Joining Forces to Advance Protection Against the Growing Diversity of DDoS Attacks

Sean Leach | Mar 17, 2014

You may have seen the news this morning that we have joined forces with Juniper Networks to provide a comprehensive, always on, DDoS solution.  At Verisign, we focus on protecting companies from increasingly complex cyber threats, and this relationship should only raise the bar higher, as it will provide a different, more integrated approach than what’s used today, to help ensure faster and more efficient detection and mitigation.  

Given the alarming rise of sophisticated DDoS attacks, today’s solutions must be able to detect and mitigate zero-day threats and large-scale attacks that exceed the capacity of the victim’s network to help businesses of all types and sizes stay secure, stable and available. By combining the strength of network and application-layer protection provided by Juniper’s DDoS Secure appliances and Verisign’s cloud-based DDoS Protection, we can help customers improve time to mitigation. This will be achieved by quickly handling low-volume attacks with on-premise hardware, while still offering the added security of back-up in the cloud for large-scale and extremely complex attacks, as well as the extra bandwidth needed for mitigation as those attacks ramp up. We chose Juniper as their solution offers unique capabilities when it comes to premise-based detection and mitigation.  Other premise-based DDoS detection and mitigation solutions on the market put a strain on the customer security team to customize and adapt the rule sets on the fly during an attack, which can be time-intensive and requires significant skills and resources.  This solution uses Juniper advanced technology to automatically detect and mitigate DDoS attacks, working in conjunction with our globally connected, fully redundant cloud-based platform to provide a real-time adaptive solution.  This solution offers customers peace of mind that they can handle all types of attacks faster and more efficiently.

Specifically, the solution responds in real-time to application response and adapts to support automated detection through risk scoring and cloud-based mitigation based on customizable parameters. It is the first solution that delivers both non-signature based risk scoring and real-time, zero-day signature integration providing customers the full spectrum of DDoS defenses across Layers 3-7. The solution monitors the health of protected services and applications, and incorporates predictive and real-time risk intelligence across the service.

The way this solution works is very simple and effective for the customer. When an attack is determined to exceed the network capacity at the data center edge, mitigation moves to Verisign’s globally connected, fully redundant cloud-based platform to provide comprehensive protection against network and application layer attacks. Additionally, Verisign iDefense Security Intelligence analysts actively monitor indicators of attacks, in order to assist Verisign’s DDoS protection engineers in creating new signatures for new attacks, while Juniper DDoS Secure heuristics engine inspects both inbound and outbound traffic to calculate local risk. This is absolutely critical to help defend against zero-day threats. Overall, by bringing together dedicated, on-premise DDoS mitigation devices and cloud-based solutions, we are one step closer to realizing the vision of more comprehensive, always on, automated DDoS protection in increasingly heterogeneous environments that span public, private and hybrid clouds.

There hasn’t been a more crucial time for organizations to improve their security defenses than today, and this approach offers a breadth and depth of defense – from premises to the cloud – that more effectively provides the security protection customers need.