With the growing reliance on distributed applications and the need to extend access to networked applications across remote offices, mobile users and partners, organizations find themselves increasingly vulnerable to application level attacks. Targeting traffic left unprotected when connected across firewalls, application level attacks include viruses, intrusions, Trojans, worms, Denial of Service and SYN attacks over ports 80, 139, 445 and others. Reaching over 4,200 attacks in 2003 alone and doubling annually, the explosive growth in vulnerabilities is incurring severe financial losses from application downtime and lost productivity.

Existing security tools, including firewalls and anti-viruses are unable to protect against application level attacks, leaving organizations completely exposed.The challenge is to thwart attacks and malicious activity in real-time while forwarding valid and secure traffic at high speeds to both connect and protect mission critical applications.

An effective security solution must take into account existing applications in organizations and security challenges including:

• Organizations increasingly rely on networked based applications and web-enabled services to core applications for running their business.

• Networked applications are vulnerable to attacks, such as viruses, intrusions, worms, and DoS attacks since traffic is tunneled into the network through ports 80, 139 and across firewalls without being inspected, as these ports are normally open. Securing networked applications requires the ability to perform deep packet inspection of ALL traffic to block attacks in real-time and prevent attacks from entering the network and paralyzing applications.

• The number and severity of application vulnerabilities are growing at an explosive rate, reaching over 5,200 in 2004 alone and doubling annually. As a result the cost of attacks is skyrocketing.

• Existing security tools including firewalls, IDS and antivirus gateways do not have the processing capacity, performance and the application security intelligence to secure against application level attacks, leaving organizations exposed.

Therefore there is an immediate need for an inline security solution that bi-directionally scans all network traffic and delivers real-time protection from a wide variety of application level attacks such as worms, viruses, exploits and DoS/DDoS attacks, at multi-Gigabit speeds.

Radware DefensePro Solution

DefensePro features inline security switching and accelerated, stateful, deep-packet inspection - using Radware’s industry leading StringMatch Hardware Engine™ – to bi-directionally scan and protect all network traffic against application level attacks. DefensePro intercepts over 1,500 malicious signatures, hidden worms and viruses, blocking application attacks at an unmatched speed of 3-Gigabits/Sec. Identifying and mitigating protocol and traffic anomalies in real-time, DefensePro prevents DoS/DDoS attacks and SYN floods, safeguarding against all illicit traffic patterns and hacking.

DefensePro isolates attacks by dynamically managing bandwidth to stop propagation across users and resources while ensuring the complete continuity and performance of all secure traffic to proactively control impact and limit damage.

DefensePro Features and Benefits

DefensePro is a 3-Gigabit security switching platform delivering high-speed intrusion prevention and Denial of Service protection to secure networked applications against attacks:

This section will focus on the following capabilities of DefensePro:

• 1. Attack Monitoring and Isolation

One of the main challenges that network managers often face in fighting attacks, is the lack of proper tools that can scan and inspect the traffic on the application layer. DefensePro provides administrators with complete visibility into their network’s traffic coupled with capability to identify worms, viruses and abnormal traffic patterns in real-time providing full visibility of all active threats.

Once an attack is detected, DefensePro enables proactive attack isolation using bandwidth management to dynamically restrict bandwidth allotments across all effected applications, users or segments to immediately control impact and damage.

Controlling the maximal bandwidth that DoS attacks can consume limits the attack impact, ensuring that other mission critical operations will not be affected and will continue to enjoy the bandwidth and service level required to guarantee smooth business operation. In a similar manner, carriers can ensure that a customer’s SLA will not be compromised due to a DoS attack launched on another customer.

• 2. Intrusion Prevention

DefensePro performs bi-directional, stateful, deep packet inspection and accelerated signature matching to immediately block hidden worms, viruses, Trojans and intrusions. Providing multi-Gigabit speed protection for over 1,400 attack signatures with 24x7 security updates, DefensePro ensures continuous application security.

• 3. Denial of Service Protection

DefensePro offers multi-Gigabit Denial of Service/DDoS protection, and advanced SYN flood protection for known and unknown SYN floods, DefensePro thwarts up to 700,000 SYNs per second safeguarding networks against Denial of Service attacks.

• 4. Traffic Shaping

End-to-End Traffic Shaping and Optimization Dynamic traffic shaping ensures the continuity of mission critical applications by controlling end-to-end bandwidth to guarantee service levels.

By dynamically controlling bandwidth, DefensePro proactively isolates attack impact, preventing spread to users and applications while ensuring complete continuity of all unaffected and secure mission critical applications.

• 5. Security Update Service

The Security Update Service (SUS) delivers automated weekly and emergency attack signature filters for subscribers, ensuring up-to-date protection against current and emergent application vulnerabilities.

• 6. Centralized Security Management

Configware Insite enables a centralized set-up, configuration and attack signature updating across multiple DefensePro devices from one central console for unified management of application security.  

Differentiating Factors

In the security market there is a plethora of security tools, ranging from firewalls, VPN gateway, and IDS to anti-viruses. To effectively mitigate application level attacks, which today constitutes the majority of network attacks; Gartner recommends that “Enterprises must make security decisions based on deep packet inspection of application content, in addition to simple stateful protocol filtering.”

DefensePro is the only product in the market to combine 3Gbps security performance and application security intelligence to secure networked applications from the network layer up to the application layer.

DefensePro is unique in its diversified multi-layer security approach, which combines several mechanisms for attack detection (1,500 attack signatures and protocol anomaly), together with advanced mitigation tools such as DoS Shield, SYN cookies and application security, to fully mitigate malicious attacks as well as DoS attacks.

The underlying technology that enables it, is DefensePro’s 4-tier security switching architecture, featuring switching ASICS with a 44 GB wire-speed backplane, 2 Network processors, RISC processor and a dedicated ASIC based hardware acceleration card (StringMatch Engine). This makes DefensePro a benchmark in Application Security performance across high-speed/high capacity environments.

Other unique advantages are:

High port density - allows multi-segment protection in a single unit for immediate ROI.

Simple inline installation - the transparent nature of DefensePro allows seamless inline integration into any network environment, facilitating real-time protection without making any changes in the setting of network elements.

Full device security - the transparency also means excellent security since no user can obtain information on the device presence on the network.

Attack Isolation - integrated traffic shaping capabilities allows for the proactive definition of policies, which isolates the propagation of worms, viruses and DoS attacks to other customers / segments.

QoS for mission critical applications - traffic shaping policies can also allot mission critical applications with higher QoS, while limiting the bandwidth consumption of non-business applications such as P2P applications.

Summary

Radware identified a clear need for real-time inline security solution that bi-directionally scans all network traffic and delivers full protection from application level attacks such as worms, viruses, exploits and Dos attacks, at multi-Gigabit speeds.

This need is met with DefensePro the first security switch providing multi-Gigabit deep packet inspection and signature matching to isolate, block and prevent attacks in real- time.