Application delivery controller vendor A10 Networks announced a new series of appliances dedicated to defending against denial-of-service attacks.
Whereas an ADC has a virtual IP address and sits as a proxy in front of a rack of servers, the Thunder TPS sits at the perimeter and it is engineered to protect an entire data center from volumetric and application-level DDoS attacks, Matlof said.
"You need something that scales immediately and very quickly [against DDoS attacks]," said Richard Domingues Boscovich, assistant general counsel at the Microsoft Digital Crimes Unit (DCU). Microsoft relies on A10 for DDoS protection.
Microsoft DCU specializes in disrupting the botnet infrastructure of criminal DDoS perpetrators through legal and technical countermeasures, which makes Microsoft a target for retaliatory attacks, Boscovich said. In other words, by attacking botnets that criminals use for DDoS attacks, Microsoft has painted a target on itself.
"When you take away a criminal's livelihood, they are not very happy about it," he said. "We anticipated that there would be retribution from these groups against our systems. We worked with A10 to architect something [that] includes a lot of what you see in their product now."
DDoS protection: On-premises products becoming more important
Enterprises have relied on cloud-based protection because DDoS attacks have historically been volumetric. Botnets would flood a data center's WAN link with junk traffic, a tactic that hamstrings on-premises DDoS protection appliances.
"If [botnets] are sending you a lot of junk traffic, then they are filling up your pipe by the time it gets to the data center," said Lawrence Orans, research director for Stamford, Conn.-based Gartner Inc. "You need to choke that off in the cloud further upstream."
In fact, DDoS protection service providers typically rely on appliances like the A10 Thunder TPS or similar products from Radware or Arbor Networks to filter out DDoS traffic in their clouds. The Thunder TPS series is engineered to provide the filtering throughput these providers need. The starter box, the 4435 TPS, has 37 Gbps throughput, and the top-of-the-line 6435 TPS offers 155 Gbps. Customers can cluster the appliances to get 1 Tbps of aggregate throughput.
The release of Thunder TPS comes as the nature of DDoS attacks is changing. Over the last few years, about 25% of all DDoS attacks have been application-based, Gartner's Orans said. Application-based DDoS attacks don't saturate network links; instead they target the CPUs or memory on servers by sending malicious commands or requests to websites or enterprise applications.
"It's one command. It could be 'Search *.*', and that would put the CPU into overdrive or chew up all the memory," Orans said.
Application-based attacks require sophisticated filtering and policy engines, and many enterprises prefer to deploy this protection in their data centers.
"We are seeing more of our clients combine a cloud service [for volumetric protection] with an appliance on-premises [for application-based protection]," Orans said. With on-premises protection "you can set rules and filters right there in your data center with the servers that are being targeted. The organization has more control over the filters and rules that it can set."
In fact, many DDoS attacks are blended operations that use both volumetric and application-based attacks, prompting enterprises to implement anti-DDoS measures within their data centers and upstream with service providers.
The A10 Thunder TPS series, which will be generally available next month, has a starting price of $195,995. It supports 128 million rules and has RESTful application programming interfaces that enable third-party security systems to interact with it.