Flood Shield (DDoS Protection)

フラッド・シールド

DDoS攻撃の脅威からお客様のWebサービスを保護

Webとネットワーク・インフラを保護する
クラウド型DDoS防御

フラッド・シールドは、あらゆる種類やレイヤのDDoS攻撃をリアルタイムで検出、防御しながら、正規ユーザへはCDNの高速プラットフォームからコンテンツを配信し続けられるため、サービスの可用性確保とユーザエクスペリエンスを最適化します。フラッド・シールドはシールド(盾)として機能し、オンラインサービスやネットワーク・インフラの安定性と信頼性を高めます。また、監視&アラートツール、攻撃の可視化、調査ツールなどの機能を備えています。

収益力の高いWebサイトは、同時に攻撃の標的ともなりやすく、大きなリスクも擁しています。DDoS攻撃によりWebサービスが停止してしまうと、大きな機会損失が発生するだけでなく、顧客満足度を下げ信頼を失うことにもなりかねません。CDNetworksのDDoS防御サービスは、15 Tbpsを上回る巨大なCDNネットワーク・インフラにより、DDoS攻撃発生の検知から、攻撃の遮断とWebサイトの復旧、攻撃内容の分析、レポート機能までを一気通貫で提供します。セキュリティ専門のエンジニアが24時間365日体制でお客様のWebサービスを守ります。

How Can DDoS Attacks be Harmful

DDoS attacks can cause massive harm to a network, application or resource by flooding it with a large volume of traffic. They are usually delivered by malicious actors via a botnet or a group of devices controlled together and infected with malware. With the proliferation of IoT devices, the threat landscape has widened and it has only become easier for attackers to launch DDoS attacks.

As the resources get used up to meet the incoming traffic requests, they get exhausted and lead to a server failure. For businesses that thrive on providing uninterrupted services to their users, these types of cyber attacks can result in a number of negative consequences.

They can affect revenue by interrupting customer-facing applications

When DDoS attacks tie up platform services, they make it impossible to ensure business continuity. This could result in unsatisfied users, customer churn or in more serious cases even render key transactions unavailable.

They can add to business costs for website recovery

In addition to the revenue lost due to customer churn, DDoS attacks can also create additional expenses for business in the form of website and data center recovery costs.

They can bring down mission-critical applications in your organization

It’s not just customer-facing applications that DDoS attacks can bring down. Even business applications that help you with daily operations can be affected. Email automation, CRM tools, payroll processing software and other internal applications key to running your business can be affected by DDoS attacks.

They can invite more attacks while your DDoS defenses are down

DDoS campaigns don’t end when they manage to compromise some servers or services in your organization. The flood of network traffic will continue to overwhelm your other systems until more robust DDoS defenses are put in place. This is a period where your network security infrastructure can be taken advantage of by hackers to target other, more sinister types of attacks.

They can affect brand image or reputation

Sometimes the negative impact of DDoS attacks on your business aren’t monetary. When key public-facing applications are down and websites or apps are slow to load, it can leave a bad impression of your brand among customers. In fact, 57% of companies surveyed by NETSCOUT’s WorldWide Infrastructure Security Report think that DDoS attacks affected them most with damage to their brand more than operating expenses.

フラッド・シールドのリソース
フラッド・シールドのリソース
関連ブログ記事を読む

JNSA Certification Logo

特徴

攻撃の監視とアラート

  • 総合的な監視およびアラートサービス
  • Security warning to rapidly notify about any website abnormalities

攻撃の防御

  • ネットワークレイヤ(L3/L4)のすべての攻撃のほか、アプリケーションレイヤ(L7)の攻撃にも対応。SYNフラッド、ACKフラッド、ICMPフラッド、UDPフラッド、HTTPフラッド、リフレクションなど、昨今発生しているほぼすべてのDDoS攻撃に対応可能
  • Four scrubbing centers located worldwide to mitigate these types of attacks

