2. Protect the Internet Pipe with DefensePipe
DefensePipe is a cloud-based service that protects
organizations against Internet pipe saturation
•
A cloud extension that complements Radware’s on-premise
attack mitigation capabilities
•
Operated from a data center in the cloud
•
Activated only when the attack threatens to saturate the Internet pipe
Slide 2
3. On-Premise Attack Mitigation System
Radware’s on-premise attack mitigation system (AMS) offers widest
security coverage for:
– SSL based attacks
– Application level attacks
– Low & slow attacks
– Network flood attacks
– Known vulnerabilities
– Egress traffic attacks
• Mitigation starts immediately and automatically
• No need to divert traffic
• Detailed real-time and forensic reports
Slide 3
4. Cloud-Based Attack Mitigation Service
Radware’s DefensePipe extends the reach of AMS to the cloud
• Internet Pipe saturation protection must be offered from the cloud – the
ideal location to scrub volumetric flood attacks that threaten to saturate
the Internet pipe
• Some DDoS attacks saturate the Internet pipe
– In 2012, 15% of attacks seen by Radware’s Emergency Response Team (ERT)
saturated the Internet pipe
– Average throughput of those volumetric attacks was 6.5Gpbs
Slide 4
5. DefensePipe Operation Flow
ISP
Volumetric DDoS attack that
On-premise AMS mitigates
block the Internet pipe
the attack
Radware’s ERT and the
customer decide to divert
the traffic
Clean traffic
Defense Messaging
DefensePro
Protected Online
Services
AppWall
Sharing essential
information for
attack mitigation
DefensePros
Protected Organization
Slide 5
6. DefensePipe Activation Process
Two options to activate DefensePipe
•
Process 1
– Radware’s ERT handles the attack from inception with the customer— at the
customer’s premise
• ERT notices that the Internet pipe is about to get saturated
• ERT asks for customer approval to divert traffic to the cloud
•
Process 2
– Radware’s DefensePro successfully mitigates the attack—without ERT
involvement
– DefensePro sends ‘pipe utilization’ defense messages to DefensePipe cloud
scrubbing center
– Once the pipe utilization passes a pre-defined threshold, an alert message is sent
from the on-premise attack mitigation system to the cloud
– This alert message invokes Radware’s ERT to contact the customer and asks for
approval to divert the traffic to the cloud
Slide 6
7. Solution Benefits
• On-premise mitigation for all attacks except attacks that threaten to
saturate the pipe
– Traffic is diverted only as a last resort
• Shortest mitigation response time
– On-premise AMS starts immediately to mitigate the attack
– No need to wait for traffic diversion to start mitigation
• Widest security coverage
– On-premise AMS mitigates SSL based attacks, application layer attacks, low &
slow and network attacks up to the Internet pipe capacity
– DefensePipe mitigates attacks that are beyond the Internet pipe capacity
• Single contact point during an attack
– Radware ERT fights the attack during the entire campaign
– No need to work with multiple vendors or services
• Integrated reporting system
– Reporting from on-premise mitigation and in the cloud mitigation
– Achieve more efficient forensics
Slide 7