Red Armor NSE7000 Platform released with new capability to mitigate IoT-generated volumetric DDoS attacks
OTTAWA, ON (Canada) – May 8, 2017 – Corsa Technology, the leader in performance SDN switching and network security enforcement, announced GigaFilter, a new feature on the Red Armor NSE7000 hardware platform that allows instant filtering of up to 4 Billion IPv4 addresses on 10 Gbps and 100 Gbps links to mitigate volumetric DDoS attacks.
Multi-vector, large-scale DDoS attacks combined with the distributed nature of networking, leave traditional network security very vulnerable. “For DDoS protection to work, a layered defense detects attacks locally and then removes the right attack vectors in the right network location. Increasingly, with IoT attacks and the sheer number of IoT devices in the vicinity of the target, there is no single right place so mitigation and filtering need to be distributed much more widely in the network,” said Bruce Gregory, CEO Corsa Technology . “This is the principle behind Corsa’s DDoS mitigation platforms, and why GigaFilter is such an important capability. It has IoT scale, and it can be economically deployed anywhere in the network.”
Tweet This: Corsa’s new GigaFilter feature provides instant filtering of up to 4 Billion IPv4 addresses to prevent #DDoS attacks http://hubs.ly/H07m0jT0
GigaFilter adds a layer of defense to network operators’ security and is specifically designed to help filter DDoS attacks generated by IoT botnets, such as Mirai or a yet-to-be-unleashed derivative.
These botnet attacks involve hundreds of thousands, soon to be millions, of compromised devices, each with their own source IP addresses. Network monitoring and analytics keep track of the bad actors as well as the known good. Threat intelligence feeds, Indicators of Compromise (IoCs), are also updated constantly to record IP addresses associated with command and control infrastructure.
Maintaining these filter lists and having them consistent across the network is challenging. But what’s worse is that these lists, which can hold millions of IPv4 addresses, have become too large for ACL tables to support. Corsa’s GigaFilter is designed to deal with this and can hold up to 4 billion IPv4 entries. With GigaFilter, operators can push their lists out to all Red Armor platforms then set a single rule to instantly block or rate-limit all enumerated IPv4 addresses wherever Corsa Red Armor is deployed. With the click of a mouse, the network can be scrubbed of all specified IPv4 addresses. As network monitoring continues, subsequently identified IPs can be blocked or rate-limited through bulk list uploads or real-time incremental changes.
GigaFilter is a feature that is controlled through REST on all Corsa NSE7000 products. It allows or denies traffic originating from 4 Billion IPv4 addresses, allowing precise elimination of each desired IPv4 address. When the feature is triggered, traffic allow/deny takes place in <1ms which is orders of magnitude faster than current operational models. Traffic forwarding performance is always maintained regardless of the number of IP addresses filtered. (It should be noted that for IPv6 traffic, the NSE7000 allows or denies traffic based on rule sets.)
The traditional approach to back haul traffic to scrubbing centers was driven by the prohibitive cost of DDoS mitigation solutions. Corsa’s Red Armor platform fundamentally changes the economics of deploying a DDoS solution reducing the latency of legitimate traffic destined for customers under attack by deploying close to the edge and negating the need to back haul attack traffic across the network.
The Red Armor NSE7000 network security enforcement engine is designed to quickly and easily shut down DDoS attacks of any size targeting 100 Gbps network connections. Line rate performance, the capacity to programmatically store large numbers of enforcement rules, and the new GigaFilter are very important to deal with IoT vulnerabilities and attacks that are rising at an alarming rate. Equipped with a rich set of mitigation tools and supporting hundreds of thousands of rules with unwavering forwarding performance, NSE7000 provides 100G line rate enforcement for IPv4 and IPv6 traffic. This high-performance mitigation appliance installs as a bump in the wire in 10 minutes and interoperates with all existing DDoS detection technology to deliver scalable, cost-effective 100G DDoS protection.
Red Armor NSE7000 is available and currently shipping worldwide.
- Blog Post: Protect Your Network against DDoS Attacks Delivered by Hijacked IoT Devices
- Datasheet: NSE7000 (PDF)
- Product page: Corsa Red Armor security
- Test Results: NSE7000 Performance Test Results
- White Paper: DDoS Protection with Red Armor Network Security Enforcement (registration required)
- SlideShare: Rethinking Security – Corsa Red Armor Network Security Enforcement
About Corsa Technology
Corsa Technology develops high-performance infrastructure to connect the world’s biggest networks simply and securely. With switching, routing and enforcement equipment specifically designed to economically scale networks, Corsa is expert at high throughput networking. For more information, please visit www.corsa.com.
To learn more, please contact: