DDoS Secure0 pages
DATASHEET
DDOS SECURE
DDoS Mitigation for your Network and
Critical Applications
Product Overview
DDoS Secure defends some of the
world’s busiest Web servers and
critical business applications against
volumetric flood and applicationlayer distributed denial of service
(DDoS) attacks. DDoS Secure utilizes
advanced heuristic DDoS mitigation
technology that dynamically responds
to over-loading of the protected
resources, automatically providing
the full spectrum of DDoS defenses
to detect and block attacks. It is used
by the world’s leading companies and
organizations, protecting in excess of
$60 billion of revenue. DDoS Secure
is today the most comprehensive
DDoS mitigation solution available
for enterprises and hosting service
providers, delivering simple yet
effective protection that stops multivector DDoS attacks before they
can disrupt the availability of your
network and critical applications.
Product Description
Juniper Networks® DDoS Secure technology has been ensuring availability of critical
business resources for some of the world’s busiest e-commerce, financial, and public
sector customers for over a decade. During this time, DDoS attacks have evolved from
high-bandwidth volumetric attacks that bring down Web servers, to highly sophisticated
targeted attacks that threaten availability of critical business applications and resources.
DDoS volumetric flood attacks are still a problem for online businesses, but with the right
defense in place, these attacks can be nullified. However, today’s new breed of “low and
slow” application layer attacks are not as easy to detect, and therefore, are much more
difficult to mitigate.
Through an ongoing commitment to innovation with a dedicated focus on solving
customers’ security needs, Juniper’s world-class technology has kept pace with the
changing threat landscape in enterprise and service provider networks. By offering a
highly effective, fine-grained DDoS mitigation solution, DDoS Secure protects network
resources, regardless of which attack vectors are being deployed. DDoS Secure uses a
stateful analysis and heuristics approach to DDoS mitigation that provides protection for
high volume attacks, as well as advanced “low and slow” application attacks with minimal
false positives. The solution delivers fully automated application-layer DDoS protection
for Web (HTTP) and secure Web (HTTPS) applications, Domain Name Systems (DNS),
and VoIP systems (SIP). DDoS Secure can be deployed as an on-premise hardware
appliance or as a virtual machine (VM) in private, public or hybrid cloud environments.
Architecture and Key Components
Heuristic Approach
Traditionally, a DDoS outage occurs when resources are unable to handle the volume
of connection requests at a particular point in time. This might be through an induced
malicious attack using a Botnet for some financial, ideological, or political motive, or the
result of a legitimate “flash-crowd” effect during peak traffic periods. To the end user, there
is no real difference—at best they experience degraded response times; at worst, it is a
disruption in the resource’s availability resulting in an outage with serious business impact.
Adding more horsepower to the server or increasing bandwidth connectivity can provide
some insurance against a volumetric DDoS attack, but they are ultimately in-effective
against today’s new breed of sophisticated DDoS threats. Simply throttling all traffic or
blacklisting particular groups of IP addresses is also not a lasting solution, particularly as
these measures can impact legitimate users.
1
"