Virtualized DDoS Mitigation:
SmartWall® Virtual Edition (vNTD)

Real-Time DDoS Mitigation in a Virtual Form Factor

Meet the newest member of the SmartWall Threat Defense System (TDS) family – The SmartWall vNTD with monitor and mitigate capabilities. The SmartWall vNTD is a natural extension of the Corero family of automated DDoS protection solutions, enabling seamless deployment of high-performing, scalable, cost-effective protection across physical and virtual environments; on-premises or in the cloud.

The SmartWall TDS - virtual edition brings real-time DDoS event visibility and mitigation to virtual machine (VM) instances for more diverse deployment possibilities, with the same powerful and rich DDoS security event analytics and reporting as SmartWall TDS.

The vNTD DDoS protection tool can be rapidly deployed to visualize and analyze and mitigate DDoS security events, leveraging the same DDoS detection capabilities as the physical appliance, yet delivered as a Virtual Edition for easy deployment and elastic scale.

 

Virtualized DDoS Protection

  • SmartWall protection leveraging existing server infrastructure
  • Flexible protection for mixed 1G / 10G environments

 

 

Security Appliances with added DDoS protection

  • Enhance existing products with SmartWall protection
  • Includes FW, IPS, WAF, Load-Balancers, SBC, etc…

Virtual ddos protection

DDoS Protection for Virtualised Networks 

  • Dynamically deployed & scaled
  • Protection when and where needed
    • North-South as well as East-West Segmentation

 

High Performance, CPU efficient, protection with unified management:

  • Mitigation deployed, in up to 10Gbps increments, at line-rate speeds
  • Protection scales to terabits per deployment
  • Industry leading performance per virtual CPU core
  • Mixed physical and virtual NTD deployments managed from single a console

Robust Security and Attack Protection

Category of
DDoS Attack Type

    DDoS Attack Coverage 

Volumetric DDoS Attacks
  • TCP Flood Attacks 
  • UDP Flood Attacks 
  • UDP Fragmentation Attacks
  • ICMP Floods
Reflective DDoS Attacks
  • NTP Monlist Response Amplification
  • SSDP/UPnP Responses
  • SNMP Inbound Responses
  • Chargen Responses
  • Smurf Attack
  • Fraggle Attack DNS
  • DNS Amplification
Resource Exhaustion DDoS Attacks
  • Malformed and Truncated Packets (e.g. UDP Bombs) 
  • IP Fragmentation/Segmentation AETs 
  • Invalid TCP Segment IDs 
  • Bad checksums and illegal flags in TCP/UDP frames 
  • Invalid TCP/UDP port numbers
  • Use of reserved IP addresses
Other DDoS Attacks
  • Command and Control Operations
  • NTP Monlist Requests 
  • Customized Protection with 
    • Blacklisting of IP Addresses 
    • Port address range filters (provides protection for generic TCP/UDP port based 
      attacks) 
    • Rate Limiting Policies 
  • Flex-Rule – Programmable filters based on the Berkley Packet Format (BPF) syntax.  These can be programmed to address a variety of attack categories volumetric, reflective through to attacks leveraging specific payloads (Teamspeak, RIPv1, netbios).
  • Smart-Rule – Heuristics based engine leverages heuristics and behavioral analysis to track and rate limit L1-L4 attacks