End DDoS Emergencies with RioRey’s Dedicated DDoS

General Brief RioRey DDoS Defense Systems General_Brief_V1.0_2012 3 1 Smart Visibility, Control and Reporting All platforms are managed by RioRey rVie...

46 downloads 283 Views 2MB Size
General Brief

RioRey DDoS Defense Systems

End DDoS Emergencies with RioRey’s Dedicated DDoS Protection Platform

Key Features Algorithmic-based (not rules or anomaly based) Detects and mitigates DDoS attack traffic in two minutes or less Automatic detection/filtering--- no analyst intervention required No signatures required Adapts to attacker changes in real-time without analyst intervention No other hardware required; works in heterogeneous network environment. RioRey is agnostic regarding other equipment or defense systems in the network Technology based on multilevel algorithmic architecture and does not require Netflow information RioRey operation is transparent to networking layer protocols and all flow and link information passes through No deep packet inspection or decryption required

Historically, businesses have resorted to traditional approaches of countering distributed denial of service (DDoS) attacks, such as upgrading firewalls, buying more bandwidth, and increasing network security staff. These measures no longer provide a long-term solution. Every year, DDoS attacks are growing in number, severity, complexity, and sophistication. As a result, the fallout from DDoS attacks are even more crippling for businesses, resulting in lost revenue, customers, and credibility. If network or website downtime is not an option, you must have an effective DDoS defense strategy. Security platforms that address multiple security and network related problems will not be sustainable to cope with this continuing evolution of DDoS. Experts agree that only a dedicated DDoS protection platform can effectively combat DDoS attacks. RioRey is a leader in building the best performing dedicated DDoS defense platforms in the industry for detecting and mitigating DDoS attacks. We have installations all over the world and successfully detect and mitigate DDoS attacks on a daily basis, ranging from "huge floods" to Layer 7 "surgical attacks." Our comprehensive carrier grade product line provides DDoS protection for small enterprises and hosting companies to large enterprises, data centers, service providers, ISPs, and Telcos.

RioRey is the New Standard for Dedicated DDoS Protection Many DDoS defense systems require highly trained and experienced network security personnel, and RioRey believes this is too much of a burden to place on enterprises. Our goal is to shift this burden of maintaining DDoS defense systems from a human workforce to automatic, dedicated equipment. In order for this shift to be successful, DDoS defense platforms must have a tremendous amount of intelligence built in regarding both detection and mitigation. RioRey achieves this by creating powerful DDoS defense systems where the detection and mitigation of DDoS attacks is a fully integrated activity. Currently, RioRey has developed more than 70 analytics that automatically examine network traffic to distinguish good traffic from DDoS attack traffic. In addition, we have more than two-dozen algorithms that act on this analytic information to mitigate DDoS successfully. Optimal DDoS defense also requires superior management and reporting systems. RioRey has two central management and reporting systems, rView (Standard) and rWeb (Premium), depending on the size of your enterprise and the diversity of its needs. The crucial benefit for enterprises is that RioRey’s defense platforms rapidly and effectively handle a wide range of DDoS attacks without the need for a huge dedicated staff to handle DDoS attacks on a 24/7 basis. Our dedicated DDoS defense systems automatically pinpoint and stop attack traffic while allowing legitimate traffic to continue to flow through your network.

General_Brief_V1.0_2012

1 2

General Brief

RioRey DDoS Defense Systems

Our product line protects the most demanding of customers where network downtime is not an option Highly Intelligent DDoS Detection and Mitigation Technology At the core of RioRey’s defense system is a systematic classification of DDoS Attacks. Before designing our platform, we developed a conceptual model of DDoS and its behavior. Given the ever-evolving DDoS options created by attackers, our protection had to be comprehensive and flexible. The bottom line was that RioRey needed to defend against all known DDoS attacks. Today we provide a language and structure for classifying and understanding the world of DDoS in our RioRey Taxonomy of DDoS Attacks (available on our website). This chart details the 25 major classes of DDoS attacks that occur on a daily basis, ranging from massive floods to highly sophisticated Layer 7 "surgical" attacks.

algorithms that can automatically defend against DDoS in the RioRey platform. RioRey’s algorithms establish traffic characteristics on a per Source IP/Destination IP pair basis, allowing us to identify all attacks in real time, from spoofed IP floods to layer 7 attacks. RioRey Detects and mitigates DDoS attack traffic in two minutes or less -- automatic detection/filtering and adaptation to attacker changes in real-time without analyst intervention. Our multi-level algorithmic architecture and does not require Net flow information, signatures, deep packet inspection or decryption. Thus, updates to handle new attacks require new algorithms to be downloaded to the devices via software upgrades. The RioRey device can also accept attack signature updates.

