Sergey Nivens - Fotolia
A10 Networks upgraded the software underpinning its Thunder Threat Protection System (TPS). A10 added a programmable policy engine, beefed up threat detection, improved dual-stack IPv4 and IPv6 support and added an enhanced graphical user interface.
The system, with a rated mitigation throughput of 155 Gbps, or 200 million packets per second, is geared to large data centers and carriers that face both volumetric and application-level DDoS attacks. Customers can cluster the appliances to get up to 1 Tbps of aggregate throughput.
The upgrade to Thunder TPS comes as enterprises and data centers grapple with the specter of ever-complex and escalating DDoS attacks that can cripple their operations. "The anti-DDoS space has really spread out in two directions," said Adrian Sanabria, a security analyst with 451 Research. "First is the breadth of attacks that can be mitigated, and second is the size of the attacks that can be mitigated. The Thunder TPS is in the on-premises space, and fulfills both breadth and size for most enterprises. A10 scales well at a reasonable cost, but you'd want to pair the Thunder TPS with something cloud-based or upstream as well, as the really big attacks could still overwhelm it."
More flexibility in providing DDoS attack prevention
Brad Casemore IDC
The software upgrade, TPS 3.1, gives Thunder TPS users more flexibility in how they can block attacks, said Paul Nicholson, A10's director of product marketing. Chief among the enhancements is the addition of regular expressions rules and enhanced aFleX tool command language scripting. "Programmability is very important," Nicholson said. "Now we offer two different ways to offer programmable rules. If someone drops a zero-day attack which they can identify, they can program a rule to block that attack."
The Thunder TPS' processing capacity, he adds, allows users to craft rules as long as needed in order to meet their needs.
SSL attacks growing as potential network vulnerabilities
To help users further mitigate attacks, A10 increased the appliance's ability to protect networks against Transport Layer Security and Secure Sockets Layer vulnerabilities, such as the recent POODLE man-in-the-middle attack. It is also providing more robust SSL protection to validate whether clients attempting to access the network are legitimate or part of a botnet.
"More and more traffic is becoming encrypted, but that also opens up the possibility for it to be abused as well," Nicholson said. "We can block sites that can cause the vulnerability to happen, or we can intercept spoofed SSL clients to make sure that the client behind it is actually responding."
Meanwhile, users can now access more than 400 destination-specific behavior counters -- a sharp increase in the number available in the previous version of TPS -- viewable via the GUI or CLI -- to determine the presence and identity of potential threats. Those packets can be further analyzed through third-party applications from FlowTraq and Genie, thanks to sFlow and NetFlow protocols, Nicholson said.
Finally, TPS 3.1 allows Thunder TPS to inspect MPLS-encapsulated traffic and permits the appliance to use Network Address Translation as an alternative to tunneling when sending cleaned traffic to other areas within the network.
"As DDoS attacks become more creative and varied, the onus is on vendors to devise technologies and solutions that better detect and mitigate them," said Brad Casemore, research director at IDC. "During these past few years, we've seen leading vendors of application delivery controllers bolster their security capabilities to meet customer demands and keep pace with the evolving threat landscape. This is exactly what you're seeing from A10, which continues to strengthen the feature set and functionality of the Thunder TPS, including enhancements to the policy engine, detection features and visibility."