Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


11:51 AM
Dark Reading
Dark Reading
Products and Releases

Arbor Rolls Out New Version Of DDoS Protection

Pravail Availability Protection System includes enhanced protections for critical services such as SSL and content delivery networks

Click here for more articles.

CHELMSFORD, MA, February 28, 2012 – Arbor Networks, Inc., a leading provider of security and network management solutions for enterprise data centers and carrier networks, today introduced a new version of its Pravail Availability Protection System (APS) which protects enterprise networks from availability threats — specifically, application-layer distributed denial of service (DDoS) attacks. In addition to enhanced visibility, control and reporting, Pravail APS v.2.5 includes enhanced protections for critical services such as SSL and content delivery networks.

According to a recent report from Infonetics Research titled, DDoS Prevention Appliance Market Outlook, Arbor Networks was cited as “the dominant leader for DDoS prevention” overall as well as in the Carrier Transport and Wired Broadband, Enterprise Data Center and Mobile market segment.

Arbor Networks understands that enterprise networks are exposed to a growing variety of DDoS attacks ranging from flood attacks to smaller, more difficult to detect application-layer attacks that target email, web services, e-commerce and Voice over IP (VoIP). Attacks are becoming more sophisticated yet easier to perpetrate. As a result, enterprise network operators around the world are experiencing outages due to DDoS more frequently and with more severe consequences to their businesses than ever before.

“In the Pravail APS, Arbor’s taken our carrier-class DDoS attack identification and mitigation technology and put it in a purpose-built solution for the enterprise data center. In today’s complex threat landscape, application-layer attacks must be dealt with at the network perimeter, before they overwhelm existing security devices like Firewalls and IPS and certainly before they impact critical services like SSL,” said Arbor Networks President Colin Doherty.

Global Threat Intelligence and Automatic Updates

Anonymized traffic data from 100+ customer networks plus a global honeypot sensor network form the core of Arbor Networks ATLAS Internet monitoring system, which powers all Arbor Networks solutions including Pravail APS. ATLAS data enables Arbor Security Engineering & Response Team (ASERT) to develop a globally-scoped view of malicious traffic traversing the backbone networks that form the Internet's core. When a new botnet or application-layer attack is detected, an attack signature is created, distributed via the ATLAS Intelligence Feed (AIF) and installed in Arbor’s Pravail APS product.

The AIF enables enterprise IT teams to leverage the global threat intelligence of the ATLAS data set together with the daily threat analysis of Arbor’s researchers, saving significant time by eliminating the need to manually update the latest attack detection signatures. Most importantly, this integrated, automated threat intelligence enables customers to quickly stop DDoS attacks before they impact critical business services.

SSL Protocol Attack Protection

Today, Secure Sockets Layer (SSL) provides the necessary security and encryption for enterprises and their customers to safeguard sensitive transactions and email over the Internet. As enterprises increasingly rely on SSL for their mission critical communications it becomes a more significant target for DDoS attacks. To ensure the availability of SSL-powered services, Arbor’s Pravail APS now delivers DDoS protections for SSL regardless of the application – HTTPS, POP3S, SMTPS, etc. Pravail APS blocks SSL DDoS attacks with ASERT-designed protections that guard against malformed traffic, attempts to continually renegotiate connections and other advanced attacks that aim to disrupt service availability.

CDN and Proxy Support

Traditionally, enterprises that employ CDNs and proxies have had limited options for availability protection because many DDoS mitigation solutions overly rely upon blacklisting of the attackers’ IP addresses. Because CDNs and proxies hide the IP address of clients, unsophisticated solutions would block all connections from the CDN or proxy – both legitimate traffic and attacking hosts – when a DDoS attack was identified. This mitigation approach essentially completes the attack for the attackers.

Pravail APS now supports CDNs and proxies to work within all enterprise environments without forcing a network re-design to accommodate availability protection. Arbor Networks relies on both global visibility and advanced security research to continually update its security content. The advanced anti-DDoS protections designed by ASERT enable Pravail APS to deliver effective availability protection with and without blacklists. Enterprises that rely on CDNs and proxies no longer have to sacrifice business needs for proven security.

Enhanced Visibility, Control and Reporting

Confidence in DDoS protection comes from viewing blocked attacks and service availability. Pravail APS v2.5 provides the user with confidence to deploy in-line by providing details on what specific hosts were blocked and why. The interface and reporting validates that valid traffic isn’t blocked and easily whitelist hosts that should not be blocked.

About Arbor Networks

Arbor Networks, Inc. is a leading provider of network security and management solutions for next-generation data centers and carrier networks, including the vast majority of the world’s Internet service providers and many of the largest enterprise networks in use today. Arbor’s proven network security and management solutions help grow and protect customer networks, businesses and brands. Through its unparalleled, privileged relationships with worldwide service providers and global network operators, Arbor provides unequalled insight into and perspective on Internet security and traffic trends via the ATLAS Active Threat Level Analysis System. Representing a unique collaborative effort with 100+ network operators across the globe, ATLAS enables the sharing of real-time security, traffic and routing information that informs numerous business decisions.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Google's new See No Evil policy......
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-06-18
RIOT-OS 2021.01 before commit 44741ff99f7a71df45420635b238b9c22093647a contains a buffer overflow which could allow attackers to obtain sensitive information.
PUBLISHED: 2021-06-18
SerenityOS contains a buffer overflow in the set_range test in TestBitmap which could allow attackers to obtain sensitive information.
PUBLISHED: 2021-06-18
SerenityOS in test-crypto.cpp contains a stack buffer overflow which could allow attackers to obtain sensitive information.
PUBLISHED: 2021-06-18
SerenityOS before commit 3844e8569689dd476064a0759d704bc64fb3ca2c contains a directory traversal vulnerability in tar/unzip that may lead to command execution or privilege escalation.
PUBLISHED: 2021-06-18
RIOT-OS 2021.01 before commit 85da504d2dc30188b89f44c3276fc5a25b31251f contains a buffer overflow which could allow attackers to obtain sensitive information.