|
Problem Statement:
With the ever increasing frequency and change in network-borne security threats, enterprise subscribers are looking to their bandwidth
service providers to mitigate problems before they reach the customer premise. Distributed Denial of Service (DDoS) is one such threat.
Large corporations with highly recognized brands are often subjected to attacks from those bent on disrupting their business operations.
For corporations managing significant on-line and Internet-based business transactions, availability problems can mean significant
revenue losses, and a tarnishing of their brands.
There are many approaches to detecting DDoS attack. Detection solutions are available from companies like Alcatel-Lucent and InfoVista,
to name but two, and many service providers are using general network monitoring data to determine attack conditions. However, knowing
a customer is under attack falls short of the real goal—mitigating the attack before it affects the customers' on-line presence.
Deploying devices at each enterprise access point is an expensive approach when offering DDoS protection services to a wide set of
customers. CloudShield's approach is to stop attack traffic in the backbone, before it reaches points in the network where network
contention can impact users.
Solution Summary:
CloudShield has implemented DDoS attack mitigation capabilities on the CS-2000 content processing platform, which can be triggered
by the operator's preferred detection solution. As attacks are detected by network monitoring systems, signals can be sent to the
interior routing infrastructure to redirect all traffic destined for the attack target to an available CS-2000 for scrubbing.
The CS-2000 eliminates attack traffic and then (GRE) tunnels valid traffic back into the routing infrastructure to continue on
its way to the customer site. Some service providers are already delivering clean bandwidth solutions to their subscribers with
this solution and commanding premium prices.
The CloudShield solution locates mitigation resources in the backbone to be shared by many subscribers. This configuration
offers significant ROI advantages over competing solutions, which dedicate one device per customer, and has the added advantage
of eliminating the attack traffic close to its ingress point, thereby reducing the attack load across the operator's network.
Read how CloudShield helped TELUS with an integrated DDoS solution.
Service Provider Solutions
|
