SlideShare a Scribd company logo

Corsa Giga Filter

Corsa Technology
Corsa Technology

Corsa Technology's introduced GigaFilter, a new feature on the Red Armor NSE7000 hardware platform that allows instant filtering of up to 4 Billion IPv4 addresses on 10 Gbps and 100 Gbps links to mitigate volumetric DDoS attacks.

Technology
1 of 12
Download to read offline
Universal Network Security Distributed Mitigation To Protect Network Infrastructure Against DDoS Attacks
2 • SDN networking equipment company – Founded in 2012, based in Ottawa, Ontario (Canada) – WAN-scale open, programmable SDN equipment for high capacity networks • Product Innovation with market-leading support – Line-rate flow forwarding expertise – Network hardware virtualization – Dynamic SDN traffic management • Architecture assures our platforms move traffic without hitting limitations – Internet-scale offering of advanced SDN features with high precision flow forwarding • Customers utilize for rapid service creation and delivery within their networks – ISP, SP, IX, CDNs, hosting providers and NREN customers worldwide – Very large networks: Each moving >50Petabytes of data per month
3 A Bad Trend in DDoS Attacks BBC – 602Gbps 31/12/2015 Krebs – 665Gbps 20/09/2016 OVH – 1Tbps 20/09/2016 Dyn – 1.2Tbps 21/10/2016 Incapsula– 650Gbps @ 150Mpps 21/12/2016 Mirai Botnet Leet Botnet NWH Botnet
4 How to protect against those attacks? Network Infrastructure Protection Application Protection Name Server Protection >90% of attack traffic is volumetric Network Infrastructure Protection Types of DDoS Attacks Verisign Oct. 2016
5 Clean Pipes with a Layered Defense 46.3% ICMP 32.5% TCP 19% UDP 22% SYN Multi-vector, large-scale attacks are the name of the game = difficulty level HIGH 7% NTP Application attacks Volumetric attacks 9% App ISP / Hosting Provider Network Connected Networks Layered defense removes the right attack vectors in the right place = clean pipes CLEAN PIPES EVERYWHERE
6 Clean Pipes with a Layered Defense 46.3% ICMP 32.5% TCP 19% UDP 22% SYN Multi-vector, large-scale attacks are the name of the game: difficulty level HIGH Layered defense removes the right attack vectors in the right place 7% NTP Application attacks Volumetric attacks 9% App ISP / Hosting Provider Network Mitigate volumetric attacks independent of application layer: (a) upstream at the network edge (b) at entry to the scrubbing center (c) wherever it is needed 1 Connected Networks CLEAN PIPES: all volumetric DDoS attack traffic eliminated from the network
7 Clean Pipes with a Layered Defense 46.3% ICMP 32.5% TCP 19% UDP 22% SYN Multi-vector, large-scale attacks are the name of the game: difficulty level HIGH Layered defense removes the right attack vectors in the right place 7% NTP Application attacks Volumetric attacks 9% App ISP / Hosting Provider Network Mitigate volumetric attacks independent of application layer: (a) upstream at the network edge (b) at entry to the scrubbing center (c) wherever it is needed 1 Connected Networks Block application attacks separately: closer to the target with existing scrubbing centers or firewalls 2 9% App
8 Universal Mitigation: Red Armor NSE7000 Series A. Installs in 10 minutes within existing architectures B. Operates as a bump in the wire anywhere C. Interoperates with existing DDoS detection tools D. Provides full 100G line rate enforcement E. At a fraction of the cost of other 100G offerings F. All of the above
9 Corsa Network Security Enforcement 100 Gbps Data Center Router 1/10 Gbps Public Internet Target To Protect BGP Flowspec: Provides specific action to take with corresponding network traffic 80 Gbps Red Armor Enforcement of rules issued by Detection • Adds to existing architecture, anywhere • 100% transparent means no added attack surface • No shared control with routing • No performance degradation with small packets • No performance degradation with large number of rules • 5K/second rule updates via BGP Flowspec at DDoS detection points Border Router
10 GigaFilterTM 100 Gbps Data Center Router 1/10 Gbps Public Internet Target To Protect 80 Gbps Red Armor WHAT? Allows >4 Billion IPv4 addresses to be blocked (entire IPv4 address space) in <1ms. WHY? IoT botnet attacks involve hundreds of thousands, soon to be millions, of compromised IoT devices, each with their own source IP addresses WHO CARES? ISPs, SPs, Hosting providers, CDNs are at aggregation points in the network where IoT scale can take down a border router or further downstream a data center router. WHY CORSA? IoT scale (performance) and economics for anywhere in the network Border Router
11 Red Armor NSE7000 Series Simple, High Performance Mitigation Simple, High Performance Mitigation Where you Need It
Corsa Giga Filter

