Check Point Takes Aim at Network DDoS
Check Point is a company well known in the IT industry for helping to pioneer the market for network firewalls. While firewall technology does keep out bad traffic, there may still be a need for an additional layer of hardware to stop distributed denial of service (DDoS) attacks.
Check Point rolls out new DDoS Protector
Check Point is now rolling out a new line of hardware appliance called the DDoS Protector. DDoS attacks occur when an end point or server is flooded with an overwhelming number of requests from a large pool of distributed addresses. DDoS attacks have recently had a higher profile due to hacktivism attacks using the low orbit on cannon (LOIC) and other similar DDoS tools.
While DDoS mitigation can be a feature on next generation firewall (NGFW) and IPS appliances, it is Check Point's view that a standalone hardware appliance that provides comprehensive layers of DoS/DDoS protections is also needed.
"The device is using behavioral analysis and other fuzzy logic techniques for detecting attacks, while the NGFW and IPS are using a more deterministic approach," Alon Kantor, corporate development architect at Check Point, told Enterprise Networking Planet.com. "In addition, the device is using parameters from several layers simultaneously instead of relying on each feature separately."
Kantor also noted that high volume network flood attacks require specialized hardware. The hardware that Check Point is delivering leverages a proprietary OS developed by Radware, based on Intel's Wind River VxWorks. Check Point is partnering with security vendor Radware for the DDoS Protector to build the device.
"Our partnership with Radware brings together the security experience and expertise of both companies, allowing our customers to benefit from advantages of both companies," Kantor said.
DDoS in the ear of IPv6
The ability to scale to defend against large scale DDoS attacks is even more important in the new era of IPv6 addresses. With IPv4 addressing, an attack distribution is limited by the number of available address. With IPv6 and its trillions of addresses, the potential scale for DDoS is vastly larger. The DDoS Protector supports IPv6 as a transparent network bridge on Layer 2 and the protections are content-aware.
"The solution has the ability to block attack traffic and allow legitimate traffic through," Kantor said. "It is an issue of packets per second and not IP addresses."
The DDoS Protector has the ability to scale to 12 gigabits per second (Gbps) of traffic throughput. But, while throughput is important, so are the different techniques that are used to detect and mitigate DDoS attacks.
Kantor explained that spoofed connections can be blocked with challenge/response techniques. A spoofed connection is one where the IP of the attacking address is not a legitimate address. Kantor added that the HTTP Mitigator is able to detect and block attack behavior.
"The solution has a baseline of legitimate traffic and is able to gauge attack traffic using multiple elements," Kantor said. "It is smart enough to gauge flash/high volume legitimate traffic and allow it, but detect attack traffic and block it."
DDoS attack traffic can be directed against a specific IP or network device but it can also be targeted at a specific application. That's where the Directed Application Dos/DDoS Protections come into play.
"The device includes application-specific parsers and protections for HTTP and DNS," Kantor said. "For all other application layer protocols it is able to create custom signatures and filters to block these unwanted requests."
While the DDoS Protector is a standalone hardware appliance it will be able integrate and benefit from other Check Point security solutions. Check Point's Smart event correlation technologies, SmartLog and SmartView tracking and logging tools can all work with the DDoS Protector to provide a unified view of what's going on in a network.
The DDoS Protector is available from Check Point at a starting price MSRP of $19,000.