Tuesday, June 4, 2019

A10 adds Zero-day Automated Protection to DDoS Defense

A10 Networks is bolstering its Thunder Threat Protection System (TPS) family of Distributed Denial of Service (DDoS) defense solutions with Zero-day Automated Protection (ZAP) capabilities/

A10's ZAP capabilities are designed to automatically recognize the characteristics of DDoS attacks and apply mitigation filters without advanced configuration or manual intervention.

A10 Networks’ ZAP is comprised of two components: dynamic attack pattern recognition by a machine learning algorithm and heuristic behavior analysis recognition to dynamically identify anomalous behavior and block attacking agents. ZAP works in conjunction with A10 Networks’ adaptive DDoS security model and its five-level adaptive policy mitigation engines to provide a complete in-depth defense system. This comprehensive approach blocks DDoS attacks while protecting legitimate users from indiscriminate collateral damage typically associated with traditional DDoS protection methods.

The ZAP policies can be enforced by a combination of hardware and software. Thunder SPE (Security and Policy Engine) appliances can serve up to 100,000 ZAP policies at line rate and the remaining ZAP policies can be served by software. This provides superior mitigation performance over the traditional software-only solution, enabling superior response time and scalability.

“In today’s climate with the dramatic increase in polymorphic multi-vector attacks and the chronic shortage of qualified security professionals, enterprises and service providers need intelligently automated defenses that can accomplish tasks autonomously,” said Lee Chen, CEO of A10 Networks. “Manual interventions are not only resource-intensive but too slow and ineffective, resulting in a greater potential of network downtime and high cost to the organization.”

Separately, A10 published a study conducted by the Ponemon Institute highlights the critical need for DDoS protection that provides higher levels of scalability, intelligence integration, and automation. Some 325 IT and security professionals at ISPs, mobile carriers and cloud service providers participated in the survey.

85 percent of survey respondents expect DDoS attacks to either increase (54 percent) or remain at the same high levels (31 percent). Most service providers do not rate themselves highly in either prevention or detection of attacks. Just 34 percent grade themselves as effective or highly effective in prevention; 39 percent grade themselves as effective or highly effective in detection.

The DDoS intelligence gap was highlighted by a number of survey findings:

  • Lack of actionable intelligence was cited as the number-one barrier to preventing DDoS attacks, followed by insufficient personnel and expertise, and inadequate technologies. 
  • Out-of-date intelligence, which is too stale to be actionable, was cited as the leading intelligence problem, followed by inaccurate information, and a lack of integration between intelligence sources and security measures. 
  • Solutions that provide actionable intelligence were seen as the most effective way to defend against attacks. 
  • The most important features in DDoS protection solutions were identified as scalability, integration of DDoS protection with cyber intelligence, and the ability to integrate analytics and automation to improve visibility and precision in intelligence gathering. 
  • Communications service providers who rated their DDoS defense capabilities highly were more likely to have sound intelligence into global botnets and weapon locations. 

“Communications service providers are right, both in their expectations for increased attacks and about their need for better intelligence to prevent them,” said Gunter Reiss, vice president, marketing at A10 Networks. “The continuing proliferation of connected devices and the coming 5G networks will only increase the potential size and ferocity of botnets aimed at service providers. To better prepare, providers will need deeper insights into the identities of these attack networks and where the weapons are located. They also need actionable intelligence that integrates with their security systems and the capacity to automate their response.”

https://www.a10networks.com