Recommended

Rethinking Security: Corsa Red Armor Network Security Enforcement
Rethinking Security: Corsa Red Armor Network Security EnforcementRethinking Security: Corsa Red Armor Network Security Enforcement
Rethinking Security: Corsa Red Armor Network Security Enforcement
Corsa Technology
 
Corsa Technology DP2000: Open Programmable Networking & Virtualizing Network ...
Corsa Technology DP2000: Open Programmable Networking & Virtualizing Network ...Corsa Technology DP2000: Open Programmable Networking & Virtualizing Network ...
Corsa Technology DP2000: Open Programmable Networking & Virtualizing Network ...
Corsa Technology
 
Corsa DP2000 Platform
Corsa DP2000 PlatformCorsa DP2000 Platform
Corsa DP2000 Platform
Corsa Technology
 
PLNOG 17 - Marek Karczewski - Mity i fakty skutecznej ochrony aplikacji inter...
PLNOG 17 - Marek Karczewski - Mity i fakty skutecznej ochrony aplikacji inter...PLNOG 17 - Marek Karczewski - Mity i fakty skutecznej ochrony aplikacji inter...
PLNOG 17 - Marek Karczewski - Mity i fakty skutecznej ochrony aplikacji inter...
PROIDEA
 
Vpn rsvp
Vpn rsvpVpn rsvp
Vpn rsvp
Swarup Kumar Mall
 
PLNOG 17 - Artur Kane - DDoS? You shall not pass!
PLNOG 17 - Artur Kane - DDoS? You shall not pass!PLNOG 17 - Artur Kane - DDoS? You shall not pass!
PLNOG 17 - Artur Kane - DDoS? You shall not pass!
PROIDEA
 
Vpn presentation
Vpn presentationVpn presentation
Vpn presentation
Ram Bharosh Raut
 
Virtual Private Networks (VPN) ppt
Virtual Private Networks (VPN) pptVirtual Private Networks (VPN) ppt
Virtual Private Networks (VPN) ppt
OECLIB Odisha Electronics Control Library
 

Recommended

Rethinking Security: Corsa Red Armor Network Security Enforcement
Rethinking Security: Corsa Red Armor Network Security EnforcementRethinking Security: Corsa Red Armor Network Security Enforcement
Rethinking Security: Corsa Red Armor Network Security Enforcement
Corsa Technology
 
Corsa Technology DP2000: Open Programmable Networking & Virtualizing Network ...
Corsa Technology DP2000: Open Programmable Networking & Virtualizing Network ...Corsa Technology DP2000: Open Programmable Networking & Virtualizing Network ...
Corsa Technology DP2000: Open Programmable Networking & Virtualizing Network ...
Corsa Technology
 
Corsa DP2000 Platform
Corsa DP2000 PlatformCorsa DP2000 Platform
Corsa DP2000 Platform
Corsa Technology
 
PLNOG 17 - Marek Karczewski - Mity i fakty skutecznej ochrony aplikacji inter...
PLNOG 17 - Marek Karczewski - Mity i fakty skutecznej ochrony aplikacji inter...PLNOG 17 - Marek Karczewski - Mity i fakty skutecznej ochrony aplikacji inter...
PLNOG 17 - Marek Karczewski - Mity i fakty skutecznej ochrony aplikacji inter...
PROIDEA
 
Vpn rsvp
Vpn rsvpVpn rsvp
Vpn rsvp
Swarup Kumar Mall
 
PLNOG 17 - Artur Kane - DDoS? You shall not pass!
PLNOG 17 - Artur Kane - DDoS? You shall not pass!PLNOG 17 - Artur Kane - DDoS? You shall not pass!
PLNOG 17 - Artur Kane - DDoS? You shall not pass!
PROIDEA
 
Vpn presentation
Vpn presentationVpn presentation
Vpn presentation
Ram Bharosh Raut
 
Virtual Private Networks (VPN) ppt
Virtual Private Networks (VPN) pptVirtual Private Networks (VPN) ppt
Virtual Private Networks (VPN) ppt
OECLIB Odisha Electronics Control Library
 
TFI2014 Session I - State of SDN - Gary Hemminger
TFI2014 Session I - State of SDN - Gary HemmingerTFI2014 Session I - State of SDN - Gary Hemminger
TFI2014 Session I - State of SDN - Gary Hemminger
Colorado Internet Society (CO ISOC)
 
