Nowadays service providers are facing constant and growing threats to ensure their bandwidth availability and performance. The most intimidating threats to a service provider’s bandwidth availability are the Distributed Denial of Service (DDoS) attacks. DDoS attacks paralyze internet systems by overwhelming servers, network links, and network devices (routers, switches, firewalls, etc.) According to a number of network security reports, DDoS attacks propagated by botnets – not viruses, worms, nor spam – currently pose the biggest threat to the internet.
Conventional security solutions, such as firewall or IDS/IDP products, deployed at the server, host or local network edge may detect and remove attacks at the edge protecting the local network and hosts. However, these conventional approaches cannot mitigate the DDoS attack damages for network operators. Even though the attacks are removed at the very last mile, the operator’s backbone pipes have been seriously jammed, and the routers and switches on the attacking paths are paralyzed. Even if the victim network is not directly attacked by the traffic, the operator becomes the victim hence the target networks would be disconnected from the internet.
Tackling DDoS attacks requires a new approach that not only detects the increasingly complicated, sophisticated and deceptive attacks, but also mitigates the impacts of the attacks to ensure network resource availability. GenieATM is such the solution providing carrier-grade network-wide DDoS defense by embedding a Network Behavior Anomaly Detection engine. It can be applied to remove the threats directly from the operator’s network infrastructure to protect the ISP backbone as well as the edge local networks.