SERVICE PROVIDER DDoS PLAYBOOK

Transcription

1 A BUSINESS WHITEPAPER FROM NSFOCUS SERVICE PROVIDER DDoS PLAYBOOK BUILDING A CASE FOR MANAGED DDOS SERVICES

2 EXECUTIVE SUMMARY The intent of this paper is to enlighten the reader, define the impact, prescribe a proven remedy, and rationalize the commercial opportunity at hand. Service providers of all types and sizes can financially benefit from solving the DDoS problem for themselves and their customers. There is no doubt that DDoS attack activity is at an all-time high as attacks continue to plague the Internet; causing outages and impacting organizations on a scale never seen before. Regardless of the intent, the likelihood of larger and more frequent DDoS attacks is forcing service providers to plan for the inevitable. Many don t realize there is a clear delineation on what s being targeted during an attack, and what collateral damage is produced as the result of an attack. Still, others are not aware of how attacks can best be defeated, nor are they knowledgeable of the required technologies and services that are proven to be most affordable, and effective. There is a tremendous opportunity for service providers who are already in the absolute best position to defeat DDoS attacks, protect their customers, and significantly profit from this activity. Delivering Managed DDoS Services can be very profitable due to the intensification of DDoS attacks, and the rising demand for protection. TABLE OF CONTENTS Introduction 2 DDoS Attacks Impacting Service Providers 2 DDoS Attacks Against Your Customers 4 DDoS Attacks Against Your Infrastructure 4 Defeat DDoS Attacks Against Your Customers Solution Requirements 4 Defeat DDoS Attacks Against Your Infrastructure Solution Requirements 6 Building a Case for Managed DDoS Services 6 The DDoS Solution Providers Need To Offer Managed DDoS Services 7 Recommendations for Managed DDoS Services 8 Conclusion 9 About NSFOCUS 10 1 NSFOCUS WHITEPAPER

3 INTRODUCTION Today, Internet service providers recognize the fact that bandwidth has become commoditized. Connectivity prices are at an all-time low, while competition is at an all-time high. In addition, hosting providers understand that differentiation plays a key role in their long-term sustainability, as new entrants continue to erode their revenue streams. Both are interested in understanding how additional service offerings can help generate new revenue, retain customers, create competitive differentiation, and provide sustainable growth for their businesses. In the past, both types of providers (Internet service providers and hosting providers) have attempted to expand their service offerings. Some have been mildly successful, while others have been a complete failure. The challenge providers face is to create new, profitable service offerings that customers will buy. Just because a provider creates a new service offering, does not mean it will become highly sought after by customers, or generate substantial profits for the business. The question then becomes, What services do customers want, what are they willing to pay for, and what services will be profitable for the provider? The answer to these questions are simple. Create service offerings that your customers need. Everyone knows the Internet is plagued with more-and-more DDoS traffic, and the motivations for DDoS attacks continues to expand. As a result, organizations spend an exorbitant amount of money every day trying to do two things keep their operations running, and keep their names out of the news. Is there an opportunity for providers to help? The most basic service offering all providers deliver is physical connectivity. Organizations buy Internet bandwidth from some providers and may purchase hosting or cloud services from others. But at the end of the day, what customers are really paying for is connectivity to the Internet. Taking connectivity out of the picture would obviously effect every other potential service offering. Therefore, protecting connectivity first, is critical to delivering any other security-based offering. Internet connectivity can be affected by a host of different influences. Cable cuts, power outages, software bugs, and equipment failures obviously can cause outages. However, cyber-attackers (hackers) can also cause outages in the form of DDoS attacks. Hackers can launch many different types of attacks from many different sources. In the past, botnets were primarily comprised of computers and servers. Today, IoT-based botnets represent a tremendous threat to the service providers basic connectivity offerings and the problem continues to get worse. Global financial instability, worldwide refugee migrations, largescale social unrest and protest, in addition to the rise and fall of government power and control will be the catalysts that increases DDoS activity beyond all expectations. Every one of these global challenges will do nothing more than intensify Internet outages and accelerate cybercrime on a scale never seen before. Simply put, the days of the DDoS attacks being an everyday nuisance for service providers are over. Nearly every provider (ISP, hosting, gaming, cloud, etc.) has been impacted by DDoS attacks in recent months. Some attacks have targeted the provider s commercial customers, while other attacks have targeted the provider s infrastructure itself. Those who offer residential services have openly shared the fact that they have experienced DDoS attacks against their own residential infrastructures; impacting large numbers of customers in turn. In some cases, using black holes (null routes) was simply not an option; due to many residential customers being NAT d behind a single IP address under attack. There is a tremendous need to help solve the risk and threat of outages caused by DDoS attacks, and this is precisely where providers can step in with new service offerings. Studies indicate that significant number of organizations would like to see their provider offer DDoS defenses as a service. In addition, those same studies indicate customers would be willing to pay a modest upcharge for DDoS defenses delivered by their provider. Not only can providers protect their commercial and residential customers from DDoS attacks, there is also a need to protect the provider s infrastructure as well. DDoS ATTACKS IMPACTING SERVICE PROVIDERS Most providers face two different types of DDoS attacks; those that target their customers and those that target their infrastructures. Providers frequently group both types of attacks into one category, and often attempt to defeat them in the same manner. However, there is a clear delineation on what the various types of DDoS attacks impact. Simply put, these attacks are either impacting commercial and residential customers, or they are impacting the provider s infrastructure itself. Both can be defeated, but what is the best way? There are vast numbers of DDoS-related research reports available to the public today. These reports are all beginning to reflect the same statistics concerning the size, frequency, and duration of DDoS attacks. For example, according to a recent NSFOCUS report, half of the DDoS attacks observed today are less than 10Gbps in size. A considerable portion of these attacks are between 1-5Gbps, and can easily be defeated by the provider themselves. NSFOCUS WHITEPAPER 2

