ADVANCED DDoS and FLASH CROWD MANAGEMENT
Multi-level Network Protection
Network Entity Level Protection
IntelliGuard's solutions protect a hierarchy of hosts and domains, preventing attackers from working under any pipe threshold to knock out low bandwidth services on high bandwidth connections.
For example: an email service filtering threshold can be set to the maximum capacity of the email server so that a small targetted attack against the mail server is filtered despite being well below any pipe size anywhere else in the network.
How It Works
IntelliGuard enables network administrators manually or automatically configure filtering thresholds and guarantees to restrict bandwidth, packet rate and connection attempts for every individual network entity, as well as globally. Minimum and guaranteed service levels can be provided for each entity domain/service.
The DDoS Protection System (DPS) from IntelliGuard seeks to pass legitimate traffic rather than block attack traffic. Rate limits are enforced to each entity in a protected network, with up to 64,000 individual network entities defined in a 5 level hierarchy, all protected by a single IntelliGuard DPS appliance.
|
The DPS does not just impose a simple global limit on network traffic. Virtual traffic limits can be manually set (or automatically configured based on normal, historic traffic levels). Limits can be set for each virtualized network entity, customer, customer groups or even for each service within a host. This approach contrasts with competing systems which impose crude global limits that can result in massive collateral damage across multiple customers/services on the attacked network. |
 |
Configured traffic limits determine the threshold at which filtering is initiated for each part of the application/network infrastructure. Each source IP that interacts with the protected network is assigned an overall legitimacy score, based on the source's behavior on a range of variables managed by IntelliGuard’s patent protected algorithms. These scores are updated in real-time as a source IP visits the protected network. During attacks, traffic is automatically dropped from the lowest ranked (least legitimate) sources. Due to this design it does not matter what type or quantity of traffic attacker's send or whether it is an attack or flash crowd; the DPS continues to pass legitimate traffic, always letting in the most possible traffic, and continuing assessing and queing all other traffic in real time
Benefits
Multi-level network entity protection provides the most robust approach to network and application protection to:
- Guarantee application services under traffic duress
- Enable fine grain capacity control filtering all traffic to all network entities
- Prevent DDoS and flash crowd event failures within all parts of the network
- Protect all customers not being attacked
- Enable value added protection services for managed security service providers