128 Technology Webinar - Remove Overhead and Complexity with Tunnel-Free SD-WAN
128 Technology Webinar - Remove Overhead and Complexity with Tunnel-Free SD-WAN128 Technology Webinar - Remove Overhead and Complexity with Tunnel-Free SD-WAN
128 Technology Webinar - Remove Overhead and Complexity with Tunnel-Free SD-WAN
128 Technology
 
V P N
V P NV P N
V P N
bhathiji
 
VPN (virtual Private Network)
VPN (virtual Private Network)VPN (virtual Private Network)
VPN (virtual Private Network)
Chandan Jha
 
VPN presentation - moeshesh
VPN presentation - moesheshVPN presentation - moeshesh
VPN presentation - moeshesh
Mohamed Shishtawy
 
Nuage Networks: Gluecon 2013 Keynote: The True Potential of Network Virtualiz...
Nuage Networks: Gluecon 2013 Keynote: The True Potential of Network Virtualiz...Nuage Networks: Gluecon 2013 Keynote: The True Potential of Network Virtualiz...
Nuage Networks: Gluecon 2013 Keynote: The True Potential of Network Virtualiz...
Nuage Networks
 
Virtual private network, vpn presentation
Virtual private network, vpn presentationVirtual private network, vpn presentation
Virtual private network, vpn presentation
Amjad Bhutto
 
BreakingPoint & Fortinet RSA Conference 2011 Presentation: Evaluating Enterpr...
BreakingPoint & Fortinet RSA Conference 2011 Presentation: Evaluating Enterpr...BreakingPoint & Fortinet RSA Conference 2011 Presentation: Evaluating Enterpr...
BreakingPoint & Fortinet RSA Conference 2011 Presentation: Evaluating Enterpr...
Ixia
 
Solera Networks
Solera NetworksSolera Networks
Solera Networks
gigamon
 
Recent DDoS attack trends, and how you should respond
Recent DDoS attack trends, and how you should respondRecent DDoS attack trends, and how you should respond
Recent DDoS attack trends, and how you should respond
Cloudflare
 
Webinar: The Software Matters in Open Networking
Webinar: The Software Matters in Open NetworkingWebinar: The Software Matters in Open Networking
Webinar: The Software Matters in Open Networking
Storage Switzerland
 
Vpn
VpnVpn
Vpn
Nure Alam
 
Gigamon Systems
Gigamon SystemsGigamon Systems
Gigamon Systems
gigamon
 
DDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL LeeDDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL Lee
MyNOG
 
Next Generation DDoS Services – can we do this with NFV? - CF Chui
Next Generation DDoS Services – can we do this with NFV? - CF ChuiNext Generation DDoS Services – can we do this with NFV? - CF Chui
Next Generation DDoS Services – can we do this with NFV? - CF Chui
MyNOG
 
Virtual private network
Virtual private network Virtual private network
Virtual private network
Parth Akbari
 
SDN & NFV: Driving Additional Value into Managed Services
SDN & NFV: Driving Additional Value into Managed ServicesSDN & NFV: Driving Additional Value into Managed Services
SDN & NFV: Driving Additional Value into Managed Services
TBI Inc.
 
12 Understanding V P Ns
12 Understanding V P Ns12 Understanding V P Ns
12 Understanding V P Ns
AamirAziz
 
Vpn security
Vpn security Vpn security
Vpn security
AnushiyaAron
 
VIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALA
VIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALAVIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALA
VIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALA
Saikiran Panjala
 
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
Marta Pacyga
 
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PROIDEA
 

More Related Content

What's hot

TFI2014 Session I - State of SDN - Gary Hemminger
TFI2014 Session I - State of SDN - Gary HemmingerTFI2014 Session I - State of SDN - Gary Hemminger
TFI2014 Session I - State of SDN - Gary Hemminger
Colorado Internet Society (CO ISOC)
 
128 Technology Webinar - Remove Overhead and Complexity with Tunnel-Free SD-WAN
128 Technology Webinar - Remove Overhead and Complexity with Tunnel-Free SD-WAN128 Technology Webinar - Remove Overhead and Complexity with Tunnel-Free SD-WAN
128 Technology Webinar - Remove Overhead and Complexity with Tunnel-Free SD-WAN
128 Technology
 
V P N
V P NV P N
V P N
bhathiji
 
VPN (virtual Private Network)
VPN (virtual Private Network)VPN (virtual Private Network)
VPN (virtual Private Network)
Chandan Jha
 
VPN presentation - moeshesh
VPN presentation - moesheshVPN presentation - moeshesh
VPN presentation - moeshesh
Mohamed Shishtawy
 
