SmartWall Threat Defense System - NTD1100

Similar documents
SmartWall Threat Defense System - NTD120

Your First Line of Defense AGAINST DDOS ATTACKS. change the rules for inspection performance, security intelligence and

Corero SmartWall TDS Real-time, Automatic and Highly-Scalable DDoS Defense Solutions

Corero SmartWall TDS Real-time, Automatic and Highly-Scalable DDoS Defense Solutions

DDoS Managed Security Services Playbook

Fregata. DDoS Mitigation Solution. Technical Specifications & Datasheet 1G-5G

WHITE PAPER Hybrid Approach to DDoS Mitigation

Corrigendum 3. Tender Number: 10/ dated

McAfee Network Security Platform

McAfee Network Security Platform

Cisco SCE 2020 Service Control Engine

Symantec Network Security 7100 Series

Comprehensive datacenter protection

Ixia Net Optics ilink Agg xstream

MS425 SERIES. 40G fiber aggregation switches designed for large enterprise and campus networks. Datasheet MS425 Series

Ixia xstream TM 10. Aggregation, Filtering, and Load Balancing for 1GbE/10GbE Networks. Aggregation and Filtering DATA SHEET

Cisco Firepower 9300 Security Appliance

X1 X2. traditional security tools, allowing malware to propagate across the infrastructure. SPAN ports on the leaf and spine switches provide

TALK. agalaxy FOR THUNDER TPS REAL-TIME GLOBAL DDOS DEFENSE MANAGEMENT WITH A10 DATA SHEET DDOS DEFENSE MONITORING AND MANAGEMENT

QuickSpecs. Models HP TippingPoint S8010F Next Generation Firewall Appliance

2nd SIG-NOC meeting and DDoS Mitigation Workshop Scrubbing Away DDOS Attacks. 9 th November 2015

Request for Proposal (RFP) for Supply and Implementation of Firewall for Internet Access (RFP Ref )

Data Sheet. DPtech Anti-DDoS Series. Overview. Series

Cisco SFS 7000D InfiniBand Server Switch

Cisco Nexus 9500 Series Switches

FGS-2616X L2+ Managed GbE Fiber Switches

VISION ONE: SECURITY WITHOUT SACRIFICE

AKAMAI CLOUD SECURITY SOLUTIONS

FortiCore. FortiCore 3600E, 3700E and 3800E

Imperva Incapsula Product Overview

IPS-1 Robust and accurate intrusion prevention

EFFECTIVE SERVICE PROVIDER DDOS PROTECTION THAT SAVES DOLLARS AND MAKES SENSE

VirtualWisdom SAN Performance Probe Family Models: ProbeFC8-HD, ProbeFC8-HD48, and ProbeFC16-24

Cisco Traffic Anomaly Detector Module

Corero & GTT DDoS Trends Report Q2 Q3 2017

Gigabit Managed Ethernet Switch

CONNECTRIX MDS-9132T, MDS-9396S AND MDS-9148S SWITCHES

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

A custom excerpt from Frost & Sullivan s Global DDoS Mitigation Market Research Report (NDD2-72) July, 2014 NDD2-74

Data Sheet. OceanStor SNS2624/SNS3664 FC Storage Switches. Product Features HIGHLIGHTS. OceanStor SNS2624/SNS3664 FC Storage Switches

GS-2610G L2+ Managed GbE Switch

THUNDER TPS Next-generation DDoS Protection

PSGS-2610F L2+ Managed GbE PoE Switch

Cisco ACE30 Application Control Engine Module

FortiCore E-Series. SDN Security Appliances. Highlights. Securing Software Defined Networking (SDN) Architectures. Key Features & Benefits

Cisco Meraki MS400 Series Cloud-Managed Aggregation Switches

24-Port: 20 x (100/1000M) SFP + 4 x Combo (10/100/1000T or 100/1000M SFP)

Cisco Nexus 7000 Series.

ngenius 5100 Packet Flow Switch

Datasheet. 8-Port 10G SFP+ Router. Model: ER-8-XG. 80 Gbps Aggregate Throughput. 10G Ethernet SFP+ Ports. Hot-Swappable Modular Power Supplies

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

Cisco Virtual Networking Solution for OpenStack

Thunder TPS. Overview. A10 Networks, Inc.

