CIO Review – DDoS Special

The corporate world is constantly getting smarter by leveraging the latest internet technology advancements. Information sharing has over the years witnessed a gradual displacement of paper with digital becoming the dominant and favored medium. While, undeniably, this transition has boosted communications within and between enterprises, it has also made it a lot easier for hackers to breach an enterprise and disrupt these communications, curtailing business operations. Attackers infiltrate an enterprise’s Domain Name System (DNS)—freezing the network or infecting the DNS with botnets.

Such infiltrations, known as Distributed Denial of Service (DDoS) attacks, make business operations arduous by temporarily suspending services and making them unavailable for customers. To purge these challenges, it becomes important to defend an enterprise’s DNS servers and networks from DDoS onslaughts. Preventing these infiltrations requires purpose-built network architecture which can detect and subdue the often deceptive and wildly complex DDoS attacks.

In the current IT market sphere there are many DDoS solution providers offering secured services with a myriad of features and functionalities—Software-as-a-Service (SaaS), traffic control, and firewall protection to fight DDoS attacks in different layers. Presently there are vendors providing solutions that can curb attacks of up to 300 Gbps, and above. CIOReview helps enterprise CIOs looking for key technologies related to DDoS navigate this landscape by presenting a list of ‘20 Most Promising DDoS Solution Providers 2016.’

Network Box USA – Multilayered Threat Protection

In recent years, web applications have been subjected to DDoS attacks more than any other type of network or application, which Pierluigi Stella, CTO of Network Box USA (NWB) points-out to be the challenging task for organizations to address, because it requires a coordinated effort between client, service provider and the ISP. Today, many companies offer DDoS protection by simply moving the client’s internet presence onto a very large cloud solution—capable of absorbing almost any size of attack. “However this solution is not optimal for all users, as they cannot afford to pay a huge sum and requires providing DDoS protection in every way the client can implement it, while remaining affordable,” says Stella.

Unlike many Web Application Firewall systems on the market, NWB’s suite of security solutions provides a wide range of capabilities to allow for the mitigation of DDoS attacks. Befitting its name, the firm’s Anti-DDoS WAF+ system allows companies and organizations to implement effective Anti-DDoS technology on an affordable basis. As a managed security services provider, NWB combats increasing danger posed by security breaches, virus attacks and similar threats arising from widespread use of the Internet. The Network Box networking stack consists of many layers of protection: layer 3—protocol enforcement, including connection rate, data transfer volume and handling connection slowness; and a wide range of application protection—layer 7, where URL pattern, user agent and request header are taken into account.

The Anti-DDoS WAF+ uses behavioral analysis, traffic signatures, rate limiting, and other techniques to identify malicious traffic per source-address. “Dynamic blacklisting and intelligent analysis recognize similar patterns when the attacking IP addresses change, and can automatically keep up with the attack to continue blacklisting the new sources, dropping their connections before they cause damage,” delineates Stella. “NWB offers these capabilities onsite and in the cloud.”

NWB’s Anti-DDoS system’s protection starts with the intelligence gathered from over 70 global security sources, including Microsoft’s Active Protections Program and Kaspersky Labs. Real-time automated fingerprinting is then utilized, to slow down DDoS attacks by a factor of about a millisecond automated response. Most importantly, the firm’s managed services suite is equipped with 16 Security Operations Centers (SOC) as well as a Security Response Center (SRC) to increase the security posture of the clients, quickly and efficiently. “The SRC is where the intelligence analysis happens and security analysts spend their entire time learning ways to create real-time protection—be it in the form of new signatures, or libraries, heuristics, or codes,” points-out Stella.

According to Stella, “Speed and security are of the essence when fighting against cyber threats, and we make it a point of delivering protection—unbelievably in short and true real-time.” Network Box USA’s Managed Cloud Email Security provides robust, multilayered email threat protection and it is cost-efficient as it is sold as a service, hosted in the cloud and completely managed. With its patented PUSH technology, the firm ensures that customers’ solutions are protected with the latest security updates in less than 45 seconds upon availability. In addition, Network Box’s Z-Scan, a true real-time zero-day anti-malware engine, reacts by creating fingerprints, which are available to all NWBs globally within 3 seconds, as they are made available through NWB global private cloud.

Forging ahead, the firm is planning to offer its services via AWS, Google and Azure and intends to set up more SOCs. “We are also aiming to bring in a new service—MCPROXY—for clients who desire the same quality of protection that NWB offers, but are not willing to pay the cost of a full, dedicated, managed solution. MCPROXY will be a low cost, cloud based shared proxy offering, where, although the configuration capabilities will be limited, clients will still get the full
protection of the NWB services, including HTTP and HTTPS AV scanning and web filtering. This system is currently under test,” concludes Stella.