Juniper Joins Forces with VeriSign for Cloud Network DDoS Protection
BGP Flow Spec is at the heart of new approach to enable better threat intelligence and mitigation of DDoS events.
Juniper today announced a new go-to-market partnership with VeriSign that will see the DDoS capabilities of both firms leveraged to create a comprehensive DDoS protection solution.
Juniper first launched its DDoS Secure technology back in February of 2013 as a Linux-based security software appliance. Juniper is now pairing DDoS Secure with VeriSign's DDoS Protection service, a cloud-based offering.
Kevin Kennedy, senior director of product management at Juniper Networks, explained to Enterprise Networking Planet that the Juniper solution complements the VeriSign cloud service and vice versa. The Juniper solution is able to handle the slow-moving types of DDoS attacks that can impact a network and is an inline service for an enterprise network. The VeriSign solution, on the other hand, can handle the volumetric attacks that a typical enterprise simply cannot handle due to on-premises bandwidth constraints.
A typical enterprise running DDoS Secure is usually limited to around 10 Gbps of bandwidth at the ingress point. Modern large DDoS attacks can now scale as high as 400 Gbps, which is something that only large cloud and infrastructure providers are able to mitigate.
From a technical implementation perspective, there are a number of different ways that organizations connect to the cloud in order to defend against DDoS. One of them is via DNS redirection, where the enterprise or website redirects its DNS records to the cloud vendor. The Juniper VeriSign implementation is taking a very different approach.
Kennedy explained that Juniper is connecting to the VeriSign DDoS cloud by way of the BGP routing protocol. BGP currently includes a Flow Spec set of rules that can be used to route traffic based on volume.
"We're building on BGP Flow Spec as the foundation of the technology that will allow us to signal upstream," Kennedy said. "What we're building around that is a bi-directional channel for information context and threat information from the cloud to the device."
The goal is to be able to provide more information to both the cloud and the endpoint device.
Kennedy said that Juniper and VeriSign are still building out the solution, though customers can take advantage of it today. He added that the two vendors are jointly engaged in promoting and selling the solution.
Sean Michael Kerner is a senior editor at Enterprise Networking Planet and InternetNews.com. Follow him on Twitter @TechJournalist