Application SecurityAttack MitigationDDoS AttacksSDNSecurity

DefenseFlow: The First Ever SDN Application That Programs Networks for DoS/DDoS Security

April 15, 2013 — by Ron Meyran0

Radware has announced its comprehensive SDN strategy and has introduced its first SDN Application: DefenseFlow™.

Why is the DefenseFlow™ release so exciting? SDN is all the rage where most L4-L7 vendors will make an effort to show they are part of the game. But eventually most vendors just provide an API for the customer to build their SDN Application – which allows them to claim they have a solution for SDN.

However, Radware provides a set of SDN Applications as well as the APIs and a complete solution that enables us to program the network for security and for ADC (thus enabling the network to deliver increased value.) The result is a transformation of application delivery and security from device-based into network-wide services by utilizing SDN as an enabling architecture.

Now, allow me illustrate our concept of DefenseFlow™. It is an application developed by Radware that runs on top on any switching vendor SDN controller. Its features include an adaptive behavioral-based DoS attack detection engine and a traffic diversion mechanism that utilizes the programmable characteristics of the software network elements for attack cleansing.

By moving attack detection intelligence to the SDN application, DefenseFlow™ can collect network statistics from the data plane without the need to deploy costly hardware detectors – it just programs the SDN controller to define the required data plane statistics to collect.

Using these statistics DefenseFlow™ continuously inspects the configured targets for potential network DoS/DDoS attacks in out of path mode. Once an attack is detected, DefenseFlowTM diverts only the suspicious traffic to the nearest mitigation device (DefensePro) by utilizing the programmable characteristics of the software defined network elements for attack cleansing. This means that operators can deploy the mitigation devices from any network location.

So, what do network operators gain? Quite a lot. They’ll gain immediate attack detection in seconds rather than minutes – by collecting the most relevant statistics required every second. Low operational cost involved with traffic diversion using native SDN services instead of using tunneling (e.g. GRE, MPLS) and BGP injection.

They’ll also gain a lower solution cost overall: Thanks to SDN abstraction services and DefenseFlowTM implementation as an SDN application, there is no need for multiple costly hardware detectors for every network segment (each requiring a router port.)

To learn more about DefenseFlowTM and Radware’s SDN strategy, click here.

Ron Meyran

Ron Meyran leads the marketing activities, partner strategy and Go-to-Market plans for Radware’s alliance and application partners. He also works to develop joint solutions that add value proposition and help drive sales initiatives – designed to increase visibility and lead generation. Mr. Meyran is a security and SDN industry expert who represents Radware at various industry events and training sessions. His thought leadership and opinion pieces have been widely published in leading IT & security industry magazines and he holds a B.Sc. degree in Electrical Engineering from Ben-Gurion University and a MBA from Tel Aviv University.

Leave a Reply

Your email address will not be published. Required fields are marked *