Nuage Networks: Gluecon 2013 Keynote: The True Potential of Network Virtualiz...
Nuage Networks: Gluecon 2013 Keynote: The True Potential of Network Virtualiz...Nuage Networks: Gluecon 2013 Keynote: The True Potential of Network Virtualiz...
Nuage Networks: Gluecon 2013 Keynote: The True Potential of Network Virtualiz...
Nuage Networks
 
Virtual private network, vpn presentation
Virtual private network, vpn presentationVirtual private network, vpn presentation
Virtual private network, vpn presentation
Amjad Bhutto
 
BreakingPoint & Fortinet RSA Conference 2011 Presentation: Evaluating Enterpr...
BreakingPoint & Fortinet RSA Conference 2011 Presentation: Evaluating Enterpr...BreakingPoint & Fortinet RSA Conference 2011 Presentation: Evaluating Enterpr...
BreakingPoint & Fortinet RSA Conference 2011 Presentation: Evaluating Enterpr...
Ixia
 
Solera Networks
Solera NetworksSolera Networks
Solera Networks
gigamon
 
Recent DDoS attack trends, and how you should respond
Recent DDoS attack trends, and how you should respondRecent DDoS attack trends, and how you should respond
Recent DDoS attack trends, and how you should respond
Cloudflare
 
Webinar: The Software Matters in Open Networking
Webinar: The Software Matters in Open NetworkingWebinar: The Software Matters in Open Networking
Webinar: The Software Matters in Open Networking
Storage Switzerland
 
Vpn
VpnVpn
Vpn
Nure Alam
 
Gigamon Systems
Gigamon SystemsGigamon Systems
Gigamon Systems
gigamon
 
DDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL LeeDDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL Lee
MyNOG
 
Next Generation DDoS Services – can we do this with NFV? - CF Chui
Next Generation DDoS Services – can we do this with NFV? - CF ChuiNext Generation DDoS Services – can we do this with NFV? - CF Chui
Next Generation DDoS Services – can we do this with NFV? - CF Chui
MyNOG
 
Virtual private network
Virtual private network Virtual private network
Virtual private network
Parth Akbari
 
SDN & NFV: Driving Additional Value into Managed Services
SDN & NFV: Driving Additional Value into Managed ServicesSDN & NFV: Driving Additional Value into Managed Services
SDN & NFV: Driving Additional Value into Managed Services
TBI Inc.
 
12 Understanding V P Ns
12 Understanding V P Ns12 Understanding V P Ns
12 Understanding V P Ns
AamirAziz
 
Vpn security
Vpn security Vpn security
Vpn security
AnushiyaAron
 
VIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALA
VIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALAVIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALA
VIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALA
Saikiran Panjala
 

What's hot (20)

TFI2014 Session I - State of SDN - Gary Hemminger
TFI2014 Session I - State of SDN - Gary HemmingerTFI2014 Session I - State of SDN - Gary Hemminger
TFI2014 Session I - State of SDN - Gary Hemminger
 
128 Technology Webinar - Remove Overhead and Complexity with Tunnel-Free SD-WAN
128 Technology Webinar - Remove Overhead and Complexity with Tunnel-Free SD-WAN128 Technology Webinar - Remove Overhead and Complexity with Tunnel-Free SD-WAN
128 Technology Webinar - Remove Overhead and Complexity with Tunnel-Free SD-WAN
 
V P N
V P NV P N
V P N
 
VPN (virtual Private Network)
VPN (virtual Private Network)VPN (virtual Private Network)
VPN (virtual Private Network)
 
VPN presentation - moeshesh
VPN presentation - moesheshVPN presentation - moeshesh
VPN presentation - moeshesh
 
Nuage Networks: Gluecon 2013 Keynote: The True Potential of Network Virtualiz...
Nuage Networks: Gluecon 2013 Keynote: The True Potential of Network Virtualiz...Nuage Networks: Gluecon 2013 Keynote: The True Potential of Network Virtualiz...
Nuage Networks: Gluecon 2013 Keynote: The True Potential of Network Virtualiz...
 
Virtual private network, vpn presentation
Virtual private network, vpn presentationVirtual private network, vpn presentation
Virtual private network, vpn presentation
 
BreakingPoint & Fortinet RSA Conference 2011 Presentation: Evaluating Enterpr...
BreakingPoint & Fortinet RSA Conference 2011 Presentation: Evaluating Enterpr...BreakingPoint & Fortinet RSA Conference 2011 Presentation: Evaluating Enterpr...
BreakingPoint & Fortinet RSA Conference 2011 Presentation: Evaluating Enterpr...
 