4 Another interesting statistic found in nearly every research report demonstrates that a large portion of all DDoS attacks last less than 30 minutes in duration; making them unsuitable to be defeated upstream in most cases. In other words, by the time an upstream provider begins to block or mitigate the attack for the downstream provider, the attack is already over, or soon to be. Providers today must understand that a significant number of DDoS attacks they observe can easily be defeated by the provider themselves, if they have the proper defenses in place. The graphs below came from a recent NSFOCUS Quarterly DDoS Report. Readers should note: 60% 56.04% 50% 49.90% 40% 30% 27.0% 32.0% 24.2% 28.9% 28.3% 20% 10% 15.60% 11.5% 9.9% 7.2% 0% 2.6% 2.7% 2.8% 0.8% 0.1% 0.2% 0.1% 0.0% 0.1% 0.1% 5 10G 10 20G 20 50G G G G 300G+ Q1 Q2 Q3 Approximately half of all DDoS attacks observed are less than 10Gbps in size and can easily be defeated by the provider, when they have proper defenses deployed. 60% 52.5% 56.6% 50% 45.6% 40% 30% 20% 10% 4.9% 4.2% 4.5% 9.1% 9.7% 8.1% 6.8% 6.1% 5.6% 8.4% 6.1% 6.0% 11.7% 12.0% 10.6% 13.5% 9.6% 8.5% 0% 0 30 min min 1 3 hrs 3 6 hrs 6 12 hrs hrs 24 hrs+ Q1 Q2 Q3 Approximately half of all DDoS attacks observed last less than 30 minutes in duration, making them unsuitable to be defeated by an upstream or cloud DDoS provider. 3 NSFOCUS WHITEPAPER

