Network & DDoS Threat Protection Appliance
SmartWall® Network Threat Defense 1100
Real-time DDoS Attacks Monitoring and Protection - SmartWall NTD1100 Appliance
Disruptions to Internet service availability as a result of Distributed Denial of Service (DDoS) attacks can cripple operations, impact customers and result in major economic losses.
The SmartWall Network Threat Defense 1100 (NTD1100) allows real-time, line-rate, DDoS monitoring and automatic mitigation, to 100 Gigabit Ethernet connections. Protection is delivered in a compact 1 RU form-factor – an industry first – scaling to 4Tbps of protection in a single rack.
The NTD1100 is a dedicated technology for real-time monitoring and protection of DDoS attacks in seconds vs minutes (in contrast to legacy solutions), allowing good user traffic to flow uninterrupted. With varied deployment topologies, (In-line or scrubbing) the NTD1100 protection appliance utilizes modern DDoS mitigation architecture to automatically, and surgically remove DDoS attack traffic.
It allows service providers, hosting providers, and online enterprises to deploy centralized or distributed DDoS attack protection solutions via purpose-built network security appliances that provide real-time Layer 3-7 mitigation against volumetric attacks for both IPv4 and IPv6 traffic.
This groundbreaking new DDoS protection appliance provides configurable policies to selectively enable a broad range of specific mechanisms to defend critical network assets against suspicious or malicious traffic types while allowing uninterrupted service access to legitimate users and applications.
The SmartWall NTD1100 also utilizes the concepts of Flex-Rule and Smart-Rule technology to apply granular identification and protection filters to a very specific DDoS attack with ease. These rules, leverage heuristic and closed loop policy, allow for rapid creation and deployment, thereby providing customers with the ability to respond rapidly to the evolving nature of sophisticated DDoS attacks.
Robust Security and Attack Protection
DDoS Attack Monitoring
Protection from DDoS Attacks
|Volumetric DDoS Attacks
|Reflective DDoS Attacks
|Resource Exhaustion DDoS Attacks
- Malformed and Truncated Packets (e.g. UDP Bombs)
- IP Fragmentation/Segmentation AETs
- Invalid TCP Segment IDs
- Bad checksums and illegal flags in TCP/UDP frames
- Invalid TCP/UDP port numbers
- Use of reserved IP addresses
|Other DDoS Attacks
- Command and Control Operations
- NTP Monlist Requests
- Customized Protection with
- Blacklisting of IP Addresses
- Port address range filters (for generic TCP/UDP port-based attacks)
- Rate Limiting Policies
- Flex-Rule – Programmable filters using the Berkley Packet Format (BPF) syntax. These can be programmed to address a variety of volumetric attack vectors, from reflective through to attacks leveraging specific payloads (Teamspeak, RIPv1, netbios).
- Smart-Rule – Machine-learning engine leveraging heuristics and behavioral analysis to track and rate limit L2-L4 attacks, including zero-day.