Virtualized DDoS Mitigation:
SmartWall® Virtual Edition (vNTD)

Real-Time DDoS Mitigation in a Virtual Form Factor

Meet the newest member of the SmartWall Threat Defense System (TDS) family – The SmartWall vNTD with monitor and mitigate capabilities. The SmartWall vNTD is a natural extension of the Corero family of automated DDoS protection solutions, enabling seamless deployment of high-performing, scalable, cost-effective protection across physical and virtual environments; on-premises or in the cloud.

The SmartWall TDS - virtual edition brings real-time DDoS event visibility and mitigation to virtual machine (VM) instances for more diverse deployment possibilities, with the same powerful and rich DDoS security event analytics and reporting as SmartWall TDS.

The vNTD DDoS protection tool can be rapidly deployed to visualize and analyze and mitigate DDoS security events, leveraging the same DDoS detection capabilities as the physical appliance, yet delivered as a Virtual Edition for easy deployment and elastic scale.

 

Virtualized DDoS Protection

  • SmartWall protection leveraging existing server infrastructure
  • Flexible protection for mixed 1G / 10G environments

 

 

Security Appliances with added DDoS protection

  • Enhance existing products with SmartWall protection
  • Includes FW, IPS, WAF, Load-Balancers, SBC, etc…

Virtual ddos protection

DDoS Protection for Virtualised Networks 

  • Dynamically deployed & scaled
  • Protection when and where needed
    • North-South as well as East-West Segmentation

 

High Performance, CPU efficient, protection with unified management:

  • Mitigation deployed, in up to 10Gbps increments, at line-rate speeds
  • Protection scales to terabits per deployment
  • Industry leading performance per virtual CPU core
  • Mixed physical and virtual NTD deployments managed from single a console
  • Support for VMware ESXi and KVM virtual platforms

Robust Security and Attack Protection

Category of
DDoS Attack Monitoring

    Protection from DDoS Attacks 

Volumetric DDoS Attacks
Reflective DDoS Attacks
Resource Exhaustion DDoS Attacks
  • Malformed and Truncated Packets (e.g. UDP Bombs) 
  • IP Fragmentation/Segmentation AETs 
  • Invalid TCP Segment IDs 
  • Bad checksums and illegal flags in TCP/UDP frames 
  • Invalid TCP/UDP port numbers
  • Use of reserved IP addresses
Other DDoS Attacks
  • Command and Control Operations
  • NTP Monlist Requests 
  • Customized Protection with 
    • Blacklisting of IP Addresses 
    • Port address range filters (for generic TCP/UDP port-based attacks) 
    • Rate Limiting Policies 
  • Flex-Rule – Programmable filters using the Berkley Packet Format (BPF) syntax.  These can be programmed to address a variety of volumetric attack vectors, from reflective through to attacks leveraging specific payloads (Teamspeak, RIPv1, netbios).
  • Smart-Rule – Machine-learning engine leveraging heuristics and behavioral analysis to track and rate limit L2-L4 attacks, including zero-day.

 

Download the Datasheet