Defense.Net has launched DDoS SWAT, a new service that operates in conjunction with an organization’s already deployed DDoS mitigation infrastructure to ensure operational continuity during the largest and most complex attacks. It is aimed at the “Concentration Risk” that major organizations face with their primary DDoS mitigation solutions.
“When there is normal criminal activity, the police can generally handle the situation, but in particularly dangerous or threatening scenarios, the response is escalated to the SWAT team for a more aggressive response”
As most enterprises and financial institutions have deployed cloud-based DDoS mitigation services from one of two primary providers, regulators, auditors and the enterprises themselves fear a simultaneous attack could overwhelm the finite resources of either of these two providers. This could cause a DDoS mitigation provider to go down and take their customers with them. Due to this Concentration Risk, these organizations want a highly scalable secondary provider that can step in and protect them from DDoS attacks should their primary provider be unable to deliver protection.
“As an overflow service, Defense.Net DDoS SWAT has to do a lot more than match the capabilities and capacities of the primary provider,” said Chris Risley, CEO of Defense.Net. “We’re only asked to step in when the primary provider is not succeeding. By definition, we’re stepping into a bad situation. That’s why we’re provisioning 10 times the bandwidth per customer of the leading primary providers. We’ve built highly redundant and scalable data center infrastructures and we’ve staffed the organization with some of the most experienced DDoS fighters in the industry. With new technology developed by Barrett Lyon, who created of the DDoS mitigation industry more than 10 years ago, Defense.Net DDoS SWAT backs up an organization’s primary DDoS defense to ensure that these large scale attacks no longer disrupt critical infrastructure.”
Similar to police SWAT (Special Weapons and Tactics) teams, Defense.Net DDoS SWAT provides backup support on top of an existing DDoS mitigation service. Targeted to large enterprises, it is designed for the increasingly frequent large-scale attacks that have overwhelmed traditional DDoS mitigation services and have even exceeded the size of the Internet pipe before any traffic can even reach an organization’s mitigation equipment. Defense.Net DDoS SWAT provides a massive amount of bandwidth of up to ten times the capacity per customer of existing DDoS mitigation services, combined with new technologies custom built to respond to today’s modern attacks. When overlaid on top of a primary DDoS mitigation solution, it provides an added level of protection to ensure operational continuity.
“When there is normal criminal activity, the police can generally handle the situation, but in particularly dangerous or threatening scenarios, the response is escalated to the SWAT team for a more aggressive response,” said Barrett Lyon, founder and CTO of Defense.Net. “Think of traditional DDoS mitigation solutions as the police and Defense.Net DDoS SWAT as the police SWAT team that is always there and can be called in when the police needs additional assistance.”
Defense.Net DDoS SWAT is based on four new technologies developed by Barrett Lyon. These include:
* Defense.Net Traffic Spectrum: a new technique for breaking multi-layer attacks into their components for more thorough mitigation via the only systems specifically designed to mitigate each attack vector: White List, Black List, SYN Traffic (including SYN Flood attacks), Connection Accumulation Traffic, Layer 7 Traffic, DNS Traffic (including DNS Reflection attacks), etc. Legacy DDoS has a “one box does all” approach that cannot get to the level of detail or scalability required for the new generation of DDoS attacks.
* Defense.Net IP Reflection: a patent-pending artifact-free technology that delivers clean traffic back to the organization under attack. The returned traffic has the appearance of traffic coming from the original visitor which ensures normal delivery and eliminates false fraud alerts. This unique asymmetric approach requires only inbound traffic be diverted and thus needs only a fraction of the bandwidth (less than one-eighth) of legacy symmetric DDoS mitigation technology. This asymmetric approach also reduces the latency generated by symmetric technology used by legacy DDoS mitigation.
* Defense.Net SYN Assure: a new technique for mitigating SYN Flood attacks that detects suspect SYN requests and conducts further analysis before blocking. Prevents the common problem with legacy DDoS technology that blocks legitimate traffic.
* Defense.Net AttackView: the only interactive portal to provide customers with detailed information on an attack in real-time, as well as post-attack analysis. Includes data not typically provided by leading DDoS mitigation services, including attack origin, diagnostics of the attack traffic, specific mitigations performed, the result of each mitigation vector on attack traffic, and how each attack responds and morphs based on the specific mitigations performed.
“As the critical infrastructure of our nation grows more dependent on the Internet and always on connectivity, large scale DDoS attacks are becoming more damaging,” said Lyon. “At the same time, a growing number of actors, even nation-states, are using DDoS as modern weapons of warfare. In addition to paralyzing their IT infrastructure, one of the greatest challenges organizations currently face with DDoS mitigation services is the damaging side effects they create, such as false positives, fragmentation, session interruption and fraud alerts.”
After installation and configuration, Defense.Net DDoS SWAT operates 24x7 on a standby basis on top of existing DDoS solutions, providing an always-on insurance against attack. It fully integrates with on-premise or hosted defenses and is designed to operate in tandem with the equipment of all leading security hardware providers.
In addition to the new technology in Defense.Net DDoS SWAT, the service also includes the Defense.Net “Zero Day Team.” This team includes the best and brightest DDoS mitigation experts and network operators in the world, including veterans of Prolexic, Verisign, BitGravity, Juniper, Box.net and Apple’s security team. Defense.Net founder and CTO Barrett Lyon’s understanding of DDoS stretches back to his teenage years in the 1990’s when he operated IRC chat servers – the focal point for the creation of today’s DDoS techniques. As the DDoS threat spread to businesses, he went on to pioneer defenses for a variety of companies, including online wagering and one of the largest insurance companies. This led to his pursuit of hackers operating as part of the Russian mob, as chronicled in the best-selling book, Fatal System Error by Joseph Menn. After founding Prolexic Technologies, Lyon founded two successful companies focused on streaming digital content on the web.