DefenseFlow: The First Ever SDN Application That Programs Networks for DoS/DDoS Security


Radware has announced its comprehensive SDN strategy and has introduced its first SDN Application: DefenseFlow™.

Why is the DefenseFlow™ release so exciting? SDN is all the rage where most L4-L7 vendors will make an effort to show they are part of the game. But eventually most vendors just provide an API for the customer to build their SDN Application – which allows them to claim they have a solution for SDN.

However, Radware provides a set of SDN Applications as well as the APIs and a complete solution that enables us to program the network for security and for ADC (thus enabling the network to deliver increased value.) The result is a transformation of application delivery and security from device-based into network-wide services by utilizing SDN as an enabling architecture.

Now, allow me illustrate our concept of DefenseFlow™. It is an application developed by Radware that runs on top on any switching vendor SDN controller. Its features include an adaptive behavioral-based DoS attack detection engine and a traffic diversion mechanism that utilizes the programmable characteristics of the software network elements for attack cleansing.

By moving attack detection intelligence to the SDN application, DefenseFlow™ can collect network statistics from the data plane without the need to deploy costly hardware detectors – it just programs the SDN controller to define the required data plane statistics to collect.

Using these statistics DefenseFlow™ continuously inspects the configured targets for potential network DoS/DDoS attacks in out of path mode. Once an attack is detected, DefenseFlowTM diverts only the suspicious traffic to the nearest mitigation device (DefensePro) by utilizing the programmable characteristics of the software defined network elements for attack cleansing. This means that operators can deploy the mitigation devices from any network location.

So, what do network operators gain? Quite a lot. They’ll gain immediate attack detection in seconds rather than minutes – by collecting the most relevant statistics required every second. Low operational cost involved with traffic diversion using native SDN services instead of using tunneling (e.g. GRE, MPLS) and BGP injection.

They’ll also gain a lower solution cost overall: Thanks to SDN abstraction services and DefenseFlowTM implementation as an SDN application, there is no need for multiple costly hardware detectors for every network segment (each requiring a router port.)

To learn more about DefenseFlowTM and Radware’s SDN strategy, click here.


Please enter your comment!
Please enter your name here