1 Mojo S-2000 Series Managed PoE Switches

Cisco Nexus 9500 Platform Switches for Cisco Application Centric Infrastructure

New Product: Cisco Catalyst 2950 Series Fast Ethernet Desktop Switches

A10 DDOS PROTECTION CLOUD

Ixia xbalancer. A Purpose-Built Load Balancer for 10G Networks. The Load Balancing Solution DATA SHEET. Highlights

Infoblox Trinzic DDI Appliances. Trinzic Appliances Deliver Actionable Network Intelligence. A Scalable Family of Hardware and Software Appliances

Features. HDX WAN optimization. QoS

Check Point DDoS Protector Introduction

WEB DDOS PROTECTION APPLICATION PROTECTION VIA DNS FORWARDING

Cisco 3300 Series Mobility Services Engine. Open, Appliance-Based Platform for Delivering Mobility Services

VISION ONE: SECURITY WITHOUT SACRIFICE

What s next for your data center? Power Your Evolution with Physical and Virtual ADCs. Jeppe Koefoed Wim Zandee Field sales, Nordics

MediaKind G7 Series. High Performance Intel-based Video Processing

PANORAMA. Key Security Features

Datasheet. Fengine S4800 Series Gigabit Switches P RODUCT O VERVIEW P RODUCT A PPEARANCE. Wuhan FiberHome Networks Co., Ltd.

PoE Connections (in Far Places) Made Simple

IBM Ethernet Switch J08E and IBM Ethernet Switch J16E

Key Benefits Ixia xstreamtm 40 Fail -safe Inline Security NPB Offers Aggregation, Filtering, and Load Balancing for 10GbE/40GbE Networks

snoc Snoc DDoS Protection Fast Secure Cost effective Introduction Snoc 3.0 Global Scrubbing Centers Web Application DNS Protection

Analytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS

S2250/S3250 NETWORK INTERFACE DEVICE

Infoblox Trinzic DDI Appliances. Trinzic Appliances Deliver Actionable Network Intelligence. A Scalable Family of Hardware and Software Appliances

Arista 7060X, 7060X2, 7260X and 7260X3 series: Q&A

Cisco ASA 5500 Series IPS Solution

Protecting DNS Critical Infrastructure Solution Overview. Radware Attack Mitigation System (AMS) - Whitepaper

Cisco IPS AIM and IPS NME for Cisco 1841 and Cisco 2800 and 3800 Series Integrated Services Routers

Imperva Incapsula Website Security

Cisco Mobility Services Engine: An Open, Appliance-Based Platform for Delivering Mobility Services

IDP SERIES INTRUSION DETECTION AND PREVENTION APPLIANCES

H3C S5130S-LI Gigabit Access & 10G Uplink Switch Series

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

Network Service Appliances

An Introduction to DDoS attacks trends and protection Alessandro Bulletti Consulting Engineer, Arbor Networks

F5 DDoS Hybrid Defender : Setup. Version

TALK THUNDER TPS SURGICAL MULTI-VECTOR DDOS PROTECTION WITH A10 DATASHEET DDOS PROTECTION & MITIGATION

haltdos - Web Application Firewall

IBM Proventia Network Anomaly Detection System

4 PWR XL: Catalyst 3524 PWR XL Stackable 10/100 Ethernet

Managed 24-port Gigabit PoE + 2-port 100/1000 SFP Combo Ethernet Switch

McAfee IntruShield Network IPS Sensor Pioneering and Industry-Leading, Next-Generation Network Intrusion Prevention Solution

Seceon s Open Threat Management software

Cisco Nexus 9200 Switch Datasheet

Cubro Packetmaster EX32/32(+)

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

ngenius 5010 Packet Flow Switch

Imperva SecureSphere Appliances

Transcription:

SmartWall Threat Defense System - NTD1100 Key Benefits Robust, real-time security coverage Real-time Layer 3-7 mitigation against volumetric attacks for both IPv4 and IPv6 traffic. Industry- leading density, scalability & performance Protection is provided through configurable access policies with scalability from 100Gbps up to 4Tbps in a single rack. Comprehensive visibility Big data analytics and advanced DDoS visualization capabilities, leveraging Splunk software. Powerful centralized management Centralized operational managemet for configuring, controlling, and monitoring defense appliances. Flexible deployment configurations Multiple appliances can be distributed to key control points in the Provider network or centrally combined in various configurations. Real-Time DDoS Mitigation The Corero SmartWall Network Threat Defense (NTD1100) Appliance provides real-time protection against damaging DDoS attacks. It delivers the industry s highest performance protection up to 100Gbps per 1RU and 4Tbps in a single rack. Disruptions to Internet-facing online services can cripple operations, impact customers and result in major economic losses. SmartWall NTD1100 is an intelligent, always-on platform that inspects traffic, detect threats and blocks attacks against protected network resources, in real-time. It allows service providers, hosting providers and the online enterprise to deploy centralized or distributed threat defense solutions via purpose-built network security appliances that deliver advanced DDoS threat protection. SmartWall NTD1100 provides continuous visibility and security policy enforcement so that organizations can establish a proactive first line of defense for inspecting traffic, detecting threats and blocking attacks. It is capable protecting against layer 3-7 volumetric DDoS attacks while maintaining full service connectivity and availability and without degrading the delivery of legitimate traffic. In addition, service providers and hosting providers can leverage scale-as-you-grow deployments of SmartWall NTD1100 appliances to deliver high-value, premium DDoS Protection as-a-service (DDPaaS) to their customers. This purpose built DDoS mitigation appliance delivers up to 100Gbps performance in a single, 1 RU form-factor. The appliances form the Featured Product 2 x 100Gb Ethernet Interfaces, with 100Gbps performance in a 1 RU form- factor, scaling to 4Tbps of protection in a single rack SmartWall Network Threat Defense 1100 SmartWall NTD1100 1

