Radware improves DDoS protection with latest launch

Radware, a provider of cybersecurity and application delivery solutions, has officially launched a new cloud web DDoS protection solution.

The solution aims to minimize the growing gap between standard DDoS mitigation and a new breed of more aggressive HTTPS Layer 7 (L7) flood attacks – also known as web DDoS tsunami attacks.

Radware’s advanced solution is designed to combat these encrypted, high-volume, multi-vector threats that bypass standard web application firewalls (WAF) and network-based DDoS tools, essentially rendering them ineffective.

Gabi Malka, Chief Operating Officer of Radware, comments: “The dramatic rise in web DDoS tsunami attacks poses an imminent cyber threat. Organizations around the world, regardless of industry, have fallen victim to these attacks and are unaware why their existing defense solutions are faltering.”

“Just because organizations have standard WAFs or network-based DDoS mitigation, they shouldn’t assume they’re adequately protected.”

The proliferation of web DDoS tsunamis has raised the bar for effective L7 DDoS detection and mitigation. In their latest campaigns, hackers are combining network and application layer attacks and using new tools to create these massive one request per second (RPS) web DDoS attacks, according to Randware.

To evade detection, these L7 DDoS attacks appear as legitimate traffic and use multiple evasion techniques such as random HTTP headers, cookies, spoofed IPs, and more.

Malka continues: “Off-the-shelf solutions that take a rate-limiting approach are not designed to handle this new generation of web DDoS tsunami attacks.”

“To defend against these attacks, organizations need behavior-based Layer 7 security solutions that can adapt in real-time to scale larger than any on-premises solution, and surgically block attacks without blocking legitimate traffic .”

He says standard WAF and network-based DDoS protection solutions are ineffective at detecting and containing web DDoS tsunamis without impacting legitimate traffic. Detecting these attacks requires decryption and thorough inspection of L7 traffic headers, which network-based DDoS protection solutions are unable to do.

At the same time, on-premises or cloud-based WAF solutions based on signature-based protections are ill-equipped to deal with the random nature, scale and complexity of these attacks.

Radware anticipated the changing threat landscape and developed its new Cloud Web DDoS Protection. The R&D-backed solution combines behavioral-based, automated algorithms with the scale-up infrastructure needed to accurately defend organizations against high-RPS web DDoS tsunami attacks.

In addition, Radware Cloud Web DDoS Protection offers:

• Minimizes False Positives: Dedicated behavior-based algorithms quickly and accurately detect and block L7 DDoS attacks without disrupting legitimate traffic.
• Provides comprehensive attack coverage against the most advanced threats and zero-day attacks: The solution protects organizations from a wide range of L7 DDoS threats, including smaller, more sophisticated attacks; new L7 attack tools and vectors; and large-scale, sophisticated web DDoS tsunami attacks.
• Instant and Adaptive Protection: Using proprietary behavioral analysis and real-time signature generation, Radware instantly detects HTTPS floods and continually adjusts countermeasures in real-time to prevent downtime.
• Provides security: The automated and fully managed solution aims to help companies block these sophisticated attack campaigns consistently across all their applications and environments.

For organizations facing a DDoS attack, Radware also offers an emergency onboarding service to help neutralize security risks and protect operations before damage occurs.