5 DDoS ATTACKS AGAINST YOUR CUSTOMERS As demonstrated by the graphs above, half of all DDoS attacks are under 10Gbps, and half last less than 30 minutes. These statistics are a clear indication that a significant portion of DDoS attacks are targeting customers directly, and can easily be defeated by the provider themselves. So, why do hackers launch smaller attacks that are short in duration and tend to be repetitive in nature? The answer to that is simple. DDoS attacks targeting a provider s commercial customers are primarily designed to erode their other cyber defenses. Firewalls, IPS, IDS, Sandboxes, Load Balancers, WAFs, etc. are all impacted by DDoS attacks. Their effectiveness can easily be reduced by a marginally-sized DDoS attack even if the attack does not consume all available bandwidth. Many of these defenses are stateful, their performance is impacted by large amounts of fragments, and when flooded, they often crash, reboot, or divert to layer-2 fallback. In nearly every case, these defenses fail to protect Internet availability overall, and end up taking customers offline as a result. DDoS attacks targeting a provider s residential customers are no different. Often a hacker will attack a single IP address they believe is the IP address of their residential target. However, more times than not, the targeted IP address has many residential customers behind it, due to the usage of NAT. In this case, the provider must find ways of mitigating the attack without affecting other residential customers. The usage of black holes is a poor option; since the provider recognizes the fact that large numbers of customers will be impacted. Defeating these attacks in the provider s networks is the most effective approach to solving this problem. DDoS ATTACKS AGAINST YOUR INFRASTRUCTURE Understanding that a significant number of DDoS attacks are smaller than the provider s bandwidth capacity and are often short in duration; what about the other DDoS attacks that are not? If half of all DDoS attacks are under 10Gbps, that means that half are over 10Gbps. Also, if half last less than 30 minutes, than half last longer than 30 minutes. Regardless of the intended victim of the attack, those that exceed 10Gbps and last longer than 30 minutes are attacks that can possibly impact a provider s overall infrastructure, through added latency and reduced network performance. Attacks against a provider s infrastructure are often the result of a customer coming under a massive attack. In this case, regardless of what s being attacked, the outcome is collateral damage to the provider s infrastructure. These attacks always exceed 10Gbps and many are longer in duration. In this case, the best location to defeat larger and longer DDoS attacks is by diverting portions of the incoming traffic to a cloud anti-ddos provider for upstream mitigation. Black hole techniques do not have to be the only course of action; since using these techniques guarantees outages will be encountered. DEFEAT DDoS ATTACKS AGAINST YOUR CUSTOMERS SOLUTION REQUIREMENTS Today, most providers understand that in order to defeat a DDoS attack, one must detect a DDoS attack first. Time-andtime again providers have experienced DDoS attacks; however, without the proper detection technology in place, they had no idea attacks were progressing. Often, the first indication of a DDoS attack is a call from an unhappy customer who is either offline, or their network, applications, and other defenses are being impacted. DDoS defense always begins with detection first. The most economical and effective approach to detect DDoS traffic is to monitor flow data coming from border, core, and even edge routers. Once a DDoS attack is detected by the provider, the most economical and effective way to protect customers is to redirect both good and bad traffic for the IP address under attack to out-of-path mitigation technology. This technology is located within the providers network itself. Once mitigation of the DDoS traffic is performed, good traffic is reinjected back into the network for the entity under attack. This ensures that attack traffic is blocked and good traffic continues to flow, without the use of black holes. Once DDoS detection and mitigation have been addressed, a centralized management system is needed to control the overall solution. This system must allow service providers to implement multi-tenant configurations that control customer policies and rulesets, while providing real-time alerting, reporting, and analytics to the service provider. The NSFOCUS onpremises solution is highlighted below. NSFOCUS WHITEPAPER 4

6 ATTACK MITIGATION MANAGEMENT REPORTING ADS ON-PREMISES DDoS DEFENSES ADS-M Customer Portal (CP) This picture show the three components needed to defeat DDoS attacks in any size network. The term On-Premises DDoS Defenses refers to the fact that these technologies are deployed within the provider s network. TRAFFIC FLOW MONITORING The NSFOCUS solution is made up of three components: NTA ADS ADS-M + CP. NTA DESCRIPTION OF NSFOCUS ON-PREMISES COMPONENTS: Network Traffic Analyzer (NTA) detects DDoS attacks by monitoring traffic flow data Anti-DDoS System (ADS) eliminates DDoS attacks within traffic streams Anti-DDoS System Manager (ADS-M) provides management, analytics, and reporting Customer Portal (CP) provides customer access, views, statistics, and reporting The following is a list of requirements to help providers select the best DDoS defenses to deploy within their own networks. The best option is to select a vendor who: Delivers a wholly owned single-vendor solution On-premises defenses, cloud defenses, and hybrid-cloud solutions designed specifically for a service provider s needs Offers an all-in-one solution that s designed for multi-tenant, anti-ddos offerings Detection, mitigation, and reporting solutions that are completely integrated with single-pane-of-glass management, designed to deliver DDoS services Allows versatility of deployment options with growth in mind Options for detection only, detection with mitigation and reporting, and detection with integrated cloud DDoS defenses Supplies automated and reliable DDoS detection and mitigation Out-of-the-box defenses that can be fully automated, permitting little human intervention further reducing operating costs Has a very low false positive rate and extremely high performance Proven defenses, enhanced algorithms, and behavioral analysis in both virtual and high-performance hardware form factors Has offerings that are easy to integrate and cohabitate with any other solution Technology that can completely interoperate with other vendor s cloud anti-ddos solutions and services Builds network agnostic technology that is easy to deploy in any network Solutions that completely interoperate with all router and switch vendors products, allowing the technology to be easily implemented Provides an API that is included with the solution Technology that supports API-driven external integrations, configurations, controls, and support 5 NSFOCUS WHITEPAPER

