RADinsight TI

Security Gaps in Scrubbing Centers

1. The detection modules used in scrubbing centers are tuned to high thresholds for volumetric attacks. The majority of DDOS attacks, however, are short and peak below 1Gbps. This means that most attacks will be either detected late or completely missed by the scrubbing center. Low-volume DDoS attacks don’t require extensive resources and can be carried out from a single machine, making them extremely easy to launch and very popular among DDoS-for-hire services. These attacks take down a company’s firewall in seconds, enabling a cybercriminal to infiltrate and map a company’s network, possibly installing malware and causing significant damage.

RADinsight TI closes this gap and serves as a first line of defense for low volume and short attacks.

2. Scrubbing centers are also blind to outbound attacks (e.g., malware and other malicious tools) coming from within the enterprise’s network.  The severity of this threat increases with the growing number of IoT devices and remote workers connected to the enterprise network via VPN.

RADinsight TI defends against outbound DDoS, as close as possible to the origin of attack.

3. Another blind spot of scrubbing centers is that their visibility is normally limited to internet (Layer 3) traffic only. As a result, they can’t protect SP networks from DDoS attacks coming from partnering networks at the L2 interconnect. Among others, this affects the SP’s ability to protect their customers’ enterprise branches connected off-net.

RADinsight TI s solves this lack of visibility by monitoring traffic at the L2 carrier interconnect (E-NNI).

RADinsight TI operates on top of existing NIDs or enterprise routers, as a software-based alternative to SP-owned inline appliances. It serves as a complementary solution to scrubbing centers, protecting the enterprise and service provider networks from resource starvation and reputational damage due to DDoS attacks.

DDoS Protection at Peering Routers

Network traffic and the volume of DDoS attacks are consistently growing at exponential rates, making it difficult for scrubbing capacity to follow this pace of growth. As networks became more distributed and include more peering points, the resulting traffic is now being backhauled towards existing centralized scrubbing centers at the expense of available bandwidth.

RADinsight TI can also be embedded in peering routers to protect against volumetric attacks, using the router’s own hardware to avoid traffic rerouting. RADinsight TI, with its patented AI-based detection, is much faster and more effective against botnet attacks than scrubbing centers’ traditional based-line/thresholds mechanisms.  RADinsight TI can therefore significantly reduce scrubbing center TCO (hardware, license costs, racks, cooling, etc.) through:

• Partial detection module offload at peering routers
• Partial mitigation embedded in peering routers.
• Full alternative to scrubbing centers

Threat Intelligence: How It Works

RADinsight TI works by constantly collecting data from the carrier or customer edges, and monitoring all traffic to identify attacks. Once an attack is detected, closed-loop enforcement is applied via an ACL installed on the edge device.

Highlights

• Dashboards provide real-time status of protected elements.
• Configurable security policies to block malicious traffic.
• Optional interworking with a third-party security orchestration engine.
• Full cloud-native solution - based on microservices and Kubernetes.

RADinsight Threat Intelligence 

AI-driven threat intelligence with network embedded security

Watch

Download Solution Brief