Arbor improves IP attack defenses

Arbor Networks today released a new, larger version of its Peakflow threat management platform, beefing up throughput, improving protection against key attacks and setting the stage for service provider migration to IPv6.

The new version 5.1 of Arbor Peakflow SP boosts throughput to 40 Gb/s for the integrated Threat Management System (TMS) application, which identifies and helps remove network and application attacks – without interrupting traffic flow.

As service providers drive IP deeper into their networks and also deliver new cloud-based IP services from their data centers, they become an ever larger target for attacks. Distributed attacks in particular are challenging to defend, because even one infected client endpoint can create disruptions for all customers on a network. That’s both the strength and one of the key vulnerability points for IP networks and cloud-based architectures.

Flood-based attacks like distributed denial of service (DDOS) in particular are a huge challenge for carrier IP networks in that hundreds if not thousands of “botted” clients – typically desktops but increasingly mobile clients as well – are taken over and pitted against carrier systems. Arbor claims its new box is the first 40-gig DDOS mitigation-capable platform, important because the number of attacks capable of reaching those levels has grown steadily over the past few years, said Rakesh Shah, Arbor’s director of product management.

“[DDOS attacks] are the number-one threat to data centers and clouds,” Shah said. “The number of attacks are increasing at a dramatic pace, as is the size of those attacks. In addition, the sophistication of attacks is increasing as well. It’s more than just flood-based attacks these days; we’re seeing very sophisticated application layer attacks as well.”

Those attack trends and the increased throughput of the new box make it especially suited toward “large [points of presence] or large data center deployments – maybe even regional mitigation centers,” Sha said, adding that the PeakFlow platform enables providers to not only protect their own networks from attack but to offer DDOS-protection as a managed security service to its large enterprise customers and network partners as well.

In addition to 40 Gb/s mitigation of DDOS and application layer attacks, the updated platform includes new capabilities to secure domain name server (DNS) infrastructure, another common target of attacks, as well as other network services and protocols such as HTTP, VoIP, IM, P2P and – Arbor claims for the first time for a security focused deep packet inspection (DPI) box – IPv6 traffic.

As a larger box, the 40 gig Peakflow can serve as a network aggregation point, working side-by-side with 10-gig Arbor boxes. The overall platform architecture lets providers manage up to five boxes from a single management user interface, offering great flexibility in deploying the platform, Shah said.