7 DEFEAT DDoS ATTACKS AGAINST YOUR INFRASTRUCTURE SOLUTION REQUIREMENTS A significant percentage of DDoS attacks can be defeated by the provider themselves. However, there are cases where DDoS attacks cannot be completely defeated by on-premises defenses deployed within the provider s network. In this case, the attacks may be sizable enough to consume all available Internet capacity, or cause significant collateral damage to the provider s infrastructure. These attacks must be defeated upstream. The traditional approach to defeat large-scale, infrastructure-impacting DDoS attacks has been to notify an up-stream provider (often by a phone call) and implement black holes to block these attacks. However, this approach often does more damage than good, since it guarantees the target is impacted by dropping vast amount of good traffic. Is there a better way? Infrastructure-impacting DDoS attacks are best defeated by cloud anti-ddos vendors who offer mitigation of DDoS attacks via their cloud scrubbing centers. These cloud vendors do not rely on black holes. Instead, they have deployed cleansing technology in their cloud that is quick, reliable, proven, and effective. NSFOCUS has built and operates their own Terabit+ cloud with five scrubbing centers that span the globe. NSFOCUS also has cloud offerings specifically designed for service providers of all sizes. The following is a list of requirements to help providers select the best cloud-based, anti-ddos provider. The best option is to select a vendor who provides: Terabit+ DDoS mitigation capacity with plans for growth across the globe Multi-vector DDoS attack mitigation that s fast and reliable, with easy BGP integration Flexible connectivity for clean traffic reinjection (direct, partner connect, and GRE) A cloud portal designed for providers, allowing them to control cloud defense policies Comprehensive reporting and analytics within the cloud portal itself An integrated cloud and on-premises solution that delivers the fastest time to mitigation Always-on, on demand, and flat-rate pricing for any attack size, duration, and frequency BUILDING A CASE FOR MANAGED DDoS SERVICES Acknowledging that fact that there are two types of DDoS attacks (ones that impact a provider s customers and ones that impact a provider s infrastructure) is imperative. It allows a provider to better understand where and how to defeat the attacks they experience. There is no doubt that a sizeable DDoS attack against a customer, can indeed impact a provider s infrastructure. However, most customer-targeted DDoS attacks can be defeated with defenses deployed in the provider s network. In addition, the best place to defeat large-scale, infrastructure-impacting attacks is in the cloud. What s also been demonstrated, is the type of technology and services providers need to purchase to defeat all DDoS attacks. Not only can providers protect customers and infrastructure, an additional benefit is also gained. Many providers offer DNS, , web filtering, anti-malware, streaming media, etc. These additional, and potentially revenue generating services, can also be protected by that same strategy. Understanding there is a way to solve the DDoS problem is essential. However, is there a way to eliminate the expenses associated with DDoS attacks? Providers of all sizes agree that solving the DDoS problem can be an expensive undertaking for them. However, they also understand that not solving the problem can be costly as well. Many providers believe they will recognize little-or-no return on their investment for the capital outlay and operational expense DDoS causes, and they are looking for a way to offset that expense. All providers must fully understand they are not normally the target of DDoS attacks. In most cases their customers are the target. If providers can defeat all DDoS attacks targeting their customers, they should be able to recognize a return on their investment for doing so. Not only can providers recognize new revenue streams by defeating DDoS attacks, they can also insure attacks do not impact their own infrastructures and their services as a side benefit. Another interesting aspect of solving the DDoS problem, especially concerning commercial bandwidth and hosted customers, is that many are being forced to purchase cloud-based anti-ddos services from a third party. The reason for this is simple. Customers are experiencing DDoS attacks against their businesses, yet their service providers and hosting providers are not offering solutions to defeat DDoS attacks. In this case, the potential revenue opportunity for providers is going to someone else; since their commercial customers have no other options. NSFOCUS WHITEPAPER 6

