DDoS Solutions: Features
Protocol Attack Protection
- Invalid packets
- Anomalous TCP flag combinations
- Packet size validation (ping of death)
- POODLE attack
Application Attack Protection
- Application Layer (L7) Scripting
- Regular expression filter (TCP/UDP/HTTP)
- HTTP and DNS request rate limit
- DNS query check
- HTTP anomalies
Flood Attack Protection
- SYN cookies & SYN authentication
- ACK authentication
- Spoof detection
- SSL and DNS authentication
- HTTP challenge
- TCP/UDP/ICMP flood protection
- Application (DNS/HTTP) flood protection
- Amplification attack protection
Resource Attack Protection
- Fragmentation attack
- Slow GET/POST
- Long form submission
- SSL renegotiation
- Manual thresholds
- Black/white lists
- IP/port scanning detection
- Traffic indicator and top talkers
- Packet debugger tool
- HIGH PERFORMANCE PLATFORMS: Throughput capacity ranging from 10 to 155 Gbps ensures that the largest, multi-vector DDoS attacks can be dealt with effectively. SSL security processors are leveraged for detecting and mitigating SSL-based attacks. More complex application-layer attacks are processed by Intel Xeon CPUs, so high-performance system scaling is maintained even for multi-vector attacks.
- LARGE THREAT INTELLIGENCE CLASS LISTS: Eight individual lists, each containing up to 16 million list entries, can be defined.
- SIMULTANEOUS PROTECTED OBJECTS: To protect entire networks with many connected users and services, the Thunder TPS is able to simultaneously monitor 64,000 hosts or subnets.
- FULL CONTROL AND SMART AUTOMATION FOR AGILE PROTECTION: DDoS mitigation solution can easily be inserted into the existing network architecture, so that the network remains prepared for imminent DDoS threats.
- PROGRAMMATIC POLICY ENGINE: Thunder TPS is able to perform deep packet inspection (DPI) on incoming packets and take defined actions to protect the application.
- EASY NETWORK INTEGRATION: With multiple options and deployment models, Thunder TPS can be integrated into any network architecture, of any size. Open APIs enable tight integration with many other devices, including SDN controllers and security products.
- CENTRALIZED MANAGEMENT: For larger deployments, an optional centralized management system ensures routine tasks can be performed at scale, across multiple appliances, regardless of physical location.