Arbor Networks, a security and network management solutions provider, announced today the Arbor Pravail Availability Protection System (APS), a new product family focused on securing the Internet data center (IDC) edge. An important new capability introduced within the Arbor Pravail APS is Cloud Signaling, a protocol that bridges the gap between the data center edge and the provider cloud, where Arbor’s Peakflow SP platform is pervasively deployed. The addition of Cloud Signaling automates the connecting of service providers, network operators and data center customers with the mission to ensure the availability of IDC infrastructure and speed time-to-mitigation for distributed denial of service (DDoS) attacks.
Cloud Signaling enables optimal protection of the Internet data center from availability threats, identifying and mitigating application-layer attacks at the data center edge and volumetric denial of service attacks in the provider cloud. No other vendor is able to offer this comprehensive, automated protection against availability threats to IDC infrastructure.
For the second consecutive year, botnet-driven volumetric and application-layer DDoS attacks continue to be the most significant problems facing network operators, according to the Arbor Networks 2010 Worldwide Infrastructure Security Report. In 2010, for the first time, volumetric DDoS attacks topped the 100 Gbps barrier and an alarming 77 percent of respondents detected application-layer attacks. These application-layer attacks are targeting both end customers and network operators’ own critical support services, such as HTTP, Web and domain name system (DNS) services. IDC operators reported that application-layer DDoS attacks are leading to significant outages, increased operational expenditures (OPEX), customer churn and revenue loss. Moreover, enterprises point to the DDoS threat to the data center – the availability of services and data – as one of the biggest obstacles for organizations looking to move to cloud-based infrastructure today.
Cloud Signaling addresses the need for a coordinated response to both aspects of today’s increasingly complex DDoS threat – the magnitude of the largest volumetric attacks and the sophistication of the latest in application-layer denial of service attacks. Working with their Internet service provider (ISP) and managed security services provider (MSSP) customers, Arbor Networks has developed a protocol to facilitate both customer on-premise mitigation of application-layer attacks and upstream mitigation of volumetric attacks in an automated and real-time manner. Arbor customers who utilize Cloud Signaling can offer customers a comprehensive, integrated protection from the data center edge to the service provider cloud.
When a data center operator discovers that they are under a service-disrupting DDoS attack, they can choose to mitigate the attack in the cloud by triggering a signal to upstream infrastructure of their provider’s network. A volumetric DDoS attack congesting the upstream links would immediately diminish or disappear altogether from the data center’s access links and service availability would be protected. IDC customers also benefit from real-time monitoring of the attack mitigation, as well as granular post-mortem reports with details of the attack and the steps taken by the operator to mitigate the attack, keeping them in control and maintaining their expertise in command of the event. The addition of Cloud Signaling into the ISP/MSSP portfolio further strengthens the overall managed DDoS service offering by providing customers with complete DDoS protection from a single dashboard. Cloud Signaling enables the IDC operator to reduce time to mitigation and increase the effectiveness of response against DDoS threats, thus saving the company from major operational expense and preserving the company’s reputation.
Infosec India 