Description
Distributed Denial of Service (DDoS) attacks remain a top threat to IT security and have evolved in almost every way to do what they do best: shut down access to your vital online services.Unlike intrusion and malware attacks, DDoS attackers have learned that they don’t need to attack only end-point servers to shut you down. They attack any IP address that routes to your network: unused IPs, Inter-router-link public IPs or Firewall/Proxy/WiFi Gateway public IPs.Cloud-based CDN and DNS-based cloud mitigation cannot protect you from these attacks. What is the impact to your business if your users cannot reach cloud services because your firewall or demarc router public IP is being DDoSed? Your CDN-based web servers may be up but your business is down!Sophisticated multi-vector and multi-layer DDoS attacks use direct and reflected packets where the spoofed, randomized source IPs are impossible to ACL. These attacks are increasingly common as Mirai-style code has morphed into many variants and has been commercialized by providers of “stresser” sites. Anyone can call down large attacks for a few dollars.To combat these attacks, you need a solution that dynamically protects a large attack surface.Powered by SPU – A Different and Better Approach to DDoS Attack MitigationOnly Fortinet FortiDDoS appliances use Machine Learning detection methods in dedicated, custom-silicon Security Processing Units (SPUs) to deliver the most advanced and fastest DDoS attack mitigation on the market today, without the performance compromises of multi-CPU or CPU/ASIC hybrid systems. The TP2 and TP3 SPU Traffic Processors inspect 100% of both inbound and outbound Layer 3, 4 and 7 packets, resulting in the fastest and most accurate detection and mitigation, and the lowest latency in the industry.FortiDDoS uses 100% machine learning, behavior-based methods to identify threats. Instead of requiring predefined signatures to identify attack patterns, FortiDDoS uses its massively-parallel computing architecture to build an adaptive baseline of normal activity from hundreds-of-thousands of parameters and then monitors traffic against that baseline. Should an attack begin, FortiDDoS sees this as abnormal and immediately takes action to mitigate it.The Power of SPUs – Flexible, Autonomous DefensesFortiDDoS protects you from known and “zero-day” attacks without creating local or downloading subscription signatures for mitigation. Other vendors try to conserve CPU real-time by inspecting a relatively small number of parameters at a low sample rate, unless and until an explicit signature is created. FortiDDoS’ massively parallel SPU Traffic Processors sample 100% of even the smallest packets, for over 230,000 parameters for each Protection Profile. This allows FortiDDoS to operate completely autonomously, finding some attacks on the FIRST packet and all attacks within 2 seconds – broader and faster mitigation than any other vendor or method. There is no need to adjust settings, read pcaps or add regex-style manual signatures or ACLs in the middle of attacks. While attacks are being mitigated, FortiDDoS continues to monitor all other parameters to instantly react to added or changed vectors.