Corero's SmartWall Threat Defense System helps defeat DDoS attacks [Q&A]
Any Internet related provider, whether it be a Telecom Carrier, Internet, Multi-Service or Cloud Provider (ISP/MSP/CSP) or Hosting/Co-Lo Provider are unwilling accomplices to DDoS attacks and other cyber threats that transit, terminate or originate on their networks. Service providers and their customers are inseparably linked by the challenges DDoS attacks present.
As attacks have grown in size, frequency and sophistication in recent years the demands to ensure service availability and service security from customers have risen in unison. Corero has responded to this challenge with the launch of the SmartWall Threat Defense System (TDS). I spoke to Ashley Stephenson, CEO, Corero Network Security, about the new product.
BN: What is Corero SmartWall Threat Defense System?
AS: The Corero SmartWall Threat Defense System is the new addition to our portfolio of First Line of Defense DDoS and cyber threat protection solutions. It is a purpose-built family of network security appliances that enables service providers to deliver always on threat protection and visibility to their customers. The SmartWall TDS is configurable to meet the unique needs of service providers and deliver comprehensive threat defense services in rapidly scalable deployments for higher performance, greater connectivity and broader functionality than previously possible. The SmartWall family is currently comprised of four discrete functional modules which can be combined in various configurations to meet the scale and functionality requirements of the target service -- network threat defense, application threat defense, network forensics and network bypass.
BN: Which markets should take advantage of this technology?
AS: The Corero SmartWall Threat Defense System is ideal for cloud, hosting and Internet service providers, as well as large enterprises that effectively operate as their own service provider. These groups are on the front lines of the cyber attack battlefield and, as indicated in the recent report to President Obama on opportunities to strengthen the nation’s cybersecurity, well positioned to contribute to rapid improvements in cybersecurity through real-time action. In recognition of the evolving role service providers will have to play in securing the very same Internet that is responsible for their existence, Corero purpose-built the SmartWall Threat Defense System. It is designed to address the next generation of cybersecurity protection for service providers, allowing them to deliver secured Internet services to their customers.
BN: How is this solution different than other DDoS defense solutions on the market?
AS: All of our First Line of Defense solutions -- the SmartWall Threat Defense System and the Corero DDoS Defense System -- are purpose built, always on appliances designed to process raw Internet feeds, and block or alert on the malicious and suspicious traffic. The Corero First Line of Defense solutions are not a service in themselves, in fact -- we sell equipment to providers or enterprise that want to offer DDoS protection services to their customers.
BN: How does it defend against DDoS attacks and cyber threats?
AS: The Corero SmartWall Threat Defense System is a family of products -- Network Threat Defense, Application Threat Defense, Network Forensics and Network Bypass. Individual or multiple instantiations of each functional unit work together to play a key role in delivering protection against specific attack vectors to ensure that customers have access to the specific security capabilities while meeting their critical service availability needs. These include mitigations for Layer 3, Layer 4 and Layer 7 attacks, as well as high availability configurations to address network, equipment or infrastructure failures.
BN: What types of cyber threats can it defend against?
AS: Attackers are increasingly innovative with their attacks, and the security industry faces the challenge of keeping pace with their creativity. As part of our design philosophy, the Corero SmartWall Threat Defense System simultaneously addresses the complex requirements of a robust, high performance attack mitigation system. For example:
- The Application Threat Defense appliance defense against Layer 7 attacks utilizing Deep Packet Inspection of Layer 7 protocols and payloads in combination with behavioral anomaly detection.
- The Network Threat Defense appliance provides protection against attacks occurring at Layers 3 and 4 using IP address blocking, SYN flood protection, TCP/UDP rate control and Client-Server connection limiting.
- The Network Forensics appliance supports 10Gbps line rate packet capture to enable network forensics of security incidents.
- The Network Bypass appliance utilizes intelligent zero power network bypass technology to eliminate service downtime in the event of equipment failure, maintenance or physical configuration upgrades.
BN: How does it eliminate service downtime?
AS: We know that infrastructure availability is essential to maintaining an always on Internet presence, and so do the attackers. DDoS vectors are frequently optimized to target vulnerabilities in key parts of the customer network from firewalls, IPS, Service, Load Balancers, etc. To combat this, we designed our DDoS defense technologies to remove malicious traffic before it impacts the network -- reducing the chances of a threat causing downtime. Additionally, the Corero SmartWall Threat Defense System eliminates service downtime through its High Availability configuration support and integrated Network Bypass appliance, which contribute to eliminating service downtime in the event of a power, network or adjacent equipment failure.