8 Providers who offer Managed DDoS Services can recover the lost revenue opportunity mentioned above, by offering their own services. In addition, providers that offer Managed DDoS Services will: Have a higher customer retention rate Differentiate themselves from their competition Attract new commercial customers Regain lost revenue going to cloud anti-ddos providers Offset their DDoS-related operational costs Create a new service model that can be expanded to other cybersecurity offerings Generate new and reoccurring revenue Solve the DDoS problem for themselves and their customers THE DDoS SOLUTION PROVIDERS NEED TO OFFER MANAGED DDOS SERVICES Nearly all industry experts recognize the fact that defeating the broad spectrum of DDoS attacks requires more than just cloud DDoS defenses, and more than just on-premises defenses. It requires both. From volumetric DDoS attacks to lowand-slow DDoS attacks, the best approach to defeat all DDoS attacks requires a combination of on-premises defenses and cloud defenses called Hybrid DDoS Defenses. This approach defeats all DDoS attacks regardless of their size, duration, or frequency. See Diagram 1. Defeats Attacks Against Your Customers INTERNET Malicious Traffic Legitimate Traffic Legitimate Traffic Malicious Traffic On-Premises DDoS Defenses Automated Cloud Defense Signaling Legitimate Traffic SECURITY BORDER Legitimate Traffic Cloud DDoS Defenses Defeats Attacks Against Your Infrastructure PROTECTED INFRASTRUCTURE Diagram 1 Hybrid DDoS Defenses When Hybrid DDoS Defenses are implemented, the on-premises defenses deployed in the provider s network are completely capable of defeating attacks against customers up to the point of the provider s Internet capacity. This is the only limitation to defeating all DDoS attacks, on-premises. If the provider s capacity is nearly consumed by a massive attack, then cloud defenses must be engaged to defeat attacks against infrastructure. The industry calls this concept traffic diversion. Providers will divert incoming malicious and legitimate traffic to the cloud for scrubbing when attacks begin to impact infrastructure. Once scrubbed, all legitimate traffic is forward back to the provider with extremely small amounts of added latency. The speed of notifying the cloud, and diverting traffic to defend the provider s infrastructure is critical to the provider, and the customer. Delays in notification or diversion will cause outages to occur. In the past, providers notified their upstream provider by a phone or , asked them to initiate black holes, and guaranteed good traffic would be blocked. Often this took hours to implement and as a result, both customers and infrastructure was often impacted. 7 NSFOCUS WHITEPAPER

9 Today, this antiquated approach is not sufficient. Diversion of traffic to the cloud for mitigation should take seconds not hours. With NSFOCUS Hybrid DDoS Defenses, notifying the cloud to divert traffic for DDoS filtering and removal, is done via Automated Cloud Defense Signaling. This notification (signaling) is performed by the on-premises defenses. In addition to defeating attacks against customers, the other role of the on-premises defenses is to be the eyes and ears for the cloud-based service provider in this case NSFOCUS. When the cloud is notified of the need to divert traffic, both legitimate and malicious traffic will be diverted for the targeted subnet under attack. The diversion of traffic to the NSFOCUS cloud happens in less than 60 seconds. RECOMMENDATIONS FOR MANAGED DDoS SERVICES Many providers view DDoS attacks as a costly expenditure. Not only are providers required to defend their own infrastructures from massive attacks, but also DDoS attacks threaten the primary service providers deliver, which is Internet connectivity. However, there has been a shift in thinking recently whereby providers are beginning to understand that DDoS attacks can be a business enabler. Transferring the costs associated with DDoS attacks to their customers is beginning to make a great deal of sense to providers all over the globe. As mentioned previously, studies indicate that organizations today would like to see their provider offer DDoS defenses as part of their service offerings. In addition, those same studies indicate that nearly fifty percent of organizations would be willing to purchase Managed DDoS Services for a nominal fee added to their monthly bandwidth premiums. Simply put, service providers are in the perfect place to protect customers, while protecting their infrastructures and services and profiting from it. NSFOCUS can prove that offering Managed DDoS Services can be revenue-generating. The recommendation for any provider who desires to offer Managed DDoS Services, must recognize that a combination of integrated defenses is required. NSFOCUS cloud and on-premises defenses work in concert, are completely aware of each other, and are in constant communication. In addition, having both defenses in place reduces the need to engage the cloud for sub-saturation attacks against customers. In other words, if the attacks are smaller in size they can easily be defeated by the on-premises defenses, regardless of their duration or frequency. Another reason for both defenses is all about protecting the provider s SLAs. If a commercial customer desired to purchase Managed DDoS Services from a provider, they would require that every DDoS attack incurred must be defeated; with little or no impact to the customer, as well as the provider s infrastructure, per the SLA. It s not an either-or equation both defenses are required to ensure DDoS Defense SLAs are met in nearly every case. Tier 1 service providers with vast infrastructures and massive amounts of peering bandwidth can obviously defeat largescale attacks in their cloud by deploying DDoS defenses within their own infrastructures. They often operate like a cloud DDoS provider themselves. Today, smaller service providers (Tier 2, 3) and hosting providers can easily do the same. NSFOCUS has many providers who are customers, that offer Managed DDoS Services quite successfully. Not only can smaller providers deploy their own DDoS defenses on-premises to be offered as a service to their customers, they can also partner with someone who already offers cloud DDoS defenses, for example NSFOCUS. If smaller providers feel they are not ready to deploy on-premises defenses, they can easily resell services they obtain from NSFOCUS. Since NSFOCUS offers always-on, on-demand, and flat-rate pricing for their cloud, the possibilities are endless for even the smallest providers. Although the potential service margins may be smaller when providers resell someone else s service, there s no reason they can t private label the service, or even add additional value by acting as a trusted intermediary between the cloud DDoS provider and the end-customer. Service providers already have a usage and billing infrastructure in place, and are closer to the customer than the cloud DDoS provider. The possibility of offering a one-stop-shop for cloud DDoS defense is a reality for smaller providers, even without owning their own on-premises DDoS defenses. NSFOCUS WHITEPAPER 8

