Why you should replace your d do s hardware appliance
โขDownload as PPTX, PDFโข
0 likesโข404 views
Watch this webinar to learn how to: Protect and accelerate your networks Reduce the total cost of ownership (TCO) in your data centers, and Increase your operational agility with easy deployment and management of network services
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Why you should replace your d do s hardware appliance
Similar to Why you should replace your d do s hardware appliance (20)
More from Cloudflare
More from Cloudflare (20)
Recently uploaded
Recently uploaded (20)
Why you should replace your d do s hardware appliance
- 1. Why You Should Replace Your Hardware DDoS Appliance Vivek Ganti Product Marketing Cloudflare LIVE WEBINAR
- 2. ENTERPRISE NETWORKS Router Switch L3/4 Firewall VPN DDoS Mitigation (L3-L7) WAN Optimization Load Balancer Performance Security Reliability
- 3. The data centric & appliance based approach is broken Expensive infrastructure and resource costs of managing DDoS hardware Easily overwhelmed by large volumetric DDoS attacks โ leading to service disruption Require constant upgrades to stay up-to-date to defend against the latest threats THE PROBLEM WITH ON-PREM DDOS HARDWARE
- 4. Get rid of perimeter network hardware. CLOUDFLARE MAGIC TRANSIT NETWORK HARDWARE APPLIANCES โ CAPEX: Initial box, installation costs โ OPEX: โ Licensing, maintenance โ IT/ engineering staff โ Data center rent/ power CLOUDFLARE NETWORKING-AS-A- SERVICE โ ZERO CAPEX โ Usage-based model โ Zero licensing, installation, support, maintenance fees โ Includes dedicated systems, customer engineers
- 5. We are helping build a better Internet. CLOUDFLARE AT A GLANCE 5
- 6. Cloudflareโs network operates at massive scale CLOUDFLARE AT A GLANCE Cloudflare city Approximate area inside which Cloudflareโs network is reachable within 100ms via the Internet 6 Note: map data as of Jan 15, 2020 25M+ Internet properties 200+ cities and 100+ countries 76B cyber threats blocked each day in Q3โ20 99% of the Internet-connected population in the developed world is located within 100 milliseconds of our network 51 Tbps of network capacity
- 7. Benefits Simplify your data center networking โ DDoS protection, network firewall, traffic acceleration, and more โ are all delivered as-a-service โ Just connect to Cloudflare, weโll take care of the rest CLOUDFLARE MAGIC TRANSIT Get peace of mind with best-in- class networking โ Robust, automatic DDoS protection with a mitigation capacity of over 51 Tbps and under 3 sec TTM โ Integrated network firewall and traffic acceleration โ Built-in network analytics Drive operational agility up and costs down โ No boxes = Zero CAPEX โ Zero licensing, installation, and maintenance fees โ Lower TCO compared to hardware appliances
- 8. Cloudflare helps Wikimedia restore service following a massive DDoS attack CLOUDFLARE DDOS PROTECTION โ CUSTOMER STORY North American non-profit organization that hosts Wikipedia, one of the worldโs most renowned open collaboration projects. โ Founded in 2003 โ One of the most visited websites in the world โ Over 25 billion page views monthly โ Hosts 13 collaborative knowledge projects including Wikipedia Challenges โ Target of a massive coordinated DDoS attack campaign of ~300Gbps of bandwidth, 105MPPS of TCP ACK traffic, and 340MPPS of UDP floods โ Significant increase in HTTP response times from servers that were still reachable โ Site accessibility impacted in various regions around the world Cloudflare Solution โ Magic Transit protects their on-premise data centers from volumetric attacks โ Even as the attack changed patterns, Magic Transit was a resilient shield protecting Wikimediaโs network infrastructure Key Results โ Improved resilience and availability โ Zero performance degradation due to filtering traffic at the edge โ Valuable partnership with Cloudflare and influence on product roadmap 8Read more: https://www.cloudflare.com/case-studies/wikimedia-foundation/
- 9. EDUCATION Customers realizing value in every industry, every vertical, every country HEALTHCARE / LIFE SCIENCES SOFTWARE INDUSTRIAL / TRANSPORTATION CONSUMER / eCOMMERCE FINANCIAL SERVICES HARDWARE / MANUFACTURING MEDIA / ENTERTAINMENT GAMING YOU ARE IN GOOD COMPANY
- 10. Thank you vivek@cloudflare.com Read the latest Q3 2020 DDoS trends in our blog: https://blog.cloudflare.com/network-layer-ddos-attack-trends-for-q3-2020/
Editor's Notes
- Most enterprises today have data centers with network hardware that comprises boxes such as these: Maybe WAN Optimization appliance from Riverbed DDoS box maybe from Arbor or Radware Network firewall from maybe PAN VPN appliance from Cisco LB from F5 These boxes were built to satisfy some fundamental needs of connectivity โsecurity, performance, and reliability. At Cloudflare, we call these boxes, band-aid boxes. Band-aid because thatโs what they areย โ a temporary fix. While these โband-aid boxesโ added some security, performance, and reliability benefits, they contributed to massive complexity, cost, technical debt, and a tangled web of dependencies. Band-Aid boxes are expensive - it cost a lot in terms of the CAPEX. On one hand, there is the hardware cost from deploying specialized hardware, it actually costs a lot in terms of the people who have to manage these solutions. In spite of the drawbacks, the band-aid boxes were sufficient to ensure the safety, functionality, and resilience required by businesses that could afford them in the on-premise paradigm, but these band-aid boxes were never designed to work in the cloud. The network hardware boxes worked for a while in on-premises deployment and in the early days of the Internet, but the problem is the application deployment is changing. Weโve shifting application deployment, storage and compute to the cloud, but the network layer still remains on-premises. This complicates network management.
