Red Armor

Network Security EnforcementRethinking Network-Based Security

To Protect against DDoS Attacks

• Perfectly simple high performance infrastructure– Purpose-built high capacity networks

– Our architecture and advanced features set us apart

• Product Innovation with market-leading support

• Customers use this for rapid service creation and delivery within their networks– ISP, SP, IX, CDNs, hosting providers and NREN customers worldwide

– Very large networks: Each moving >50Petabytes of data per month

A Bad Trend in DDoS Attacks

BBC – 602Gbps31/12/2015

Krebs – 665Gbps20/09/2016

OVH – 1Tbps20/09/2016

Dyn – 1.2Tbps21/10/2016

Incapsula– 650Gbps@ 150Mpps21/12/2016

Mirai Botnet

Leet Botnet

NWH Botnet

Anatomy of DDoS Attacks

>90% of Attack Traffic is Volumetric

Verisign Oct.2016

“IoT denial of service attacks ….will be orders of magnitude greater than what we have seen.

The 2016 IoT DDoS attacks were…merely designed to calibrate their weaponized software.

2017 will see serious internet outages.”

2017 – Tip of the Iceberg

Today’s Network Security

Scrubbing Center

Traditional Router-Based

Security for high volume networks

Insufficient performance against escalating intensity of attacks: huge # attack sources, massive increase in attack size, multiplying attack types

Mitigation is not keeping pace with detection and analysis

Cost prohibitive

Not line-rate

Limitedscale

Restrictedplacement

Inadequateevolution

Toocomplex

Red Armor NSE7000 Series

• Installs in 10 minutes within existing architectures

• Operates as a bump on the wire

• Interoperates with every DDoS detection technology

• Provides 100G line rate enforcement at a fraction of the cost

Red Armor Turbo Charges Network Security

Separation of Network Security Functions

An evolved security architecture:

• Best-of-breed Analysis

• Best-of-breed Inspection

• Line-rate Enforcement

Mitigation/ Enforcement

Inspection

Analysis

Line-rate Enforcement

Red Armor: Network Security Enforcement

64 Byte line-rate performance: 100Gbps @ 150 Mpps

Ultimate precision to protect both network and customer

No performance penalty with small packets or number of rules

Responsive to evolving security threats

Universal Solution

Fits in any existing architecture

Distributed or centralized with ability to scale up AND scale out

Link best of breed inspection and analysis with best enforcement

Performance monitoring and reporting for every rule

Right-Sized Economics

Simplified enforcement

Affordable for building truly distributed defence

Ability to scale security with scaling the network

No software licensing fees or transceiver lock in

Universal enforcement for any size volumetric DDoS attack

Network Security Enforcement for DDoS

BGP Flow Spec

NetFlow Data

Analysis/Detection

Bump in the wire

Red Armor Line Rate EnforcementAny existing

DDoS detectionsuch as

Network Routing

Add to existing architecture No shared resources with routing No degradation of performance

based on packet size No degradation of performance

based on # of rules

Red Armor – How It Works

• Enforcement broken down into simple security rules

• Packets parsed and matched on any field at L3 and L4

– TCP Flags, SYN in addition to IP src/dstand TCP/UDP src/dst

• Rules can be programmed via BGP FlowSpec, REST API or OpenFlow

• Real-time per rule statistics for extremely granular performance monitoring and reporting

EnforcementRules

AcceptDropRate-limitDSCP Remark

NSE Performance: RFC2544 Test

Traffic composition:100% 64byte packets

Traffic rate:100Gbps

Performance result:150Mpps at 100Gbps

Red Armor NSE7000 Series

• Installs in 10 minutes and is additive to existing architectures

• Operates as a bump on the wire

• Interoperates with every DDoS detection technology

• Provides 100G line rate enforcement at a fraction of the cost

Red Armor Turbo Charges Network Security

Red Armor