導入方法

  • HTTP/HTTPSトラフィックのDNS CNAME構成
  • ネットワーク全体や複数のプロトコルを保護するBGPアナウンスメント

CDN Provisioning

  • Accelerate your sites and apps with a CDN
  • Supports multiple protocols, including HTTP/S, TCP/UDP
  • One-click deployment and real-time activation with no specific technical support required

アクセス制御

  • IP/URLのブラックリストとホワイトリスト、IPアドレスやURL、ドメイン名によるアクセス制御などを含むポリシー
  • Customizable strategy based on IP parameters and access frequency control

防御能力

大容量PoP:PoPあたり600Gbpsから2Tbps超のネットワーク

防御の可視化

  • DDoS攻撃と保護に関する情報をリアルタイムで表示
  • Full layer 7 DDoS, and 3 & 4 DDoS dashboard and log
  • Includes website security status, types of mitigation traffic and detailed information of attack events

DDoS Mitigation Highlights

CDNetworks Flood Shield provides a robust DDoS protection service to help defend your business against these cyber attacks. Some of the highlights of our solution include:

Monitoring and Warning of Abnormalities

With its multi-dimensional and all-level monitoring and warning capabilities, Flood Shield helps you detect, prepare for and deploy defense strategies against DDoS attacks. The security PoPs dynamically learn from historical access and behavior patterns and notifies you via email/SMS when any abnormalities are detected.

The platform’s big data analytics capabilities also helps analyze the cloud attack data and patterns in IP, User-Agent and Referrer. It performs security event correlation analysis by comparing similar approaches on other websites and industry data to deploy coordinated and synchronized defense strategies.

Intelligent Firewall and Detection for L4 and L7 DDoS Defence

CDNetworks equips you with the defense strategies for Layer 4 DDoS and Layer 7 DDoS attacks.

Layer 4 DDoS attacks are those such as TCP SYN flood, ACK flood, ICMP flood, UDP flood, NTP amplification and reflection attacks or Layer 7 attacks such as HTTP flood and Low & Slow attacks. For these, Flood Shield uses intelligent firewall and real-time detection to filter abnormal packets and non-compliant packets. It evaluates certain criteria to verify, block or drop packets and validate TCP connections without affecting normal access. This goes beyond what a web application firewall or WAF is capable of, which cannot stop some types of DDoS attacks such as TCP-state exhaustion attacks.

Layer 7 DDoS and application layer attacks are more sophisticated and usually target particular expensive parts of applications. For example, HTTP flood requests to a login page, or a search API, or WordPress pingback attacks fall under this category. For these, Flood Shield uses a cyber threats library, access control tools, log self-learning, and automated browser challenges, to analyze, detect and black malicious request packets in real time. 

Real-time Visualization of Defense

Flood Shield also gives you defense intelligence via real-time visualization. You will get to see displays of website security overview including DDoS attack bandwidth information in real-time. Other insights include the types of mitigation traffic and attack information including intercepted IP address, country, attack type and count. These will help you come up with the right strategies to combat the attacks.

Globally Distributed PoPs and Intelligence

The Flood Shield platform is able to leverage the 1,500 PoPs in our content delivery network across 70 countries to scale up resources to defend against volumetric attacks up to 15Tbps.

The globally distributed PoPs allow for intelligent scheduling and site-wide synchronization, giving you an always-on cloud-based DDoS protection solution that minimizes downtime and economic loss.

The platform’s big data and machine learning capabilities also helps detect network attack trends in real time and automatically activates defense in advance. It also intelligently analyzes and identifies attacks, to model the normal behaviors of legitimate traffic including IP addresses, HTTP headers, cookies and Javascript snippets.

リアルタイムの正規トラフィック帯域幅

防御トラフィックの種類

グローバルネットワーク

業界にかかわらず、お客様のグローバル・オーディエンスに効率的なWebパフォーマンスを確実にお届けするために最適なITソリューションをご提案します。
 
0

グローバルPoP数

0

帯域幅

0

グローバルオフィス

世界中の多くのお客様に支持されています

CDNetworksは業界をリードするグローバルなコンテンツ・デリバリ・ネットワーク(CDN)事業者です。
私たちは主要産業のお客様に革新的でカスタムメイドなソリューションを提供いたします。