services and information. High-transaction sites can lose $1 million or more in 24 hours of sustained DDoS attacks.
The rise of application-layer attacks has been a major factor in the increased use and effectiveness of DDoS attacks. These attacks require much smaller botnets than massive flooding attacks and appear to be legitimate connections. They are therefore much harder to detect and mitigate.
A survey by Vanson Bourne, commissioned by Corero, showed that more than half the companies hit by DDoS attacks in the previous 12 months blamed competitors seeking an unfair business advantage. Criminals also use the threat of DDoS as an extortion weapon, in a cyber variant of the familiar protection racket. Hacktivist groups, such as Anonymous, have increased awareness of DDoS attacks, and often use DDoS as a diversionary tactic to distract attention from other attacks aimed at stealing data.
DDoS Defense System (DDS)
As the First Line of Defense for your network, DDS ensures business uptime and protects the investment in your IT infrastructure by preventing DDoS attacks from crippling your firewalls, intrusion prevention systems (IPS), switches and targeted web and DNS servers. DDS leverages Corero’s award-winning DDoS defense technology to deliver nondisruptive protection against constantly evolving threats. It stops all types of DDoS attacks and maintains full availability without degrading performance. DDS provides maximum protection for critical IT assets while allowing full access to legitimate users and applications.
DDS leverages patented DDoS defense algorithms and extensive rate-based protection mechanisms to block all forms of DDoS attack. This system debits a DDS-maintained credit balance associated with each source IP address and blocks further requests when credits are depleted.
DDS detects and blocks all forms of DDoS attacks, including:
- Application layer
- Network layer flooding
- Specially crafted exploits (such as KillApache)
- Outbound attacks
- Detects and mitigates both traditional network-layer DDoS attacks and more advanced application-layer attacks
- Protects your network, allowing legitimate communications to pass without delay
- Enables business continuity and availability
- Ensures your organization’s investment in IT infrastructure
- Through ReputationWatch, provides automated real-time defense against identified DDoS attack sources
- With geolocation technology, enables enforcement of security policy based on national origin of IP addresses
- Provides lowest latency and high throughput, even while under attack
- Offers absolute reliability with redundant power supply, a rating of 20 to 30 year mean time between failures, no rotating media and no chip fans
- Features advanced clustering capability for high availability and increased performance
ReputationWatch with Geolocation
Corero’s ReputationWatch service provides context-based security to Corero’s DDS. ReputationWatch delivers dynamic protection by identifying constantly changing IP addresses and automatically blocking traffic from “known bad” sources in real time.
The Internet threat environment is in a constant state of flux. Sophisticated botnets and Denial of Service attackers change their identities frequently and often hide using anonymized IP addresses. Manual maintenance of security configuration by IT admins to counter automated and fluid threats is costly and ineffective. ReputationWatch solves this problem, identifying malicious IP addresses and delivering a continuous global intelligence feed. It dynamically responds to the latest intelligence and blocks “bad” addresses automatically so that DDS is always defending against the latest threats.
ReputationWatch also features Corero’s latest geolocation technology advancements, which enables organizations to prevent access based on national origin of IP addresses. The geolocation capability enables organizations to limit or even exclude traffic from countries with which they do little or no business, or countries associated with high numbers of attacks.
Unmatched Service with SecureWatch® PLUS
SecureWatch® PLUS is a comprehensive suite of configuration optimization, monitoring and response services for DDoS defense, customized to meet the security policy requirements and business goals of each Corero DDoS Defense System customer who selects this premium service. With SecureWatch PLUS, customers receive expert DDoS defense services, including organization-specific implementation, around-the-clock monitoring and immediate and effective response in the event of an attack.
Dedicated to making our customers' success our success, Corero offers an integrated solution of technology, services and support to protect the business in a hostile environment with minimal management overhead and minimal impact on productivity and network performance.