F5 Silverline DDoS Protection F5 Product Datasheet

1y ago
12 Views
1 Downloads
773.02 KB
7 Pages
Last View : 24d ago
Last Download : 6m ago
Upload by : Arnav Humphrey
Transcription

F5 Silverline DDoS ProtectionDATASHEETProtect Your Business and Stay OnlineDuring a DDoS AttackWhat’s Inside2 Comprehensive DDoSProtection2 Real-Time Cloud-ScrubbingTechnologies4 Resilient Attack Mitigation4 Ensure the Best UserExperience4 Deployment Modes5 Unparalleled Visibility andReporting Before, During,and After a DDoS Attack6 Complete Attack Protection6 Flexible Subscriptions7 F5 Global Services7 DevCentral7 More InformationDDoS attacks are increasing in scale and complexity, threatening to overwhelm theinternal resources of businesses globally. These attacks combine high-volume trafficwith stealthy, low-and-slow, application-targeted techniques. To stop DDoS attacks fromreaching the enterprise network, organizations need a hybrid solution for cloud-basedmitigation in addition to on-premises protection.F5 Silverline DDoS Protection is a service delivered via the F5 Silverline cloud-basedplatform. It detects and mitigates DDoS attacks in real time, with industry-leading DDoSattack mitigation bandwidth to stop even the largest of volumetric DDoS attacks fromever reaching your network. F5 security experts are available 24x7x365 to keep yourbusiness online during a DDoS attack with comprehensive, multi-layered L3–L7 DDoSattack protection.Key benefitsKeep your business online during aDDoS attackStop DDoS attacks before they reach yourenterprise network and affect your business,using real-time, DDoS attack detection andmitigation in the cloud.Protect against all DDoS attack vectorsEngineered to respond to the increasing threats,escalating scale, and complexity of DDoSattacks, F5 offers multi-layered L3–L7 DDoSattack protection against all attack vectors.Defend against volumetric attacksProtect your business from even the largest ofDDoS attacks—over hundreds of gigabits persecond—with industry-leading DDoS attackmitigation bandwidth.Get expert serviceF5 Security Operations Center (SOC) expertsare available 24x7x365 with optimum serviceSLAs for uptime and response to DDoS attacksin minutes.Gain attack mitigation insightsDrive efficiencies with a hybrid DDoSsolutionThe F5 customer portal provides transparentattack mitigation visibility and reporting before,during, and after an attack.F5 offers comprehensive DDoS protection bothon-premises and with the Silverline cloud-basedapplication services platform.

DATASHEETSilverline DDoS ProtectionComprehensive DDoS ProtectionThe Silverline DDoS Protection service complements F5’s on-premises DDoS solutionto protect organizations against the full spectrum of modern DDoS attacks. This hybridDDoS protection solution from F5 combines industry-leading DDoS protection solutions onpremises for detecting and mitigating mid-volume, SSL, or application-targeted attacks—with the high-capacity Silverline DDoS Protection service to stop the volumetric attacksbefore they ever reach your network.F5 is the first leading application services company to offer a hybrid solution for DDoSprotection. By implementing Silverline DDoS Protection in addition to the on-premisessolution, customers can keep their businesses online when under DDoS attack with areduced risk of downtime, real-time DDoS mitigation response times, unparalleled visibilityand reporting, and cost efficiencies. The on-premises DDoS protection solution andSilverline DDoS Protection can be implemented independently of each other, or togetheras a hybrid solution for the most comprehensive L3–L7 DDoS protection. Throughout theF5 infrastructure and process, Silverline DDoS Protection maintains PCI DSS complianceby rigorously protecting and controlling data access, encrypting and retaining data,and archiving or deleting data.Professional Services and Support GBB Licensing: Best IP Intelligence Silverline DDoS ProtectionNetwork DDoSAttackDNS DDoSAttackSSL DDoSAttackApplication DDoSAttackCustomer ScenariosSoftware-DefinedApplication ServicesDDoS ProtectionData Center FirewallOrchestrationiControl SOAPiControl RESTProgrammabilityControl PlaneiAppsData PlaneiCalliRulesHigh-PerformanceServices FabricF5 NSPhysical SDN OpenStack OverlayFigure 1: F5 provides a comprehensive DDoS solution with both on-premises protection andcloud-based Silverline DDoS Protection.Real-Time Cloud-Scrubbing TechnologiesAny organization that delivers content or applications over the Internet can use cloud-basedDDoS protection to keep their business online during an attack with minimal impact tousers. Engineered to respond to the increasing threats, escalating scale, and complexity ofDDoS attacks, Silverline DDoS Protection offers multi-layered L3–L7 protection against allattack vectors.Silverline cloud-scrubbing centers are designed with industry-leading security and opensource technologies to detect, identify, and mitigate threats in real time and return cleantraffic back to your site. By utilizing the breadth of the most advanced security hardware,2

