SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Radware adds DDoS protection against low-volume flood attacks
Fri, 15th Oct 2021
FYI, this story is more than a year old

Radware's DDoS protection offering now has new features designed to help organisations mitigate phantom flood attacks and detect traffic anomalies that would otherwise be missed.

The DefensePro DDoS Protection solution now includes Quantiles DoS protection, which uses quantiles DoS algorithms to automatically divide traffic into quantiles or segments.  By doing this, customers such as service providers and telecommunications carriers are able to detect and intercept DDoS flood attacks, also called phantom floods, which are typically lower-volume flood attacks.

Radware vice president of portfolio and product marketing, Shira Sagiv, says "Spotting phantom flood attacks in high bandwidth traffic is an overwhelming task that is only going to get harder as the demand for 5G networks, cloud adoption, and application modernisation continues to grow.

"The impact of phantom flood attacks should not be underestimated. They can cause major disruption to the customer experience when they go undetected."

According to Radware, the majority (90%) of attacks are less than 1Gbps, indicating that low volume attacks are a serious security threat to service providers, and to their customers. Even some attacks larger than 1 Gbps can't normally be blocked because there is no way to change granular detection sensitivity.

Radware chief operating officer Gabi Malka says, “Up until this point, service providers and carriers have been forced to make compromises when protecting large-scale networks."

On one hand, they need to protect the wide network range; on the other hand, they need to provide granular protection for specific subnets or individual hosts.

Malka says organisations can now utilise both.

Radware product marketing manager Shai Haim explains, “Traditional DDoS protection solutions do offer some manual workarounds to enable better detection sensitivity. The most common option is to use manual IP tracking per source/destination with separate security policies. The second option is to leverage a manual network segmentation and divide the network traffic to smaller bandwidth segments.

However, these options can be complex, manual, and need continuous tuning.

“Moreover, even when embracing these manual solutions, service providers cannot achieve the desired visibility and threat awareness of Phantom flood attacks and other traffic anomalies,” adds Haim.

Radware's aim is to remove manual configuration and threshold tuning, which can often be both costly and complex.

Haim says that the Quantiles DoS protection will allow service providers to detect and mitigate phantom flood attacks.

“This sophisticated behavioural protection solution offers a granular detection sensitivity to low volume attacks and the ability to enjoy both wide and narrow protection spectrum, even in large scale networks.