Solera Networks
Solera NetworksSolera Networks
Solera Networks
 
Recent DDoS attack trends, and how you should respond
Recent DDoS attack trends, and how you should respondRecent DDoS attack trends, and how you should respond
Recent DDoS attack trends, and how you should respond
 
Webinar: The Software Matters in Open Networking
Webinar: The Software Matters in Open NetworkingWebinar: The Software Matters in Open Networking
Webinar: The Software Matters in Open Networking
 
Vpn
VpnVpn
Vpn
 
Gigamon Systems
Gigamon SystemsGigamon Systems
Gigamon Systems
 
DDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL LeeDDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL Lee
 
Next Generation DDoS Services – can we do this with NFV? - CF Chui
Next Generation DDoS Services – can we do this with NFV? - CF ChuiNext Generation DDoS Services – can we do this with NFV? - CF Chui
Next Generation DDoS Services – can we do this with NFV? - CF Chui
 
Virtual private network
Virtual private network Virtual private network
Virtual private network
 
SDN & NFV: Driving Additional Value into Managed Services
SDN & NFV: Driving Additional Value into Managed ServicesSDN & NFV: Driving Additional Value into Managed Services
SDN & NFV: Driving Additional Value into Managed Services
 
12 Understanding V P Ns
12 Understanding V P Ns12 Understanding V P Ns
12 Understanding V P Ns
 
Vpn security
Vpn security Vpn security
Vpn security
 
VIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALA
VIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALAVIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALA
VIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALA
 

Similar to Corsa Giga Filter

PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
Marta Pacyga
 
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PROIDEA
 
DETENIENDO LOS ATAQUES DDOS CON NSFOCUS
DETENIENDO LOS ATAQUES DDOS CON NSFOCUSDETENIENDO LOS ATAQUES DDOS CON NSFOCUS
DETENIENDO LOS ATAQUES DDOS CON NSFOCUS
Cristian Garcia G.
 
bestpracticesforusingyournetworkandtheciscoasr9kforddos-150603185523-lva1-app...
bestpracticesforusingyournetworkandtheciscoasr9kforddos-150603185523-lva1-app...bestpracticesforusingyournetworkandtheciscoasr9kforddos-150603185523-lva1-app...
bestpracticesforusingyournetworkandtheciscoasr9kforddos-150603185523-lva1-app...
Sergiy Pitel
 
Scaling service provider business with DDoS-mitigation-as-a-service
Scaling service provider business with DDoS-mitigation-as-a-serviceScaling service provider business with DDoS-mitigation-as-a-service
Scaling service provider business with DDoS-mitigation-as-a-service
Cloudflare
 
FortiGate_600E(2).pdf
FortiGate_600E(2).pdfFortiGate_600E(2).pdf
FortiGate_600E(2).pdf
Rochdi Bouzaien
 
PLNOG14 - Wireless Cloud, a new business for operators - Jochen Müdsam
PLNOG14 - Wireless Cloud, a new business for operators - Jochen MüdsamPLNOG14 - Wireless Cloud, a new business for operators - Jochen Müdsam
PLNOG14 - Wireless Cloud, a new business for operators - Jochen Müdsam
PROIDEA
 
Simplifying Wired Network Deployments with Software-Defined Networking (SDN)
Simplifying Wired Network Deployments with Software-Defined Networking (SDN)Simplifying Wired Network Deployments with Software-Defined Networking (SDN)
Simplifying Wired Network Deployments with Software-Defined Networking (SDN)
Aruba, a Hewlett Packard Enterprise company
 
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
Amazon Web Services
 
Cisco Intelligent WAN: Enabling the Next-Generation Branch
Cisco Intelligent WAN: Enabling the Next-Generation BranchCisco Intelligent WAN: Enabling the Next-Generation Branch
Cisco Intelligent WAN: Enabling the Next-Generation Branch
Cisco Canada
 
6° Sessione VMware NSX: la piattaforma di virtualizzazione della rete per il ...
6° Sessione VMware NSX: la piattaforma di virtualizzazione della rete per il ...6° Sessione VMware NSX: la piattaforma di virtualizzazione della rete per il ...
6° Sessione VMware NSX: la piattaforma di virtualizzazione della rete per il ...
Jürgen Ambrosi
 
iWAN - Cisco Application Experience Solution
iWAN - Cisco Application Experience SolutioniWAN - Cisco Application Experience Solution
iWAN - Cisco Application Experience Solution
xband
 
A10 issa d do s 5-2014
A10 issa d do s 5-2014A10 issa d do s 5-2014
A10 issa d do s 5-2014
Raleigh ISSA
 