DATASHEETSilverline DDoS Protectionsoftware, rules engines, and customized tools, Silverline DDoS Protection providescomprehensive, multi-layered attack analysis and mitigation that cannot be achieved withother scrubbing services that use a single-vendor technology architecture.Silverline DDoS Protection can run continuously to monitor all traffic and stop attacksREFERENCE ARCHITECTURE: DDoS ProtectionCONTENTTYPE:everProduct Mapfromreaching your network, or it can be initiated on demand when your site is underAUDIENCE: Security ArchitectCUSTOMER SCENARIO: Enterprise Data CenterDDoS attack.Threat Intelligence Next-GenerationFirewallAttackersUsers leverage NGFW foroutbound protectionNetwork Firewall Services DNS Services Simple Load Balancing toApplication TierDDoS AttackerCloud ScrubbingApplication TierWeb ApplicationFirewall Services SSL TerminationDDoS ProtectionCustomeraaSPartnerF5 SilverlineCloud-BasedPlatformDDoS AttackerLTMvCMPVolumetric attacks andsize floods, operationscenter experts, L3–7known signature attacksEmployeesNetwork TierCan inspectSSL ateither tierISP may providerudimentary DDoSserviceVIPRION ualSSL attacks:SSL renegotiation, SSL floodSubscriberHTTP attacks:Slowloris, slow POST,recursive POST/GETDNS attacks:DNS amplification, query flood,dictionary attack, DNS poisoningNetwork attacks:ICMP flood, UDP flood, SYN floodAFMBIG-IP Advanced Firewall ManagerSimplified Business ModelsGOODLTMBIG-IP Local Traffic ManagerDNSBIG-IP DNSASMBIG-IP Application Security ManagerBETTERBEST IP IntelligenceF5 Silverline DDoS ProtectionFigure 2: Divert traffic to Silverline DDoS Protection for cloud-scrubbing when your network is underattack, or use it to continuously scrub all traffic to prevent a DDoS attack from ever reaching yournetwork.As traffic enters the F5 scrubbing center, it is steered and broken down into a “spectrumof suspicion.” F5 then determines the best scrubbing techniques for each segment oftraffic and automatically directs traffic through the cloud scrubbing centers for real-timeREFERENCE ARCHITECTURE: DDoS Protectionmitigation.TrafficDiagramcontinues to be tapped as it traverses the scrubbing center to confirm theCONTENTTYPE: ArchitectureAUDIENCE: IT Director/Security Engineermalicioustraffichasbeen fully removed. Clean traffic is then returned to your website withCUSTOMER SCENARIO: DDoS Scrubbing Centerlittle to no impact to the end user.Scrubbing CenterInspection PlaneInspectionToolsetsTraffic ActionerRoute anagementData PlaneCopied trafficfor inspectionNetflowNetflowGRE TunnelBGP signalingProxyLegitimateUsersIP AttackersProxy andAsymmetricMitigation TierRouting(Customer VRF)Figure 3: Silverline DDoS Protection multi-layered cloud-scrubbing technologies.3Equinix CloudExchangeCustomer