network layer component of the Corero SmartWall Threat Defense System (TDS), an innovative family of security platforms that deliver unparalleled inspection performance, security intelligence and visibility, while providing an unprecedented level of scalability for protection against Denial of Service threats. Robust & Real-Time Security Coverage SmartWall NTD1100 provides Layer 3-7 protection against volumetric DDoS attacks for both IPv4 and IPv6 traffic. It leverages the Corero award-winning DDoS defense technology to deliver non-disruptive, real-time protection against the constantly evolving threat landscape. This technology provides configurable policies to selectively enable a broad range of specific protection mechanisms to defend critical network assets against suspicious or malicious traffic types while allowing uninterrupted service access to legitimate users and applications. The SmartWall NTD1100 also utilizes the concepts of Flex-Rule and Smart-Rule technology to apply granular closed-loop detecting and blocking filters to very specific attacks with ease. These rules leverage heuristic and closed-loop policy, allowing for rapid creation and deployment, thereby providing customers with the ability to respond rapidly to the evolving nature of sophisticated DDoS attacks. Industry Scalability and Performance SmartWall NTD1100 offers new levels of scalability and performance through dynamic threat-level tracking of Internet based IP addresses and their associated flows. Protection is provided through configurable acceptable access policies supporting packet and connection rate-limiting, server and service connection limits, protocol checks, as well as blacklist and whitelist enforcement. These high-performance platforms are designed to maintain line-rate throughput, even while under attack. The modular architecture of SmartWall enables cost-effective scaling in increments from 10Gbps to 100Gbps, as bandwidth and inspection requirements increase. These high-performance appliances can deliver as much as 100Gbps unidirectional throughput in a single rack-unit space. Turn-key Visibility into DDoS Attacks Leveraging Splunk software for big data analytics and advanced visualization capabilities, Corero has transformed sophisticated security event data into dashboards of actionable security intelligence, accessible via Corero SecureWatch Analytics. Real-time security engineered dashboards accessible via the Corero SecureWatch Portal, or via Splunk Apps https://splunkbase.splunk.com/app/1835/ provide comprehensive security visibility into an organization s network activity, for rapid response in combating DDoS threats. Additionally, this robust reporting and analytics feature supports archived security event data to enable forensic analysis of past threats and compliance reporting of security activity. Powerful Centralized Management Each unit has a dedicated management port and is assigned a unique IP address. Centralized operational management of multiple appliances minimizes IT overhead, speeds deployments and streamlines provisioning. Corero offers multiple management options for configuring, controlling, and monitoring the appliances including a flexible Browser-based GUI, a full SSH CLI and powerful REST API that supports open integration with existing management frameworks. SmartWall NTD1100 2

Centralized management of the SmartWall NTD1100 is performed via secure connection to the Corero Central Management Server (CMS). The CMS includes a dashboard for monitoring threat activity and viewing key security events. The CMS is delivered as a physical appliance, or virtual appliance to run on customer-provided hardware. SmartWall NTD1100 appliance provides seamless integration with Security Information and Event Management (SIEM) and Operational Intelligence solutions, such as Splunk. Flexible Deployment Configurations A single appliance can be deployed in a standalone configuration to provide up to 100Gbps unidirectional performance. Multiple SmartWall NTD1100 appliances can be deployed at key control points in the network or centrally combined in various high throughput configurations. Modular design enables rapid, flexible and expandable deployments, and lowers risk, by limiting your investments to match your current requirements while allowing you to add capacity as your needs grow. Redundant or hot-standby SmartWall NTD1100 appliances can be deployed in high-availability configurations to provide backup. Multiple appliances can also be deployed in dynamic load-balanced configurations to accommodate peak period demands. SmartWall NTD1100 appliances support both symmetric and asymmetric traffic inspection, enabling flexible network deployment options. SmartWall Network Threat Defense Deployment Examples ISP2 ISP3 ISP1 ISP 4 Figure 1: In-line Deployment The In-line, always-on SmartWall NTD deployment mitigates DDoS attacks in real-time, within seconds vs minutes, while allowing good user traffic to flow uninterrupted. Protected Customers & Infrastructure Assets SmartWall NTD1100 3

