To help organizations defend against distributed-denial-of-service attacks, VeriSign expanded its cloud-based service and Arbor Networks introduced its anti-DDoS appliances.
attacks become more prevalent and easier to launch, companies like VeriSign and
Arbor Networks are rolling out DDoS mitigation services for customers.
Internet infrastructure company VeriSign
expanded its cloud-based anti-DDoS service to small and medium-sized businesses
on May 9. Arbor Networks followed up on May 10 with its own line of enterprise
data center protection gear with anti-DDoS capabilities.
Arbor Networks has marketed Peakflow,
its line of anti-DDoS tools, to Internet service providers, carriers and
managed security providers. The new Arbor Pravail Availability Protection
System appliances are intended for corporate IT departments to immediately stop
malicious traffic at the data center, according to Arbor. IT managers can try
to detect and filter out some or all of the incoming packets to defend against
an ongoing attack.
Arbor plans to have the Pravail APS
somehow communicate with the upstream provider's Peakflow to automate anti-DDoS
defenses on two fronts.
The goal is to avoid the immediate loss
of bandwidth and server availability that happens when the network is under a
DDoS attack, Arbor said. The appliance, going into beta this month, will be
installed in front of the Internet firewall and near routers with upstream
connections to the ISP. Arbor will ship four flavors of the hardware,
supporting speeds from 2G bps to 10G bps, sometime in the third quarter.
VeriSign took a different approach to
help organizations defend against attacks by expanding its cloud-based service
to small and medium-sized businesses. It is cheaper for companies to protect
their networks using the cloud than to try to build out the hardware necessary
to try to handle the bandwidth, Sean Leach, vice president of technology with
the network intelligence and availability group at VeriSign, told eWEEK. A
typical onside system can cost more than $100,000 for the equipment, according
VeriSign expanded its cloud-based DDoS
protection service to cover small and medium-sized businesses. The DDoS
Mitigation Service, with a starting price of $35,000 a year, is available
immediately to companies, VeriSign said. If the attack takes up more than 1G bps
of bandwidth, companies will incur additional charges.
VeriSign has offered this service to
major financial services firms in the past.
VeriSign recently surveyed 225 IT
executives in its State of DNS Availability report and found that DDoS attacks
have become fairly common. Approximately 63 percent of survey respondents
claimed they were hit at least once by a DDoS attack, and 11 percent reported
being attacked more than six times in the past year.
Nearly 78 percent of executives were
extremely concerned about the prospect of a DDoS attack. Furthermore, 71
percent of companies surveyed didn't have a DDoS mitigation system in place nor
did they plan to implement one this year.
"It was very interesting that people
are getting hit more often," Leach said. Back in the day, DDoS was considered a
very rare attack.
The scale of DDoS attacks has grown to
the point where few organizations can defend themselves on their own.
Considering the size of attacks, few companies have enough bandwidth to protect
against DDoS attacks, according to Leach. It's also difficult to assess how
much bandwidth to buy beforehand. Even if the enterprise invests in a 10G-bps
pipe, it won't be enough if the attack is sufficiently large enough. There have
been attacks as large as 80G bps, according to the report.