Painless to Deploy and Manage Quick Deployment. Within a few minutes after powering up, RioRey devices begin to filter DDoS attack traffic automatically. Performance is highly reliable and RioRey will not drop good traffic even during massive DDoS floods. Invisible in the network. RioRey devices do not interact with any other equipment in your network. RioRey appliances are compatible with all networking standards and do not require additional configuration or restructuring of current network environment.

Superior Analytics for Detection. Traditional methods for DDoS detection and mitigation are rather limited: Header and payload signature, packet rates, challenge responses, etc. However, RioRey’s Taxonomy of DDoS Attacks allowed for the development of a rich and comprehensive set of analytics to extract meaningful features from traffic data for accurate identification of good and bad packets. Currently, RioRey automatically applies over 70 different analytical metrics to measure characteristics of IP packet flows. The sets of analytics deployed correspond to our conceptual understanding of DDoS attack types. Powerful Algorithm-Based Structure. The core strength of RioRey’s approach to DDoS protection is its algorithmicbased (rather than rule or anomaly based) detection and mitigation technology. To date, there are over 25 distinct

Alleviate your network staff. A key goal in our approach to DDoS defense is to make the process as automatic as possible so that network security staff is not overwhelmed when DDoS attacks occur. We want security staff to focus on reporting what attacks have occurred on the network and how they were defended rather then spending hours analyzing network data to come up with a proper DDoS defense. Furthermore, we have designed management tools that are highly intuitive and require little training. Both RioRey devices and management tools are built to be extremely user friendly. Rapid Response Policy. Our “Rapid Response” Policy is designed for fast-paced companies dependent on the Internet. We know that keeping you up and running is the key to your success. If you are under attack, we typically ship our product to you the same day it is ordered. When a totally new DDoS attack type is spotted, it is immediately assigned to our dedicated Rapid Response technical team for resolution.

`

General_Brief_V1.0_2012

2

1 2

General Brief

RioRey DDoS Defense Systems

Smart Visibility, Control and Reporting

Flexible Deployment Architecture

All platforms are managed by RioRey rView Software, a GUI-based management system, which provides complete visibility into the network and full information on current and historical DDoS Attacks and traffic summaries through real-time and historical reporting. These reports include in-depth information on DDoS Pollution, Victim, and Attacker details. It also generates traffic summaries for such uses as customer reports and billing. To learn more about rWeb – RioRey’s premier multi-tenant managing and reporting system – please contact a RioRey representative.

RioRey supports both In-line and Off-ramp network architecture. Our customers around the world range in size from small, single site locations to large multi-nationals with thousands of servers and websites. RioRey protects applications that range from high-end gaming sites to large e-commerce sites. The customer decides how and where to deploy RioRey in their network. Below are two basic examples of deployment options that are often used by our customers. RioRey protection deployed at the front of the network

RioRey rView Console

RioRey rView Console provides central management of all RioRey platforms installed on the network -- monitoring and reporting attack traffic with alarms, report summaries, real-time and historic traffic data, victim and attacker lists, historic traffic and victim lists.

Customers install RioRey at the front of their network. RioRey continually monitors all information coming off the Internet into their network and automatically filters DDoS attacks as they occur. RioRey protection deployed in a central scrubbing center

rView Real-Time Reporting: Pollution Graphs

A typical rView Activity Report showing network Under Attack through the Real-Time Pollution charts.

General_Brief_V1.0_2012

Large enterprise customers often prefer an off-ramp, centralized scrubbing center. When customers are under a DDoS attack, all of their traffic is rerouted to the scrubbing center. RioRey filters out the attack traffic and passes good traffic back to the network for delivery.

3

General Brief

RioRey DDoS Defense Systems

Comprehensive Product Family We know that networks vary in size, architecture and demand in terms of functionality and availability. Our focus is to provide different solutions that meet the needs of a wide range of customers. We offer a full family of products for customers with small, single site locations to large multi-nationals with thousands of servers and websites. We protect applications that range from high-end gaming sites to large e-commerce sites. Our platforms may be installed in offramp scrubbing centers or put inline in the network.

For more information To learn more about RioRey, visit www.riorey.com To contact sales, email [email protected] © RioRey, Inc. 2012

General_Brief_V1.0_2012

4