Webinar NETGEAR - Linee guida per il disegno di una rete wireless a elevate p...
Webinar NETGEAR - Linee guida per il disegno di una rete wireless a elevate p...Webinar NETGEAR - Linee guida per il disegno di una rete wireless a elevate p...
Webinar NETGEAR - Linee guida per il disegno di una rete wireless a elevate p...
Netgear Italia
 
New Threats, New Approaches in Modern Data Centers
New Threats, New Approaches in Modern Data CentersNew Threats, New Approaches in Modern Data Centers
New Threats, New Approaches in Modern Data Centers
Iben Rodriguez
 
Agile network agile world, tayo ashiru, huawei
Agile network agile world, tayo ashiru, huaweiAgile network agile world, tayo ashiru, huawei
Agile network agile world, tayo ashiru, huawei
Commonwealth Telecommunications Organisation
 
Cross selling 5
Cross selling 5Cross selling 5
Cross selling 5
Sen Nathan
 
Barracuda_NG_Firewall_Profile
Barracuda_NG_Firewall_ProfileBarracuda_NG_Firewall_Profile
Barracuda_NG_Firewall_Profile
Aliza Ayub
 
Barracuda_NG_Firewall_Profile
Barracuda_NG_Firewall_ProfileBarracuda_NG_Firewall_Profile
Barracuda_NG_Firewall_Profile
Iqra Hameed
 
Kentik and Cloudflare Partner to Mitigate Advanced DDoS Attacks
Kentik and Cloudflare Partner to Mitigate Advanced DDoS AttacksKentik and Cloudflare Partner to Mitigate Advanced DDoS Attacks
Kentik and Cloudflare Partner to Mitigate Advanced DDoS Attacks
Cloudflare
 

Similar to Corsa Giga Filter (20)

PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
 
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
 
DETENIENDO LOS ATAQUES DDOS CON NSFOCUS
DETENIENDO LOS ATAQUES DDOS CON NSFOCUSDETENIENDO LOS ATAQUES DDOS CON NSFOCUS
DETENIENDO LOS ATAQUES DDOS CON NSFOCUS
 
bestpracticesforusingyournetworkandtheciscoasr9kforddos-150603185523-lva1-app...
bestpracticesforusingyournetworkandtheciscoasr9kforddos-150603185523-lva1-app...bestpracticesforusingyournetworkandtheciscoasr9kforddos-150603185523-lva1-app...
bestpracticesforusingyournetworkandtheciscoasr9kforddos-150603185523-lva1-app...
 
Scaling service provider business with DDoS-mitigation-as-a-service
Scaling service provider business with DDoS-mitigation-as-a-serviceScaling service provider business with DDoS-mitigation-as-a-service
Scaling service provider business with DDoS-mitigation-as-a-service
 
FortiGate_600E(2).pdf
FortiGate_600E(2).pdfFortiGate_600E(2).pdf
FortiGate_600E(2).pdf
 
PLNOG14 - Wireless Cloud, a new business for operators - Jochen Müdsam
PLNOG14 - Wireless Cloud, a new business for operators - Jochen MüdsamPLNOG14 - Wireless Cloud, a new business for operators - Jochen Müdsam
PLNOG14 - Wireless Cloud, a new business for operators - Jochen Müdsam
 
Simplifying Wired Network Deployments with Software-Defined Networking (SDN)
Simplifying Wired Network Deployments with Software-Defined Networking (SDN)Simplifying Wired Network Deployments with Software-Defined Networking (SDN)
Simplifying Wired Network Deployments with Software-Defined Networking (SDN)
 
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
 
Cisco Intelligent WAN: Enabling the Next-Generation Branch
Cisco Intelligent WAN: Enabling the Next-Generation BranchCisco Intelligent WAN: Enabling the Next-Generation Branch
Cisco Intelligent WAN: Enabling the Next-Generation Branch
 
6° Sessione VMware NSX: la piattaforma di virtualizzazione della rete per il ...
6° Sessione VMware NSX: la piattaforma di virtualizzazione della rete per il ...6° Sessione VMware NSX: la piattaforma di virtualizzazione della rete per il ...
6° Sessione VMware NSX: la piattaforma di virtualizzazione della rete per il ...
 
iWAN - Cisco Application Experience Solution
iWAN - Cisco Application Experience SolutioniWAN - Cisco Application Experience Solution
iWAN - Cisco Application Experience Solution
 
A10 issa d do s 5-2014
A10 issa d do s 5-2014A10 issa d do s 5-2014
A10 issa d do s 5-2014
 
Webinar NETGEAR - Linee guida per il disegno di una rete wireless a elevate p...
Webinar NETGEAR - Linee guida per il disegno di una rete wireless a elevate p...Webinar NETGEAR - Linee guida per il disegno di una rete wireless a elevate p...
Webinar NETGEAR - Linee guida per il disegno di una rete wireless a elevate p...
 
