Maximum protection and a quicker response to DDoS attacks

“Attack traffic can be blocked in a matter of seconds"

 

Distributed denial-of-service (DDoS) attacks are one of the top three security threats facing companies today. [1] Increasingly disruptive, frequent and sophisticated, these attacks can cost businesses tens or even hundreds of thousands of euros for every hour their networks, services and/or applications are unavailable or slowing down. To meet this challenge, Thales has developed a new DDoS protection solution based on Radware technology to provide comprehensive protection for the critical infrastructures of its customers.

In the last five years, DDoS attacks have not only become more disruptive and frequent, they have also become considerably more sophisticated. Most denial-of-service attacks today combine three methods in a single campaign: volumetric attacks, which aim to saturate the bandwidth of the target network, protocol attacks, which consume network resources (routers, switches, load balancers, firewalls, etc.), and application layer attacks to consume application server resources – all aim to slow down or make the application unavailable to legitimate users.

The financial impact for a company depends on the size of the organisation, the sector of activity it works in, and the visibility of its brand. Companies taking part in a recent industry survey indicated that they had been attacked an average of 4 times in the last 12 months, costing them about 1.5 million euros over the year.

 

DDoS Attacks Mitigation Approaches

Organisations that want to guarantee the availability of online services from DDoS attacks should consider a dedicated DDoS attack mitigation solution that is especially designed to deal with today’s emerging availability based threats. There are three approaches to DDoS attack mitigation solutions: 
 
on premise, cloud and hybrid.
 
  • On-premise - a dedicated, specially designed device to detect and mitigate DDoS attacks. The device is usually deployed as the first device in the organisation’s network, even before the access router.  When a DDoS solution is deployed on premise, organizations benefit from an immediate and automatic attack detection and mitigation solution. However, on premise DDoS solution cannot handle volumetric network floods that saturate the Internet pipe of the enterprise. Such attacks must be mitigated from the cloud. 
 
  • Cloud - With the rise of DDoS attacks, many Internet service providers (ISPs) and managed security service providers (MSSPs) have begun to offer anti-DDoS services. Such services protect organisations from network flood attacks by deploying mitigation equipment at the ISP or MSSP scrubbing centers. This type of mitigation is guaranteed to block network flood attacks from ever reaching the organisation, as attacks are mitigated before they reach the connection between the ISP or MSSP and the organization. However, cloud based anti-DDoS services cannot block application DDoS attacks as well as low & slow attacks since its mitigation equipment is not sensitive enough to detect the intricacies of such attacks when it’s deployed in the cloud. 
 
  • Hybrid - Hybrid DDoS solutions offer best-of-breed attack mitigation by combining on premise and cloud mitigation into a single, integrated solution. The hybrid solution chooses the right mitigation location and the mitigation technique based on the attack characteristics tools and volume. In the hybrid solution, attack detection and mitigation starts immediately and automatically using the on premise attack mitigation device that stops various attacks from diminishing the availability of the online services. In case of a pipe saturation threat, the hybrid solution activates the cloud mitigation and the traffic is diverted to the cloud, where it is scrubbed before sent back to the enterprise.

 

Thales Hybrid solution for comprehensive defence

In partnership with Radware, one of the world's top companies specialising in DDoS attack protection, Thales has designed a hybrid solution combining on-site protection and cloud services. Operated remotely from Thales’s Security Operation Centres (SOCs [2]), online equipment deployed on the periphery of the customer’s infrastructure protects the network and/or services and applications against both protocol and application layer attacks.

Volumetric attacks are intended to saturate the connection bandwidth of the client infrastructure. When one of these attack methods is starts to build up, the attack traffic is rerouted to a specialised out-of-path scrubbing centre in the cloud. Clean traffic is then passed back to the network for delivery.

Unlike the pure cloud approach offered by some DDoS protection providers, this solution manages to block most attacks on-site in a matter of seconds, compared with several minutes if traffic is redirected to a specialist cloud service. This translates into significantly lower financial losses, estimated at thousands of euros per minute of downtime, for the organisation deploying the hybrid solution.

 

A winning combination

Radware’s patented DDoS protection technology has a proven record of success with major players in the financial services industry, government, e-commerce and telecommunications around the world.

Thanks to the unique combination of Radware’s technology and Thales’s expertise in the bespoke deployment and operation of cybersecurity solutions to protect critical infrastructure, this DDoS protection solution ensures that customers benefit from maximum protection and the fastest possible response to this type of hugely disruptive and fast growing threat.

Find out more:

- Download the factsheet about Thales’s DDoS protection solution (PDF)
- Managed Security Services on thalesgroup.com
 


[1] Source: The Cost of Denial-of-Services Attacks, Ponemon Institute, March 2015, which ranks DDoS as one of today's "three scariest security threats" together with Zero Day Attacks and Malware.

[2] Thales has four SOCs: two in France, one in the United Kingdom and one in the Netherlands. A fifth will enter service this year in Hong Kong (for more information: Thales cybersecurity business goes global).

 

World-class technology  

With its Attack Mitigation System (AMS) solution, Radware is one of the two global leaders in DDoS attack protection.

Its solutions provide optimal DDoS protection for:

  • 7 of the world’s 14 largest stock markets
  • 12 of the world’s 20 largest banks
  • 6 of the 20 largest e-commerce websites
  • 4 of the world’s leading telecoms operators
  • 2 of the 10 largest cloud service providers

 

Find out more: www.radware.com/solutions/security

The cost of denial-of-service attacks

Source : The Cost of Denial-of-Services Attacks, Ponemon Institute, March 2015

No one is completely safe: a few examples from the last 12 months

  • During the FIFA World Cup in June 2014, a DDoS campaign orchestrated under the name #OpWorldCup targeted Brazilian government websites and the tournament’s official sponsors.
  • On 11 June 2014, DDoS attacks targeted high-profile online services such as Feedly and Evernote, with the perpetrators demanding a ransom.
  • On 19 June 2014, a DDoS attack launched against Facebook from China disrupted the social network for about 30 minutes, its worst outage in four years.
  • On 9 December 2014, an attack on Electronic Arts’ online gaming website resulted in a loss of internet access for over 12 million subscribers in Sweden.
  • On 6 January 2015, a hacker group calling themselves Anonymous OpGPII brought down the French Ministry of Defence’s website to "avenge" the death of ecologist and protester Rémi Fraisse.
  • On 7 January 2015, several German government websites were attacked by a pro-Russian group demanding that Berlin sever its support for the Ukrainian government.
  • On 26 January 2015, the Malaysia Airlines website was offline for over 24 hours following a DDoS attack on its DNS servers, apparently initiated by the infamous hacker group Lizard Squad.
  • On 10 February 2015, a DDoS attack crippled the Dutch government’s main website for over 10 hours, as well as other commercial sites.
  • On 8 April 2015, programmes on France’s TV5Monde television network were interrupted for almost 20 hours following a DDoS attack, with responsibility claimed by a jihadist group.
  • On 23 June 2015, 1,400 passengers of Polish airline LOT were left stranded in Warsaw for five hours after a DDoS attack on the carrier’s computer system.