Radware has introduced a new Cloud Web DDoS Protection solution to minimize the growing gap between standard DDoS mitigation and an emerging generation of more aggressive, layer 7 (L7), HTTPS Flood attacks—also known as Web DDoS Tsunami attacks.
Radware’s solution combats encrypted, high-volume, multi-vector threats that evade standard web application firewalls (WAF) and network-based DDoS tools, essentially rendering them ineffective.
“The dramatic rise in Web DDoS Tsunami attacks poses an immediate cyber threat. Organizations worldwide regardless of industry have fallen victim to these attacks, leaving them confounded as to why their existing defense solutions are faltering,” said Gabi Malka, Radware’s chief operating officer.
“Just because organizations have standard WAFs or network-based DDoS mitigation in place, they should not take for granted that they are adequately protected,” Malka added.
The sharp increase in Web DDoS Tsunamis has raised the bar for effective L7 DDoS detection and mitigation. As part of their latest campaigns, hackers are combining network and application layer attacks and using new tools to create these giant request-per-second (RPS) Web DDoS attacks.
To elude detection, these L7 DDoS attacks appear as legitimate traffic and leverage multiple evasion techniques, such as randomizing HTTP headers, cookies, spoofing IPs, and more.
“Standard solutions that take a rate-limiting approach are not built to handle this emerging generation of Web DDoS Tsunami attacks,” continued Malka. “To defend against these attacks, organizations need layer 7, behavioral-based security solutions that can adapt in real time, scale by a magnitude higher than any on-prem solution, and surgically block the attacks without blocking legitimate traffic.”
Standard WAF and network-based DDoS protection solutions are ineffective in detecting and mitigating Web DDoS Tsunamis without impacting legitimate traffic. Detecting these attacks requires decryption and deep inspection into the L7 traffic headers, which network-based DDoS protection solutions are not able to do.
At the same time, on-premise or cloud-based WAF solutions that rely on signature-based protections are ill-equipped to deal with the randomized nature, scale, and sophistication of these attacks.
Anticipating the shift in the threat landscape, Radware developed its new Cloud Web DDoS Protection. Backed by research and development, the solution combines behavioral-based, automated algorithms with the high-scale infrastructure needed to accurately defend organizations against high RPS, Web DDoS Tsunami attacks.
In addition, Radware’s Cloud Web DDoS Protection:
- Minimizes false positives — Dedicated behavioral-based algorithms detect and block L7 DDoS attacks without interrupting legitimate traffic.
- Offers wide attack coverage against the most advanced threats and zero-day attacks — The solution protects organizations from a wide range of L7 DDoS threats, including smaller-scale, sophisticated attacks; new L7 attack tools and vectors; and large-scale, sophisticated Web DDoS Tsunami attacks.
- Immediate and adaptive protection — Leveraging proprietary behavioral analysis and real-time signature generation, Radware detects HTTPS floods and continuously adapts the mitigation in real-time to prevent downtime.
- Provides peace-of-mind — The automated and fully managed solution is designed to help organizations block these sophisticated attack campaigns consistently across all their applications and environments.