Whether they are online enterprises, hosting providers or Internet service providers, companies need 24/7 insight into their network security, particularly regarding DDoS attacks and other cyber threats that target their Internet-facing services.
That’s why the Corero SmartWall® Threat Defense System (TDS) appliance seamlessly integrates with a variety of Security Information and Event Management (SIEM) and Operational Intelligence solutions, such as Splunk. Corero leverages Splunk software for big data analytics and visualization capabilities that together transform security event data into sophisticated dashboards. The advanced security data and dashboards are accessible via the Corero SecureWatch® Analytics portal.
The report below came from a Corero customer SecureWatch® Analytics portal. It illustrates a large DDoS attack on an Internet Service Provider that was successfully mitigated by the SmartWall TDS. This attack was a DNS amplification attack that reached 52Gb and lasted for approximately 36 minutes. The color red indicates blocked traffic. The attack targeted 1 IP address (victim).
This type of attempted attack is not unusual, but such large attacks are the ones that customers fear the most, because if not mitigated they could drive some of their links to near saturation levels (see the accompanying red/orange chart, which indicates normal incoming traffic vs. blocked traffic).
Fortunately, the SmartWall TDS mitigates a wide range of DDoS attacks, while maintaining full connectivity to avoid disrupting the delivery of legitimate traffic. It’s designed to handle large network-based DDoS attacks or floods, reflective amplified spoof attacks, as well as application layer attacks that are typically too low to be detected by out of band solutions. Indeed, if not for the SmartWall TDS appliance, many customers may not even notice the low-level DDoS attacks on their networks, which can be just as dangerous because they drain network resources and often serve as a smokescreen to distract IT staff while the hackers map out a breach of sensitive data.
With the robust, real-time dashboard analytics provided by the SecureWatch Analytics portal, Corero customers can clearly see suspicious or malicious traffic that is permeating their network. The dashboards are comprehensive and easy-to-read, with granular data, so that companies no longer need large teams of dedicated security analysts to sift through reams of log data that is difficult to interpret. SecureWatch Analytics is included with the purchase of the Corero First Line of Defense® products as a part of the DDoS defense investment. Read more here.