Table of Contents
Traditional security approaches are no longer sufficient. As networks become increasingly complex with multi-cloud environments, diverse data centers, and hybrid infrastructures, security teams struggle with an overwhelming number of tools, dashboards, and manual processes. It’s time for a smarter approach, one that leverages your existing infrastructure as part of the solution.
What is Universal Mitigation?
Universal mitigation marks a fundamental shift in how we approach network defense. Instead of relying only on dedicated security appliances, we’re opening APIs, creating plugins, and utilizing infrastructure already built to handle packets efficiently.
The idea is simple: gather smart data from anywhere in your environment and enforce mitigation as close to the source of malicious traffic as possible. This might mean placing adaptable firewall filters directly into routers to stop traffic before it reaches the interface processor, rather than letting it overwhelm your firewalls or dedicated security devices.
Leveraging Your Existing Infrastructure
One of the most powerful aspects of universal mitigation is its ability to leverage what you already have. We’re not talking about rip-and-replace scenarios; we’re talking about integrating your existing network infrastructure into your defense strategy.
Take Juniper routers as an example. By leveraging flexible firewall filters, we can create policies that effectively minimize attacks while reducing collateral damage. These filters can manage thousands of rules simultaneously across hundreds of routers with virtually no impact on performance. In one scenario we saw a telecommunications provider in South America successfully deployed over 1,300 filters at once across their network infrastructure.
But it’s not just about routers. We’ve seen customers integrate intelligence from web application firewalls (WAFs), endpoint detection and response (EDR) systems, and other security tools. Instead of scaling up these systems to manage large volumes of malicious traffic, they identify threats and share that intelligence with our platform via APIs. We then implement mitigation strategies that can push out to edge routers, redirect traffic to scrubbing centers, or utilize other network infrastructure.
Automation: The Key to Scale
What is driving this evolution? Two main factors: operational complexity and the urgent need for automation.
Security teams today are overwhelmed with alerts and manual tasks. When EDR systems identify malicious activity, WAFs detect application-layer attacks, and various other tools generate intelligence, acting on that information often requires manual intervention or complex orchestration playbooks.
Universal mitigation changes this approach. Instead of redirecting traffic to a potentially vulnerable system, we automatically process intelligent feeds and implement mitigation as close to the network edge as possible. This significantly reduces response times, often just microseconds in optimized environments, while allowing your security team to focus on strategic initiatives instead of constantly playing defense.
Real-World Innovation: Cloud-Native Challenges
One of our most recent and interesting projects involved a large-scale SaaS provider operating entirely in public cloud infrastructure across AWS, Google Cloud, Azure, and Oracle Cloud. Without physical hardware to deploy traditional security appliances, they faced a unique challenge: how to defend against volumetric attacks when dedicated security hardware isn’t an option in the cloud.
Working closely with their team, we developed a solution using Envoy proxies—a common component of cloud infrastructure. By creating eBPF-based logic that examines traffic after TLS decryption, we can identify authenticated versus unauthenticated users, detect malicious behavior patterns, and craft narrowly scoped eBPF filters to implement protection at their cloud gateways.
This approach illustrates the universal mitigation philosophy: meet customers where they are, collaborate with their existing infrastructure, and address their specific challenges instead of imposing a one-size-fits-all solution.
Zero Trust Admission Control: Extending the Concept
Our Zero Trust Admission Control (ZTAC) is a prime example of widespread mitigation in action. Instead of analyzing network traffic, ZTAC uses identity and access management logs to identify authenticated users and their privileges.
This approach is especially effective for protecting traditionally challenging endpoints, such as VPN concentrators and login pages. By recognizing known good users, detecting suspicious behaviors (such as 200+ requests per second from a single source), and applying rate limiting, we can secure critical access points without disrupting legitimate users.
The benefit of ZTAC is that it seamlessly integrates with existing identity systems, whether SAML, LDAP, or other IAM solutions, and applies the same universal mitigation principles to enforce protections through edge routers, scrubbing centers, or cloud gateways.
Applicability Across IT and OT Environments
Universal mitigation isn’t confined to traditional IT environments. As operational technology (OT) networks become more connected to IT infrastructure, the need for thorough protection increases significantly.
Modern manufacturing environments often blur the lines between IT and OT, as production systems require the flexibility that IT connectivity offers. When these systems fail, whether it’s a manufacturing line, a hospital network, or a petroleum facility, the business impact is immediate and severe.
The same universal mitigation principles apply to gathering telemetry from operational systems built to sustain production resilience and utilizing that data to detect and stop threats before they impact critical operations.
The Technology Foundation
What enables universal mitigation is our use of standards-based technologies. By leveraging eBPF filters as a common platform across diverse security tools, we only need to manage the communication streams instead of reinventing integration methods for each new technology.
Whether we’re communicating with Juniper routers via NETCONF, making HTTPS calls to cloud management consoles, or integrating with F5 WAFs through their APIs, we’re using established standards and communication methods. This significantly reduces implementation complexity and deployment time.
Our SmartWall ONE™ DDoS defense solution oversees all this activity through a highly resilient, raft-based system that scales across multiple sites and hybrid environments. When you need to block traffic across thousands of network devices, you simply inform our arbitration engine what to block, and we decide where, when, and how to carry out the mitigation.
Why Now? Why Corero?
The question isn’t whether universal mitigation is the future of network security; it’s how quickly organizations can adapt to this new approach. Attackers are becoming increasingly sophisticated, employing adaptive techniques that modify attack vectors during incidents to prolong outages and amplify their impact.
At Corero, we have always prioritized automation and reducing operational costs. Universal mitigation is the natural next step in our evolution, building on our core work with BGP flowspec, flexible firewall filters, and open APIs.
While other security vendors continue to focus on proprietary solutions, we’re taking advantage of the packet-processing capabilities already present in your network infrastructure. This enables us to cut costs, both in hardware investments and operational expenses while significantly boosting response times.
Getting Started
If you’re facing security challenges without clear solutions, or if your current methods are becoming costly or complex to manage, let’s have a conversation.
Don’t think of Corero as just a DDoS protection company anymore. We’ve grown into a comprehensive network security provider, and our universal mitigation approach is built to grow with whatever challenges you encounter.
Your specific use cases help guide our technological development. Whether you’re staying ahead of the curve or prefer to use proven solutions, we’re here to help you maximize your existing infrastructure investments while creating a more resilient, automated security posture.
Ready to cut costs, simplify your tech stack, and reduce operational complexity? Let’s discuss your environment and the specific challenges you’re facing.
