An announcement by A10 Networks today has all the indicators of a significant improvement in what is now possible for DDoS defense capabilities.
Noting that the time is now for DDoS defense to bring its ‘A’ game, A10 Networks announced it is adding Zero-day Automated Protection (ZAP) capabilities to its leading Thunder Threat Protection System (TPS) family of Distributed Denial of Service (DDoS) defense solutions. The ZAP capabilities automatically recognize the characteristics of DDoS attacks and apply mitigation filters without advanced configuration or manual intervention. This speeds the response to the increasingly sophisticated multi-vector attacks to minimize downtime and errors and lower operating costs.
Brilliance Security Magazine spoke with Don Shin, Senior Product Marketing Manager at A10 Networks. He explained that the bad guys have increased in their sophistication and complexity when launching DDoS attacks. “Defense strategies need to step up and even surpass their tactics,” he said.
Today’s DDoS attacks are more prevalent, multi-vector in nature and morph over time. With millions of IoT devices predicted to be in use over the coming years, driven by the transition to 5G networks, traditional DDoS solutions will quickly become inadequate. Current solutions are static, reactive and require significant operator intervention, resulting in a slow response time to the rapidly evolving attack landscape. It is clear that DDoS detection and mitigation is a growing concern for enterprises, cloud providers and service providers, alike. In fact, in a recent A10 Networks survey of mobile operators, 63 percent saw advanced DDoS protection as the most important security capability needed for 5G networks. And, in an IDG research report, respondents confirmed that the number-one most important capability in a DDoS solution was automated detection and mitigation.
“The economics of DDoS mitigation and attacks are very much slanted towards the attackers now, so we will need more efficient tools and advanced technologies to balance the equation to make DDoS defense more effective and economical,” said Chris Rodriguez, research manager, cybersecurity products. “A10 Networks is advancing the economics of DDoS security by leveraging machine learning and advanced heuristics to create that balance.”
DDoS Protection Powered by Machine Learning
A10 Networks’ ZAP is comprised of two components: dynamic attack pattern recognition by a machine learning algorithm and heuristic behavior analysis recognition to dynamically identify anomalous behavior and block attacking agents. ZAP works in conjunction with A10 Networks’ adaptive DDoS security model and its five-level adaptive policy mitigation engines to provide a complete in-depth defense system. This comprehensive approach blocks DDoS attacks while protecting legitimate users from indiscriminate collateral damage typically associated with traditional DDoS protection methods.
The ZAP policies can be enforced by a combination of hardware and software. Thunder SPE (Security and Policy Engine) appliances can serve up to 100,000 ZAP policies at line rate and the remaining ZAP policies can be served by software. This provides superior mitigation performance over the traditional software only solution, enabling superior response time and scalability.
“In today’s climate with the dramatic increase in polymorphic multi-vector attacks and the chronic shortage of qualified security professionals, enterprises and service providers need intelligently automated defenses that can accomplish tasks autonomously,” said Lee Chen, CEO of A10 Networks. “Manual interventions are not only resource-intensive but too slow and ineffective, resulting in a greater potential of network downtime and high cost to the organization.”
A10 Networks provides the highest performance with 500 Gbps of protection in a single one-rack unit (RU) appliance, leading automation capabilities with ZAP and five-level adaptive policy, and actionable DDoS weapons threat intelligence for a complete multi-modal defense in depth solution.
A10 Networks says that their Thunder TPS with ZAP is available now.
Steven Bowcut, CPP, PSP is the Editor-in-Chief for Brilliance Security Magazine