DATASHEETSilverline DDoS ProtectionResilient Attack MitigationF5’s fully redundant and globally distributed data centers and scrubbing centers are built withadvanced systems and tools engineered to deal with the increasing threats, escalating scale,and complexity of DDoS attacks. Silverline DDoS Protection provides attack mitigationbandwidth capacity of over 1.0 Tbps and scrubbing capacity up to 2.0 Tbps to protect yourbusiness from even the largest DDoS attacks. F5 partners directly with three Tier 1 carriersfor guaranteed bandwidth that is not shared or based on peering arrangements like othercloud-based services.Ensure the Best User ExperienceThe DDoS attack mitigation is invisible to your users, ensuring their experience isuninterrupted during a DDoS attack by always allowing legitimate customer traffic throughto your site and eliminating false positive alerts. Unlike other DDoS cloud-scrubbing servicesthat process traffic symmetrically, degrading the user experience with slow page load timesor broken links, Silverline DDoS Protection has several asymmetric traffic return mechanisms.These include F5 IP Reflection technology, allowing high-traffic sites to take advantageof protection without affecting the user experience. Only a fraction of the bandwidth isrequired to process inbound traffic, ensuring normal delivery of traffic back to your userswith the lowest rate of false positives and with maximum performance. Based on your needs,clean traffic can be delivered back to your site through GRE tunnels, proxy, IP Reflection,Layer 2 VPN, or connection via Equinix Cloud Exchange (in select locations).Deployment ModesComplete network protectionREFERENCE ARCHITECTURE: DDoS ProtectionCONTENT TYPE: Product MapAUDIENCE: Security ArchitectCUSTOMER SCENARIO: DDoS Routing Method—Routed ModeFor enterprises that need to protect their entire network infrastructure, Silverline DDoSProtection leverages Border Gateway Protocol (BGP) to route critical customer traffic toits scrubbing and protection center, and utilizes a Generic Routing Encapsulation (GRE)tunnel to send the clean traffic back to your network. Routed mode configuration is ascalable design for enterprises with large network deployments. Routed mode configurationdoes not require any application-specific configuration and provides an easy option to turnthe service on or off.Cloud ScrubbingLegitimateUserInternetOriginated BGPannouncementGRE tunnelF5 SilverlineCloud-BasedPlatformISPCustomer EdgeRouterF5 Silverline DDoSProtection/CustomerBGP peeringCustomerData CenterDDoSAttackerISPFigure 4: F5 routed mode leverages BGP and GRE tunnels to offer DDoS protection to your network.IP Reflection is an alternative asymmetric technique that provides network infrastructureprotection without the need for GRE tunnels. Organizations with on-premises BIG-IP LocalTraffic Manager (LTM) can leverage IP Reflection for clean traffic return. With IP Reflectionthere is no need to modify any IP addresses, and return traffic is not encapsulated (unlikeGRE, which may adversely affect some applications).4

DATASHEETSilverline DDoS ProtectionREFERENCE ARCHITECTURE: DDoS ProtectionApplicationprotectionCONTENTTYPE: Product MapAUDIENCE: Security ArchitectCUSTOMERDDoS at requireminimumnetwork changes and do not control a full public ClassCIDR/24 network or prefer to protect only a few applications, Silverline DDoS Protection canbe used in proxy mode. Proxy mode supports any application running TCP or UDP suchas HTTP, HTTPS, FTP, DNS, and more on either IPv4 or IPv6. Proxy mode can be set upquickly with simple DNS changes and with little impact to your existing network configuration.Cloud DDoSAttackerF5 SilverlineCloud-BasedPlatformISPCustomer EdgeRouterCustomerData CenterProxied connectionFigure 5: Protect your applications by making a DNS change to direct traffic through SilverlineDDoS Protection.In addition, F5 offers Silverline Threat Intelligence for additional detection and blockingof IPs known to support malicious traffic. This service reduces unwanted attackcommunications on your network and helps you avoid further mitigation requirements.Emerging threats are continuously captured and published, while IP addresses that are nolonger malicious are removed from the threat data. Silverline Threat Intelligence enhancesSilverline DDoS Protection (in proxy mode) or Silverline Web Application Firewall (WAF)services without compromising access to legitimate IP addresses.Unparalleled Visibility and Reporting Before, During, and After aDDoS AttackThe Silverline DDoS Protection includes access to the F5 customer portal, which provideseverything you need to securely set up and manage SOC services, configure proxy androuting, and receive unparalleled visibility and reporting of attack mitigation. With transparentattack mitigation visibility and reporting, the F5 customer portal provides details aboutan attack as it occurs, including the type and size of the attack, IP origin, attack vectors,mitigation process, all actions taken by the Security Operations Center during mitigation,and a transcript of all communications (when leveraging secure instant messaging).Figure 6: Use the F5 customer portal to inspect attack mitigation design, configure and provisiondeployment preferences, and view attack events and communications.5

DATASHEETSilverline DDoS ProtectionAttacks can be explored and analyzed, and packet capture reports (PCAPs) are alsoavailable for download. With detailed after-action reports available by attack and withlonger-term views of attack traffic, the F5 customer portal allows you to see the pattern ofattacks over time to help you plan for the future. In addition to logging DDoS events to beexplored and analyzed, you have the option of exporting logs via Syslog to various SEIMvendor solutions, such as Splunk, ArcSight, and QRadar.Complete Attack ProtectionSilverline DDoS Protection safeguards against a wide variety of attacks, including thoseshown below.DDoS attack protectionProtocol anomaly detectionTCP/HTTP/UDP/ICMP/SYN/NTP/GET floodL3–L4 DDoS protectionSYN flood, TCP flood, ICMP flood, UDP flood,known signature attacks, Teardrop, Smurf, Ping ofDeath, Mixed Flood, Reflected ICMPL7 DDoS protectionNTP, HTTP Flood, SlowlorisDNS traffic protectionDNS flood, DNS reflection attacks, DNSamplification attacksProtected Internet servicesInternet servicesAll, including: PFlexible SubscriptionsSilverline DDoS Protection is available as a one- or three-year subscription with flexibleoptions for protected bandwidth and payment terms: Always On and Always Available .6Always OnAlways AvailablePrimary protection as the first line of defensePrimary protection available on demandThe Always On subscription stops badtraffic from ever reaching your network bycontinuously processing all traffic through thecloud-scrubbing service and returning onlylegitimate traffic to your site.The Always Available subscription runs onstandby and can be initiated when underattack.