ISP2 ISP3 ISP1 ISP 4 Network Off-Ramp Network On-Ramp Figure 2: Scrubbing Deployment The SmartWall NTD Scrubbing deployment can take advantage of third-party monitoring and detection or route management to steer selected traffic to centralized or distributed SmartWall systems for precise mitigation of DDoS attack traffic. Protected Customers & Infrastructure Assets The SmartWall Network Threat Defense Appliance can be deployed to protect both infrastructure and cloud resources. SECURITY COVERAGE Category of Attack Type Volumetric DDoS Reflective DDoS Resource Exhaustion Other Attack Coverage TCP Flood Attacks UDP Flood Attacks UDP Fragmentation Attacks ICMP Floods NTP Monlist Response Amplification SSDP/UPnP Responses SNMP Inbound Responses Chargen Responses Smurf Attack Fraggle Attack DNS DNS Amplification Malformed and Truncated Packets (e.g. UDP Bombs) IP Fragmentation/Segmentation AETs Invalid TCP Segment IDs Bad checksums and illegal flags in TCP/UDP frames Invalid TCP/UDP port numbers Use of reserved IP addresses Command and Control Operations NTP Monlist Requests Customized Protection with Blacklisting of IP Addresses Port address range filters (provides protection for generic TCP/UDP port based attacks) Rate Limiting Policies Flex-Rule Programmable filters based on the Berkley Packet Format (BPF) syntax. These can be programmed to address a variety of attack categories volumetric, reflective through to attacks leveraging specific payloads (Teamspeak, RIPv1, netbios). Smart-Rule Heuristics based engine leverages heuristics and behavioral analysis to track and rate limit L2-L4 attacks and zero-day network DDoS attacks. SmartWall NTD1100 4

TECHNICAL SPECIFICATIONS Order Part Number SmartWall NTD1100 Network Interfaces Network Interfaces Management Port Console Port 2 x 100GE (QSFP28) 1 x RJ45 (10/100/1000) Ethernet 1 x RJ45 Serial Performance Maximum Throughput (Gigabits per second) Maximum Throughput (Packets Per Second) Jumbo Frames Typical Latency 1 Inspected Latency 1 Maximum SYN Flood Protection Rate (packets/second) Attack Mitigation Reaction Time (typical) 100 Gbps 90 Million Yes (9,216 bytes) < 0.5 Microsecond < 60 Microseconds 90 Million < 3 second Management Options Interfaces Monitoring Reporting and third-party integration User Authentication Centralized Management from Physical or Virtual (VMware/KVM) appliance Web GUI, Command Line, Programmatic API (REST) SNMP v2/v3* Standard MIB GETs, SYSLOG Syslog for traffic and Security events / REST API for SIEM integration. Analysis application for Splunk integration. Role-Based Access Control (Active Directory, RADIUS and LDAP) Physical/Environmental Size Weight 1-RU / 44mm (H) x 438 mm (W) x 630 mm (D) 18 Kgs (39.7 lbs.) Operating Temperature 0 C to 40 C (32 F to 104 F) Storage Temperature -20 C to 70 C (-4 F to 158 F) Humidity MTBF Rating Operating Altitude 5% to 95% Non-Condensing >100,000 Hours (25 deg. C Ambient) 0-10,000 Feet Power & Cooling Power Feeds AC Input DC Input Maximum Power Consumption Cooling Dual Redundant, Hot-Swappable, AC or DC 90 to 264 VAC Auto-Ranging, 47-63Hz 43 to 53 VDC 650W 4 x Independent, Hot-Swappable, Fan trays, with smart control Compliance & Approvals CE Class-A, FCC Class A, RoHS 1 Typical latency values measured for packet sizes up to 1518 bytes SmartWall NTD1100 5

About Corero Network Security Corero Network Security is the leader in real-time, high-performance DDoS defense solutions. Service providers, hosting providers and online enterprises rely on Corero s award winning technology to eliminate the DDoS threat to their environment through automatic attack detection and mitigation, coupled with complete network visibility, analytics and reporting. This, industry leading technology provides cost effective, scalable protection capabilities against DDoS attacks in the most complex environments while enabling a more cost effective economic model than previously available. For more information, visit www.corero.com. Corero Headquarters 225 Cedar Hill Street, Suite 337 Marlboro, MA 01752 Tel: +1 978 212 1500 Web: www.corero.com EMEA Headquarters Regus House, Highbridge, Oxford Road Uxbridge, England UB8 1HR, UK Tel: +44 (0) 1895 876579 Version: 1-Feb-2017 Copyright 2017 Corero Network Security, Inc. All rights reserved. 867-5309-006 SmartWall NTD1100 6

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback