The new FortiDDoS-100A, FortiDDoS-200A and FortiDDoS-300A are dedicated appliances that are designed to detect and help protect against today’s most damaging and sophisticated DDoS (distributed denial of service) attacks.
The appliances feature custom ASICs that are capable of mitigating DDoS attacks while maintaining latency of less than 26 microseconds, preventing loss of availability to critical systems, servers and applications.
Fortinet said the FortiDDoS appliances, which provide granual real-time network traffic visibility and automatic protection against targeted DDoS attacks, will be the only solution on the market that supports network virtualisation and automatic and continuous traffic baselining.
Network virtualisation helps prevent attacks on one segment of the network from affecting other segments, thereby preserving availability in virtualised environments of data centres and cloud-based service providers.
The automatic traffic baseline model building is also unique by enabling the FortiDDoS products to build a network behavior model initially and adaptively update it continuously with practically no end-user intervention, resulting in significantly reduced administrative overhead, Fortinet added.
“DDoS attacks aren’t just an annoyance and minor inconvenience, they are a serious problem that could cause significant liability to businesses today,” said Michael Xie, chief technology officer and VP of engineering at Fortinet.
“The damage from a DDoS attack can include loss of revenue, loss of customer confidence, loss of brand equity and potentially huge legal liabilities. A FortiDDoS appliance installed in front of a network infrastructure can act as a shield against DDoS attacks,” he added.
Hacktivism via botnets and network testing applications has increased significantly in the last year, which has led to an increase in volumetric and application layer attacks.
These attacks bring down sites by filling up internet pipes and overloading application servers. As businesses consume more software-as-a-service (SaaS) offerings and other public cloud-based services, DDoS attacks have become a serious concern for CIOs and CSOs whether they are moving to the cloud or keeping their systems and data on-premise.
The most common motivations for DDoS attacks today are either financial or political. Financially motivated attackers seek to extort funds from sites by launching an initial attack and demanding payment to avoid future attacks.
Politically motivated attackers launch an attack in response to an organisation’s policies by disrupting the victim’s business operations. Regardless of the motive, any downtime affects not only a victim organisation’s customers, partners and employees, but can damage its brand and credibility as well.
“Fortinet appliances’ support of virtual instances is a valuable feature. This feature is not only beneficial in supporting multiple layers of defense but also is a cost containment and administration-friendly feature for organisations that have multiple web properties to protect, and need unique policies for each” said Michael Suby, Stratecast vice president of research at Frost and Sullivan.
“Virtual instances can also be effectively used in defense escalation. Rather than have a single set of policies, multiple policy sets can be defined in advance, such that the organisation can apply a more stringent set of policies if the preceding policies were inadequate.”
All FortiDDoS appliances feature eight virtualised network partitions with independent protection policies for virtualised environments, automatic traffic profiling and rate limiting context-aware policy enforcement for maximum effectiveness.
They also provide real-time and historic attacking traffic analysis that delivers unmatched granular visibility on top attacks, top sources and top attackers. The FortiDDoS family will also utilise an innovative design that eliminates a common performance bottleneck by ensuring there is no CPU or operating system in the path of the packets.
Fortinet acquired technology powering these products through its asset purchase from Silicon Valley-based IntruGuard Devices, Inc., which occurred during the first quarter of 2012.
The FortiDDoS-100A, FortiDDoS-200A and FortiDDoS-300A are scheduled for release in June 2012.