7DATASHEETSilverline DDoS ProtectionF5 Global ServicesF5 Global Services offers world-class support, training, and consulting to help you getthe most from your F5 investment. Whether it’s providing fast answers to questions,training internal teams, or handling entire implementations from design to deployment,F5 Global Services can help ensure your applications are always secure, fast, and reliable.For more information about F5 Global Services, contact consulting@f5.com or visitf5.com/support.DevCentralThe F5 DevCentral user community of more than 195,000 members is your source forthe best technical documentation, discussion forums, blogs, media, and more related toApplication Delivery Networking.More InformationTo learn more about Silverline DDoS Protection, visit f5.com to find these andother resources:Web pagesDDoS Protection Reference ArchitectureF5 Silverline DDoS ProtectionIf you’re under DDoS attack,F5 offers 24-hour support:866-329-4253 1 (206) 272-7969f5.com/attackF5 Networks, Inc. 401 Elliott Avenue West, Seattle, WA comf5.comJapanf5j-info@f5.com 2016 F5 Networks, Inc. All rights reserved. F5, F5 Networks, and the F5 logo are trademarks of F5 Networks, Inc. in the U.S. and in certain other countries. Other F5 trademarks are identified at laimedbyF5.DC1114 DS-SILVERLINE-52994366-ddos-update 0416

F5 Silverline DDoS Protection is a service delivered via the F5 Silverline cloud-based platform. It detects and mitigates DDoS attacks in real time, with industry-leading DDoS attack mitigation bandwidth to stop even the largest of volumetric DDoS attacks from ever reaching your network. F5 security experts are available 24x7x365 to keep your

Related Documents:

The Power of the Silverline Security Operations Center (SOC) The Silverline Security Operations Center (SOC) is global and operates 24x7x365. When you need help, you are talking directly to a Silverline WAF and DDoS expert, not a helpdesk analyst or web/phone bot assistant. Self-Service Cloud Managed Services

SDN security issues [31-37] Security policies in SDN [28,38-52] DDoS [53-56] DDoS vulnerability in SDN [33,36,57] Policies for rescuing SDN from DDoS [58-69] DDoS, distributed denial of service; SDN, software-defined network. focusing on DDoS issue, followed by the comparison of various proposed countermeasures for them. Table I has

most important questions related to DDoS attacks and the best practices offered through the Cisco DDoS Protection solution. INTRODUCTION TO DDoS ATTACKS A DDoS attack is an attack on the end host system or the network infrastructure that disrupts service to the user. The disrupti on can come in many forms, including:

anti-DDoS services and can mitigate many DDoS attacks. Having one device for firewall, IPS, and DDoS is easier to manage and less complex to deploy, but a single device to do all the protection might be easily overwhelmed with volumetric DDoS attacks. Besides, resource-intensive protection necessary to detect and defend

In DDoS attack, the attacker try to interrupt the services of a server and utilizes its CPU and Network. Flooding DDOS attack is based on a huge volume of attack traffic which is termed as a Flooding based DDOS attack. Flooding-based DDOS attack attempts to congest the victim's network bandwidth with real-looking but unwanted IP data.

as a flooding-based DDoS attack. A flooding-based DDoS attack attempts to congest the victim's network bandwidth with real-looking but unwanted data. As a result, legitimate packets cannot reach the victim due to a lack of bandwidth resource. 2 DOS AND DDOS DoS and DDoS attacks are simple in design and generated

detect a DDOS attack and thus, start the processes to defense these attacks. The main objective is to understand the DDOS attacks and to find the security measures. Keywords— DDoS, Intrusion detection, preventive measures of DDoS, defense mechanisms, defense models, game theory, application model defense, new enhanced model.

LB Waltham Forest Strategic Asset Management Plan 8 ASSESS Current practices Current state of assets Service strategies 'Assess' – establishing the status quo The aim of this phase is to review and understand the current state of the portfolio and to establish a robust base position, agreed with our service departments. During this phase, interviews were conducted with all service leads in .