SmartWall® Application Threat Defense Appliance

First Line of Defense® against Application-Layer DDoS Attacks and Cyber Threats
 

SmartWall Application Threat DefenseApplication-layer DDoS attacks target servers and applications using layer 7 attack vectors. These exploits are often invisible at layers 3 and 4 of the networking stack. A wide range of intrusive or even destructive cyber threats are also only detectable at layer 7. In order to inspect for these attacks and threats it is necessary to perform Deep Packet Inspection (DPI) of the layer 7 packet payload. The SmartWall Application Threat Defense Appliance is capable of inspecting the layer 7 payload at the high rates required to detect and block threats in real time while continuing to forward legitimate traffic, without unnecessary delay. It is a member of the new Corero SmartWall Threat Defense System (TDS), an innovative family of space-saving, modular security platforms that will change the rules for inspection performance, security intelligence and network forensics, while providing an unprecedented level of scalability for First Line of Defense protection against cyber threats.

The Corero SmartWall application Threat Defense Appliance provides First Line of Defense protection against application-layer DDoS attacks, cyber threats and unwanted Internet traffic. It delivers the industry’s highest performance in a compact, energy efficient form factor for scalability from 10Gbps to 1Tbps in a single rack.This next-generation slimline appliance delivers 10Gbps full-duplex performance in a ¼ wide, 1 RU form factor. It is a member of the new Corero SmartWall Threat Defense System, an innovative family of space-saving, modular security platforms that will change the rules for inspection performance, security intelligence and network forensics, while providing an unprecedented level of scalability for First Line of Defense protection against cyber threats.
 

Powerful and Easy-to-Use Centralized Management  
                                                                                   

Each unit has a dedicated management port and is assigned a unique IP address. Centralized operational Corero Management Server (CMS) management of multiple appliances minimizes IT overhead, speeds deployments and streamlines provisioning. Corero offers multiple management options for configuring, controlling, and monitoring the appliances including a flexible Browser-based GUI, a full SSH CLI and powerful REST API that supports open integration with existing management frameworks.

Centralized management of the SmartWall Application Threat Defense Appliance as well as other family members of the SmartWall Threat Defense System is performed via secure connection to the Corero Management Server (CMS). The CMS includes a dashboard for monitoring threat activity and viewing key security events. The CMS is delivered as a virtual appliance to run on customer-provided hardware.
 

Robust Security Coverage
 

Defense Mechanisms                Security Coverage (Including inspection of SSL encrypted traffic)
Access Restrictions
  • Block and shun undesired IP addresses
  • Filter based on IP reputation (Botnets, spammers, anonymizing services)
  • Filter based on IP geo-location data
  • Block undesired TCP/UDP ports
  • Block buffer overflow and code injection attacks
  • Block command and control operations to/from known malicious URLs
Connection/Rate Limits
  • Protect against HTTP and HTTPS GET/POST floods
  • Protect against DNS request floods including unsolicited DNS requests
  • Block TLS renegotiation attacks
  • Block brute force login attempts and directory scans
  • Protect against ICMP floods, smurf attacks, SYN floods
  • Apply session rate limits per incoming client(s) as well as per protected server(s)
  • Control rates based on TCP connections, TCP/UDP packets/flows, and protocols
  • Limit IP fragmentation rates
  • Apply granular policies to both symmetric and asymmetric traffic types
Protocol Validations
  • Reject DNS cache scans and cache poisoning attempts
  • Reject invalid HTTP, HTTPS, and DNS requests
  • Perform deep packet inspection (including within SSL encrypted traffic) to block application layer threats and attacks
  • Reject Invalid IP protocol fields and Invalid TCP/UDP ports
  • Ensure proper IP/TCP/UDP header lengths
  • Perform multicast protocol checks
  • Reject Invalid checksums and malformed UDP packets
  • Block TCP state violations
Integrity Analysis
  • Block attempts to exploit known server vulnerabilities
  • Block buffer overflow and code injection attacks
  • Reject truncated packet lengths and invalid/repeated TCP segment IDs
  • Block IP segmentation/fragmentation exploits (Advanced Evasion Techniques)
  • Reject unsupported tunnel types
  • Prevent attacks from spoofed IP addresses
  • Protect from attacks like Rose, Smurf, Teardrop, and “Ping of Death”

Download the Datasheet