Application networking specialist A10 Networks announced the launch of its Thunder TPS Release 3.1, which a programmable policy engine through the regex or enhanced aFleX commands and extends new distributed denial of service (DDoS) mitigation capabilities to block additional attacks such as the recent POODLE attack.
The platform also provides rate-limiting for granular Layer 4-7 control to enable mitigation, and includes comprehensive detection capabilities with access to more than 400 global, destination-specific and behavioral counters, to eliminate false positives.
TPS Release 3.1 is aimed at larger networks with high Internet connectivity bandwidths, larger enterprises and carriers, internet service providers (ISPs), anything as a service (XaaS), including gambling, hosting and cloud providers, and is not aimed at small and midsize businesses (SMBs), Paul Nicholson, director of product marketing for A10 Networks, told eWEEK.
"This offering is aimed at companies that require large-scale, comprehensive, programmable mitigation solutions," he said, noting that pricing starts at $99,995.
The release includes a policy engine, which provides a programmable centralized configuration and management engine along with access to system states and statistics to simplify enforcement of advanced application and security policies, and passive mode deployment, which allows deployment without affecting ongoing packet flows.
"DDoS attacks are still largely relying on using proven techniques--especially infrastructure attacks--but are combining them with more sophisticated application-layer attacks, where higher levels of variation are seen," Nicholson said. "Businesses need a solution that is able to deal with these multi-vector attacks, and is adaptable and programmable to adapt to new attacks or enable customer-specific traffic enforcement."
Enhanced logging functionality includes the common event format (CEF) open log management standard, increasing cross-platform support, while an updated graphical user interface (GUI) allows for more detailed overviews of network statistics, reports, and a user-friendly interface to define and edit policies.
In addition, visibility enhancements expose enhanced traffic details to provide a more comprehensive understanding of regular and anomalous traffic patterns.
A high-speed statistics export enables granular packet statistics to be exported at high speed to third-party analytic devices, using sFlow and NetFlow based protocols, and technology partners such as FlowTraq and Genie can now receive more data to enhance traffic analysis.
Nicholson said as DDoS attacks look for weak spots to exploit, SSL traffic is increasing, authenticating clients are real, versus a spoofed connection becomes more important as the attack surface increases.
He cited a January 2014 Netcraft Web server survey which found 48 percent more of the million most popular websites were using SSL in January 2014 than a year earlier.
"IPv6 adoption is up, and gaining pace – from not even 1 percent to 5 percent in the last few years," he said. "If your equipment does not protect against IPv6 attacks, then your IPv4 host can be brought down due IPv4 and IPv6 to dual-stacked devices."
Nicholson noted flexibility is required, such as visibility into what is happening on the network, and tools to respond quickly to previously unknown attacks with tools such as A10’s programmability options.