10 CONCLUSION Most would agree, network connectivity has become a commodity. Business internet access once priced at $500 per month for 1.5 Mbps is now available for half of the cost at almost 70x the capacity. While this is great for consumers, pure play service providers often struggle to maintain profitability and grow revenue in the face of increased competition. In addition, as the prices for hosting services continue to decrease, while new competitors continue to erode hosting providers market share, the need to generate long-term revenue streams is critical for both types of providers. As a result, many providers have turned to managed services as a means of increasing revenue, improving margins, building customer loyalty, and creating competitive differentiation. Managed DDoS Services can become a profit-center for service providers who are considering managed offerings. This will serve to complement their bandwidth offerings and can also help lay a foundation for other offerings like managed WAF and next-generation IPS. As the industry has observed, managed security service providers (MSSP) have experienced tremendous growth fueled by both the complexity of modern cyber-attacks, and the increased acceptance of cloud delivered services by organizations of all sizes. In working with these managed security services partners, some key success factors have emerged that enable them to profitably deliver protection services. These success factors can also be utilized by today s service providers and hosting providers as well. Choose an accurate and reliable DDoS solution. There are many anti-ddos solutions available, but their effectiveness, cost, and operational-demands vary dramatically. Select fast, accurate, and automated solutions that are designed to reduce operational costs, while defeating all DDoS attacks. Deploy multi-tenant capable solutions. Anti-DDoS solutions should be designed with multi-tenancy in mind. Select solutions that support customizable policies and reporting on a per-customer basis. Further, the solution should offer a personalized web GUI so that customers can access network status and reporting themselves; without having to involve the service provider s operations staff. Incur expenses only in the presence of revenue. All providers are beginning to understand they must develop an anti- DDoS strategy, deploy a solution, or suffer the consequences. DDoS attacks are not going away anytime soon. However, DDoS does not have to be an unrecoverable expense for service providers. They can use the problem to their advantage and generate revenue by protecting their customers, while protecting their infrastructure. The hybrid approach is the best approach. Industry analysts agree that combining both cloud and on-premises DDoS defenses offers the most comprehensive and economical strategy. Providers who do not implement a hybrid approach cannot effectively protect their customers and infrastructure. Select a vendor who provides both cloud and on-premises, integrated DDoS defenses. 9 NSFOCUS WHITEPAPER

11 ABOUT NSFOCUS NSFOCUS is a global service provider and enterprise DDoS mitigation solution provider, with a proven track record of protecting some of the largest Fortune 500 companies, including the world s largest mobile provider, and four of the five largest global financial institutions. NSFOCUS provides a Complete Service Provider DDoS Mitigation Solution that protects both customers and infrastructure; while enabling providers to deliver Managed DDoS Services with a multi-tenant Platform that produces the lowest operating costs in the industry. The solution combines cloud and on-premises DDoS defenses with world-class global threat intelligence, working in unison to automatically defeat every size, duration, and frequency of DDoS attacks. The solution enables service providers to deliver new revenue-generating services and offset the cost of DDoS mitigation. NSFOCUS Security Labs is a renowned threat research organization that tracks and analyzes global threat intelligence; while identifying network and application threats, campaigns, vulnerabilities, exploits, and security trends. NSFOCUS solutions consume this threat intelligence putting intel into action. NSFOCUS WHITEPAPER 10

12 NSFOCUSGLOBAL.COM 3979 Freedom Circle, Suite 900 Santa Clara, CA MANAGED DDoS SERVICES WP040117