- DDoS attacks are surgingย โ both in frequency and sophistication. And DDoS boxes are just not built for todayโs networks to counter attacks of todayโs times. One reason is they are very expensiveโoften boxes cost multiple 100Ks per box, and if you have multiple data centers, you have to purchase multiple boxes. Theyโre also easily overwhelmed by large attacks. Often they need constant upgrades and dedicated teams In September 2020, a large pharma firm was the victim of a ransom-based DDoS attack. Senders of the ransom note attacked this companyโs data center to prove that they were serious about their threat. Their existing on-prem DDoS box failed to block the threat because its uplinks were easily saturated by the scale of the attack. The attackers threatened to bring down all of their multiple data centers unless they were paid an undisclosed amount of money before a specified deadline. The company approached Cloudflare and we onboarded them overnight to protect them from any future attacks.
- And this is where Cloudflare can help. So who are we and why do we exist? Iโd like to begin by grounding in Cloudflareโs mission because it guides everything we do. Our mission is bold but simple - to help build a better Internet. One that is faster, more secure and more reliable for all.
- Every dot you see here represents a Cloudflare PoP Whatโs unique about us is that every machine in every data center runs every product Avoids the performance tradeoff of routing through a limited number of data centers Everything we build sits on top of this network Flexible due to commoditized hardware (w/high performance networking cards) and Linux x86 architecture โleverage the express data path and eBPFโ10 years ago this would have been crazy given performance. Today itโs our secret weapon.
- Now on to the benefits of Magic Transit: One โ it helps customers get rid of boxes. Many bigger companies are at some stage of their path towards digital transformation, and as cliche as it sounds, Magic transit does help companies further adopt the cloud. Network functions delivered as a service are easy to configure and manage. Two โ it gives customers access to Cloudflareโs expansive network, that not only protects but also accelerates anything connected to it. Security with integrated performance. Cloudflare is one of the most interconnected networks in the world. We work with carriers, Internet exchanges and peering partners around the world to ensure that every bit placed on our network will reach its destination quickly and reliably. Third โ costs. More and more companies we talk to are looking for ways to reduce their Capex. Magic Transit helps you dramatically reduce your Capex and delivers operational agility with VNFs delivered and billed as a service. This is a huge plus.
- All of us know Wikipedia. It is one of the most visited websites in the world with over 25B monthly page views. The Wikimedia Foundation hosts 13 collaborative knowledge projects from Wikipedia, the free encyclopedia, to Wikibooks, Wikitionary, Wikidata, and others. Wikimedia experienced a massive DDoS attack in early September of 2019. We reached out to them to find out how we can help. Within a few hours they responded that they could use the help as they were struggling to recover from the persistent attacks being targeted at Wikipedia which had been knocked offline. Cloudflare worked closely with the Wikimedia team to help get Magic Transit in place, and once it was able to show results the deployment was expanded to cover their entire site presence. Not only were they able to restore global service to Wikipedia but the imposed latency was minimal; 66ms versus 63 ms before Cloudflare was inserted into their network. Wikimedia has since deployed Magic Transit as a core part of their network infrastructure and leverage the broad threat intelligence that Cloudflare offers to help mitigate the debilitating impact of future attacks. Magic Transit is deployed on-demand via API based on network indicators that allows Wikimedia to automate service utilization on an as needed basis. As one of the early adopters of Magic Transit, they are also a key partner for Cloudflare in improving the product to meet the needs of highly targeted media sites. https://blog.thousandeyes.com/analyzing-the-wikipedia-ddos-attack/
- Cloudflare is used across the various verticals. Here are some example of customers in each of the key verticals.