Arbor Networks has announced security gear designed to work in datacentres to detect and mitigate distributed denial-of-service (DDoS) attacks that crush network availability or tie up servers.
Until now, Arbor's anti-DDoS equipment, called Peakflow, has been aimed at internet service providers, carriers and managed security providers so they can detect malicious traffic flows and filter them out upstream from the customer. In contrast, the Arbor Pravail Availability Protection System (APS) appliances unveiled today are intended for use in the customer datacentre in order to immediately stop at least some level of an incoming DDoS attack if not all of it. Arbor is also proposing a way that the new equipment will be able to communicate and work with the provider-operated Peakflow gear, if need be, to automate an anti-DDoS response.
Arbor's idea about having the Pravail equipment share information with provider-operated Peakflow gear is groundbreaking. "This could create a hybrid type of solution," says Michael Suby, vice president of research in Frost & Sullivan's Stratecast division, adding there's a lot of discussion going on in the industry, including with some of Arbor's competitors, on how to move in this direction.
Arbor executives say that with Pravail, the goal is to avoid the immediate crushing loss of bandwidth and server availability that comes with a DDoS attack.
Arbor say that since 2009 there has been a sharp increase in application-layer DoS attacks aimed at tying up Web, DNS and SMTP servers.
The Pravail APS line of appliances is designed to detect both large volumetric attacks and more subtle application layer denial-of-service attacks. The enterprise-focused anti-DDoS equipment, which Arbor says would typically be installed in front of the Internet firewall and near routers with upstream connections to providers, is expected to ship in the third quarter as a line of four anti-DDoS appliances supporting speeds from 2Gbps to 10Gbps.
The Pravail APS gear, going into beta this month, might not be able to stop all attacks that exceed bandwidth capability of the device, and there could still be a need to ask for assistance from a service provider capable of filtering out DDoS streams. Upstream filtering of DDoS attacks is something often provided today as a service by carriers such as AT&T and Verizon.
In an attack situation, it would be possible to use a technology Arbor is calling "cloud signaling" in which the Pravail APS appliance can automatically tell an Arbor Peakflow device at a service provider about a detected DoS problem and get upstream filtering help against it, says Colin Doherty, president and CEO of Arbor Networks.
As part of that effort, Arbor also announced what it calls the "Cloud Signaling Coalition" of service providers supporting the technology aimed at shortening mitigation time through automated response and communications based on Peakflow receiving information from Pravail APS. So far, Arbor says service providers joining it include the Spanish carrier Telefonica, New Zealand's TelstraClear, plus others around the world like DU of Dubai, with more expected to be disclosed soon.
In terms of anti-DDoS products for the enterprise, Arbor's Pravail will face competition from vendors that include RioRey, F5, Top Layer, IntruGuard and even TippingPoint, better known as an intrusion-prevention system, says Suby.