VeriSign, Arbor Offer Anti-DDoS Tools to Protect Enterprise Networks

To help organizations defend against distributed-denial-of-service attacks, VeriSign expanded its cloud-based service and Arbor Networks introduced its anti-DDoS appliances.

As distributed-denial-of-service attacks become more prevalent and easier to launch, companies like VeriSign and Arbor Networks are rolling out DDoS mitigation services for customers.

Internet infrastructure company VeriSign expanded its cloud-based anti-DDoS service to small and medium-sized businesses on May 9. Arbor Networks followed up on May 10 with its own line of enterprise data center protection gear with anti-DDoS capabilities.

Arbor Networks has marketed Peakflow, its line of anti-DDoS tools, to Internet service providers, carriers and managed security providers. The new Arbor Pravail Availability Protection System appliances are intended for corporate IT departments to immediately stop malicious traffic at the data center, according to Arbor. IT managers can try to detect and filter out some or all of the incoming packets to defend against an ongoing attack.

Arbor plans to have the Pravail APS somehow communicate with the upstream provider's Peakflow to automate anti-DDoS defenses on two fronts.

The goal is to avoid the immediate loss of bandwidth and server availability that happens when the network is under a DDoS attack, Arbor said. The appliance, going into beta this month, will be installed in front of the Internet firewall and near routers with upstream connections to the ISP. Arbor will ship four flavors of the hardware, supporting speeds from 2G bps to 10G bps, sometime in the third quarter.

VeriSign took a different approach to help organizations defend against attacks by expanding its cloud-based service to small and medium-sized businesses. It is cheaper for companies to protect their networks using the cloud than to try to build out the hardware necessary to try to handle the bandwidth, Sean Leach, vice president of technology with the network intelligence and availability group at VeriSign, told eWEEK. A typical onside system can cost more than $100,000 for the equipment, according to VeriSign.

VeriSign expanded its cloud-based DDoS protection service to cover small and medium-sized businesses. The DDoS Mitigation Service, with a starting price of $35,000 a year, is available immediately to companies, VeriSign said. If the attack takes up more than 1G bps of bandwidth, companies will incur additional charges.

VeriSign has offered this service to major financial services firms in the past.

VeriSign recently surveyed 225 IT executives in its State of DNS Availability report and found that DDoS attacks have become fairly common. Approximately 63 percent of survey respondents claimed they were hit at least once by a DDoS attack, and 11 percent reported being attacked more than six times in the past year.

Nearly 78 percent of executives were extremely concerned about the prospect of a DDoS attack. Furthermore, 71 percent of companies surveyed didn't have a DDoS mitigation system in place nor did they plan to implement one this year.

"It was very interesting that people are getting hit more often," Leach said. Back in the day, DDoS was considered a very rare attack.

The scale of DDoS attacks has grown to the point where few organizations can defend themselves on their own. Considering the size of attacks, few companies have enough bandwidth to protect against DDoS attacks, according to Leach. It's also difficult to assess how much bandwidth to buy beforehand. Even if the enterprise invests in a 10G-bps pipe, it won't be enough if the attack is sufficiently large enough. There have been attacks as large as 80G bps, according to the report.