New Threats, New Approaches in Modern Data Centers
New Threats, New Approaches in Modern Data CentersNew Threats, New Approaches in Modern Data Centers
New Threats, New Approaches in Modern Data Centers
 
Agile network agile world, tayo ashiru, huawei
Agile network agile world, tayo ashiru, huaweiAgile network agile world, tayo ashiru, huawei
Agile network agile world, tayo ashiru, huawei
 
Cross selling 5
Cross selling 5Cross selling 5
Cross selling 5
 
Barracuda_NG_Firewall_Profile
Barracuda_NG_Firewall_ProfileBarracuda_NG_Firewall_Profile
Barracuda_NG_Firewall_Profile
 
Barracuda_NG_Firewall_Profile
Barracuda_NG_Firewall_ProfileBarracuda_NG_Firewall_Profile
Barracuda_NG_Firewall_Profile
 
Kentik and Cloudflare Partner to Mitigate Advanced DDoS Attacks
Kentik and Cloudflare Partner to Mitigate Advanced DDoS AttacksKentik and Cloudflare Partner to Mitigate Advanced DDoS Attacks
Kentik and Cloudflare Partner to Mitigate Advanced DDoS Attacks
 

Recently uploaded

What is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE VisionWhat is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE Vision
DianaGray10
 
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and BioinformaticiansBiomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Neo4j
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
Javier Junquera
 
"Scaling RAG Applications to serve millions of users", Kevin Goedecke
"Scaling RAG Applications to serve millions of users", Kevin Goedecke"Scaling RAG Applications to serve millions of users", Kevin Goedecke
"Scaling RAG Applications to serve millions of users", Kevin Goedecke
Fwdays
 
Essentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation ParametersEssentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation Parameters
Safe Software
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
Tatiana Kojar
 
Mutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented ChatbotsMutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented Chatbots
Pablo Gómez Abajo
 
Y-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PPY-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PP
c5vrf27qcz
 
High performance Serverless Java on AWS- GoTo Amsterdam 2024
High performance Serverless Java on AWS- GoTo Amsterdam 2024High performance Serverless Java on AWS- GoTo Amsterdam 2024
High performance Serverless Java on AWS- GoTo Amsterdam 2024
Vadym Kazulkin
 
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
Alex Pruden
 
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
"$10 thousand per minute of downtime: architecture, queues, streaming and fin..."$10 thousand per minute of downtime: architecture, queues, streaming and fin...
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
Fwdays
 
Christine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptxChristine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptx
christinelarrosa
 
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge GraphGraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
Neo4j
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
Jakub Marek
 
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving | Modern Metal Trim, Nameplates and Appliance PanelsNorthern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving
 
Demystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through StorytellingDemystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through Storytelling
Enterprise Knowledge
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
Chart Kalyan
 
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyFreshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
ScyllaDB
 
Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving
 
Must Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during MigrationMust Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during Migration
Mydbops
 

Recently uploaded (20)

What is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE VisionWhat is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE Vision
 
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and BioinformaticiansBiomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
 
"Scaling RAG Applications to serve millions of users", Kevin Goedecke
"Scaling RAG Applications to serve millions of users", Kevin Goedecke"Scaling RAG Applications to serve millions of users", Kevin Goedecke
"Scaling RAG Applications to serve millions of users", Kevin Goedecke
 
Essentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation ParametersEssentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation Parameters
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
 
Mutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented ChatbotsMutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented Chatbots
 
Y-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PPY-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PP
 
High performance Serverless Java on AWS- GoTo Amsterdam 2024
High performance Serverless Java on AWS- GoTo Amsterdam 2024High performance Serverless Java on AWS- GoTo Amsterdam 2024
High performance Serverless Java on AWS- GoTo Amsterdam 2024
 
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
 
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
"$10 thousand per minute of downtime: architecture, queues, streaming and fin..."$10 thousand per minute of downtime: architecture, queues, streaming and fin...
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
 
Christine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptxChristine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptx
 
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge GraphGraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
 
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving | Modern Metal Trim, Nameplates and Appliance PanelsNorthern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
 
Demystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through StorytellingDemystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through Storytelling
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
 
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyFreshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
 
Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024
 
Must Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during MigrationMust Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during Migration
 

Corsa Giga Filter

  • 1. Universal Network Security Distributed Mitigation To Protect Network Infrastructure Against DDoS Attacks
  • 2. 2 • SDN networking equipment company – Founded in 2012, based in Ottawa, Ontario (Canada) – WAN-scale open, programmable SDN equipment for high capacity networks • Product Innovation with market-leading support – Line-rate flow forwarding expertise – Network hardware virtualization – Dynamic SDN traffic management • Architecture assures our platforms move traffic without hitting limitations – Internet-scale offering of advanced SDN features with high precision flow forwarding • Customers utilize for rapid service creation and delivery within their networks – ISP, SP, IX, CDNs, hosting providers and NREN customers worldwide – Very large networks: Each moving >50Petabytes of data per month
  • 3. 3 A Bad Trend in DDoS Attacks BBC – 602Gbps 31/12/2015 Krebs – 665Gbps 20/09/2016 OVH – 1Tbps 20/09/2016 Dyn – 1.2Tbps 21/10/2016 Incapsula– 650Gbps @ 150Mpps 21/12/2016 Mirai Botnet Leet Botnet NWH Botnet
  • 4. 4 How to protect against those attacks? Network Infrastructure Protection Application Protection Name Server Protection >90% of attack traffic is volumetric Network Infrastructure Protection Types of DDoS Attacks Verisign Oct. 2016
  • 5. 5 Clean Pipes with a Layered Defense 46.3% ICMP 32.5% TCP 19% UDP 22% SYN Multi-vector, large-scale attacks are the name of the game = difficulty level HIGH 7% NTP Application attacks Volumetric attacks 9% App ISP / Hosting Provider Network Connected Networks Layered defense removes the right attack vectors in the right place = clean pipes CLEAN PIPES EVERYWHERE
  • 6. 6 Clean Pipes with a Layered Defense 46.3% ICMP 32.5% TCP 19% UDP 22% SYN Multi-vector, large-scale attacks are the name of the game: difficulty level HIGH Layered defense removes the right attack vectors in the right place 7% NTP Application attacks Volumetric attacks 9% App ISP / Hosting Provider Network Mitigate volumetric attacks independent of application layer: (a) upstream at the network edge (b) at entry to the scrubbing center (c) wherever it is needed 1 Connected Networks CLEAN PIPES: all volumetric DDoS attack traffic eliminated from the network
  • 7. 7 Clean Pipes with a Layered Defense 46.3% ICMP 32.5% TCP 19% UDP 22% SYN Multi-vector, large-scale attacks are the name of the game: difficulty level HIGH Layered defense removes the right attack vectors in the right place 7% NTP Application attacks Volumetric attacks 9% App ISP / Hosting Provider Network Mitigate volumetric attacks independent of application layer: (a) upstream at the network edge (b) at entry to the scrubbing center (c) wherever it is needed 1 Connected Networks Block application attacks separately: closer to the target with existing scrubbing centers or firewalls 2 9% App
  • 8. 8 Universal Mitigation: Red Armor NSE7000 Series A. Installs in 10 minutes within existing architectures B. Operates as a bump in the wire anywhere C. Interoperates with existing DDoS detection tools D. Provides full 100G line rate enforcement E. At a fraction of the cost of other 100G offerings F. All of the above
  • 9. 9 Corsa Network Security Enforcement 100 Gbps Data Center Router 1/10 Gbps Public Internet Target To Protect BGP Flowspec: Provides specific action to take with corresponding network traffic 80 Gbps Red Armor Enforcement of rules issued by Detection • Adds to existing architecture, anywhere • 100% transparent means no added attack surface • No shared control with routing • No performance degradation with small packets • No performance degradation with large number of rules • 5K/second rule updates via BGP Flowspec at DDoS detection points Border Router
  • 10. 10 GigaFilterTM 100 Gbps Data Center Router 1/10 Gbps Public Internet Target To Protect 80 Gbps Red Armor WHAT? Allows >4 Billion IPv4 addresses to be blocked (entire IPv4 address space) in <1ms. WHY? IoT botnet attacks involve hundreds of thousands, soon to be millions, of compromised IoT devices, each with their own source IP addresses WHO CARES? ISPs, SPs, Hosting providers, CDNs are at aggregation points in the network where IoT scale can take down a border router or further downstream a data center router. WHY CORSA? IoT scale (performance) and economics for anywhere in the network Border Router
  • 11. 11 Red Armor NSE7000 Series Simple, High Performance Mitigation Simple, High Performance Mitigation Where you Need It