웹 사이트와 네트워크 인프라를 보호하는 분산형 클라우드 기반 DDoS 방어
클라우드 기반 DDoS 방어는 DDoS 공격으로부터 비즈니스를 보호합니다
씨디네트웍스 Flood Shield는 모든 유형과 모든 계층의 DDoS 공격 (SYN Flood, ACK Flood, UDP Flood, HTTP Flood 등)을 실시간으로 탐지 및 방어하는 동시에 사용자에게 가속 서비스를 제공하여 사용자 경험을 최적화합니다. 이 솔루션은 온라인 서비스 및 인프라의 안정성과 신뢰성을 보장하는 쉴드 역할을 합니다. Flood Shield는 모니터링 및 알림 툴, 공격 가시화 및 조사 도구 등 다양한 요소로 구성됩니다.
상시 작동하는 씨디네트웍스의 인라인 클라우드 기반 DDoS 방어 기능은 씨디네트웍스의 방대한 15Tbps+ CDN 인프라에 구축되어 있으며 웹 사이트를 항상 보호할 수 있도록 지원합니다. 자동 트래픽 프로파일링 및 탐지 기능을 사용하면 공격을 신속하게 식별하여 네트워크 에지에서 차단할 수 있습니다.
How Can DDoS Attacks be Harmful
DDoS attacks can cause massive harm to a network, application or resource by flooding it with a large volume of traffic. They are usually delivered by malicious actors via a botnet or a group of devices controlled together and infected with malware. With the proliferation of IoT devices, the threat landscape has widened and it has only become easier for attackers to launch DDoS attacks.
As the resources get used up to meet the incoming traffic requests, they get exhausted and lead to a server failure. For businesses that thrive on providing uninterrupted services to their users, these types of cyber attacks can result in a number of negative consequences.
They can affect revenue by interrupting customer-facing applications
When DDoS attacks tie up platform services, they make it impossible to ensure business continuity. This could result in unsatisfied users, customer churn or in more serious cases even render key transactions unavailable.
They can add to business costs for website recovery
In addition to the revenue lost due to customer churn, DDoS attacks can also create additional expenses for business in the form of website and data center recovery costs.
They can bring down mission-critical applications in your organization
It’s not just customer-facing applications that DDoS attacks can bring down. Even business applications that help you with daily operations can be affected. Email automation, CRM tools, payroll processing software and other internal applications key to running your business can be affected by DDoS attacks.
They can invite more attacks while your DDoS defenses are down
DDoS campaigns don’t end when they manage to compromise some servers or services in your organization. The flood of network traffic will continue to overwhelm your other systems until more robust DDoS defenses are put in place. This is a period where your network security infrastructure can be taken advantage of by hackers to target other, more sinister types of attacks.
They can affect brand image or reputation
Sometimes the negative impact of DDoS attacks on your business aren’t monetary. When key public-facing applications are down and websites or apps are slow to load, it can leave a bad impression of your brand among customers. In fact, 57% of companies surveyed by NETSCOUT’s WorldWide Infrastructure Security Report think that DDoS attacks affected them most with damage to their brand more than operating expenses.
Flood Shield 기능
공격 알림 및 모니터링
- 포괄적인 모니터링 및 알림 서비스
- Security warning to rapidly notify about any website abnormalities
- 네트워크 계층, 애플리케이션 계층 DDoS 방어, SYN flood, ACK flood, ICMP flood, UDP flood, HTTP flood, 반사 DDoS 공격
- Four scrubbing centers located worldwide to mitigate these types of attacks
- HTTP/HTTPS 트래픽을 위한 DNS CNAME 구성
- 전체 네트워크와 여러 프로토콜을 보호하는 BGP 공지
- Accelerate your sites and apps with a CDN
- Supports multiple protocols, including HTTP/S, TCP/UDP
- One-click deployment and real-time activation with no specific technical support required
- IP/URL 블랙리스트 및 화이트리스트, IP 주소, URL, 도메인 이름별 액세스 제어
- Customizable strategy based on IP parameters and access frequency control
대용량 PoP(PoP당 600Gbps) 및 2Tbps 이상의 네트워크
- DDoS 공격 및 보호 정보에 대한 실시간 보기
- Full layer 7 DDoS, and 3 & 4 DDoS dashboard and log
- Includes website security status, types of mitigation traffic and detailed information of attack events
DDoS Mitigation Highlights
CDNetworks Flood Shield provides a robust DDoS protection service to help defend your business against these cyber attacks. Some of the highlights of our solution include:
Monitoring and Warning of Abnormalities
With its multi-dimensional and all-level monitoring and warning capabilities, Flood Shield helps you detect, prepare for and deploy defense strategies against DDoS attacks. The security PoPs dynamically learn from historical access and behavior patterns and notifies you via email/SMS when any abnormalities are detected.
The platform’s big data analytics capabilities also helps analyze the cloud attack data and patterns in IP, User-Agent and Referrer. It performs security event correlation analysis by comparing similar approaches on other websites and industry data to deploy coordinated and synchronized defense strategies.
Intelligent Firewall and Detection for L4 and L7 DDoS Defence
CDNetworks equips you with the defense strategies for Layer 4 DDoS and Layer 7 DDoS attacks.
Layer 4 DDoS attacks are those such as TCP SYN flood, ACK flood, ICMP flood, UDP flood, NTP amplification and reflection attacks or Layer 7 attacks such as HTTP flood and Low & Slow attacks. For these, Flood Shield uses intelligent firewall and real-time detection to filter abnormal packets and non-compliant packets. It evaluates certain criteria to verify, block or drop packets and validate TCP connections without affecting normal access. This goes beyond what a web application firewall or WAF is capable of, which cannot stop some types of DDoS attacks such as TCP-state exhaustion attacks.
Layer 7 DDoS and application layer attacks are more sophisticated and usually target particular expensive parts of applications. For example, HTTP flood requests to a login page, or a search API, or WordPress pingback attacks fall under this category. For these, Flood Shield uses a cyber threats library, access control tools, log self-learning, and automated browser challenges, to analyze, detect and black malicious request packets in real time.
Real-time Visualization of Defense
Flood Shield also gives you defense intelligence via real-time visualization. You will get to see displays of website security overview including DDoS attack bandwidth information in real-time. Other insights include the types of mitigation traffic and attack information including intercepted IP address, country, attack type and count. These will help you come up with the right strategies to combat the attacks.
Globally Distributed PoPs and Intelligence
The Flood Shield platform is able to leverage the 1,500 PoPs in our content delivery network across 70 countries to scale up resources to defend against volumetric attacks up to 15Tbps.
The globally distributed PoPs allow for intelligent scheduling and site-wide synchronization, giving you an always-on cloud-based DDoS protection solution that minimizes downtime and economic loss.
실시간 정상 트래픽 대역폭
방어 트래픽의 유형