“More creative and varied”, this is how Brad Casemore describes the current nature of DDoS attacks in a recent article in the TechTarget website. Casemore, who is research director at International Data Corporation (IDC), said that the burden is on the shoulders of IT product/service vendors to come up with improved solutions for detection and mitigation of threats like DDoS.
The need for such solutions becomes even greater with the growing trend of encrypting network traffic, which increases the likelihood of abuse by hackers and create yet another vulnerability to security threats. This is the observation of Paul Nicholson, product marketing director at A10, a company that provides application networking technologies focusing on optimized performance of data center applications and networks.
What A10 has done lately is to produce what they call an anti-DDoS appliance branded as Thunder TPS (threat protection system). This product may be relevant only to large data centers at this time because this is apparently the user category A10 primarily had in mind when they designed Thunder TPS. Whatever. The important thing to note is that the idea of anti-DDoS appliance has been implemented and is now in the market.
Making data centers the environment model for Thunder TPS has been influenced by the escalating incidences of complex DDoS attacks against data centers and large enterprises as a whole. This is a blessing for the user community because, as it turns out, the resulting product implements a two-pronged approach to threat mitigation: breadth of attacks and size of attacks.
Like all other existing technology products designed for contending against security threats, Thunder TPS is not invincible. “Really big attacks could overwhelm it,” says security analyst Adrian Sanabria of 451 Research. Sanabria recommends pairing Thunder TPS with “something cloud-based or upstream”.
Nicholson gave some insights into the DDoS appliance’s attack prevention measure. Thunder TPS comes bundled with software that allows users to block attacks flexibly. Users can use regular expression rules; they can also program rules using the product’s aFlex tool.
In addition, Thunder TPS features “more robust SSL protection to validate whether clients attempting to access the network are legitimate or part of a botnet” (to use Nicholson’s words). The appliance can detect the presence and identity of potential threats through its access of “more than 400 destination-specific behavior counters”. Its software enables inspection of MPLS-encapsulated traffic and use of NAT (network address translation) as alternative to tunneling when the appliance moves sanitized traffic to other parts of the network.
Considering that Thunder TPS is data center oriented, users can expect that it is not a plug-and-play affair. They are likely to need their in-house IT experts to coordinate with the Thunder TPS deployment team, plus the help of external IT professionals if necessary.