Description
Protect against a wide range of DDoS attacks
BIG-IP DDoS Hybrid Defender delivers advanced cloud and on-premises distributed denial-of-service (DDoS) defenses to ensure real-time protection against volumetric DDoS threats and dynamic network and applications attacks. BIG-IP DDoS Hybrid Defender mitigates sophisticated layer 3 and layer 4 volumetric attacks and successfully addresses layer 7 attacks as needed.
- Multi-layered Defenses - Providers greater depth of defense against blended network attacks and sophisticated applications attacks.
- Comprehensive Protection - Enables full SSL decryption, anti-bot capabilities, and advanced detection methods, all in a single solution.
- Unparalleled Performance - Delivers the highest performance with line-rate capabilities and without impacting legitimate traffic.
API gateway mitigation
API Gateways need smart DDoS mitigation capabilities that don’t just stop at L3 and L4. For an API Gateway to not fall victim to a DoS attack, an extremely fast L7 Behavioral DoS solution is necessary to detect threats in near real-time, create sophisticated signatures that can be applied to custom firmware to enable hardware-based DDoS mitigation at line-rate, even in environments greater then 100Gbps.
- Behavioral DoS - In addition to standard security signatures, creates dynamic signatures automatically, enabling faster, more accurate threat identification.
- Line-Rate Mitigation - Sub-second attack detection with geo-tracking, intelligent signaling, and hardware assist, inline or in out-of-band mode.
- Advanced Mitigation Techniques - Configurable rate limiting and blocking, in addition to connection limiting source limiting, and more.
Protocol attack detection to mitigate zero-day DDoS vectors
DDoS attacks are rapidly evolving in severity, complexity, and sophistication, threatening businesses with losses in revenue, customer confidence, and industry credibility. How quickly your organization can discover and stop these threats is key to ensuring service continuity and limiting damage.
- DoS and DDoS Protection - Provides the best of both worlds: intelligent, stateful protection with the dependability, resiliency, and scale of a stateless solution.
- Protocol Anomaly Detection - Gather data to understand “normal” system and network behavior, establish a baseline that evolves to align with application changes.
- Automated Signaling - Threshold-based automated signaling for volumetric attack mitigation with manual or automated redirection to scrubbing solutions.
Comprehensive attack coverage
SSL Decryption is needed to inspect L7 attacks for effective attack mitigation. With most volumetric attacks being at layer 3 and 4, they can easily be detected and mitigated. But when it comes to L7 attacks over HTTPS, SSL/TLS decrypt is critical. SSL/TLS decryption can be enabled in seconds, providing necessary visibility to make decisions on how to mitigate an attack or attack campaign.
- SSL/TLS Decryption - Enhances SSL traffic visibility, independent of network placement when application layer attacks strike.
- Proactive Bot Defense - Proactive bot defense that discovers malicious bot activity in advance of attacks.
- Purpose-built - Designed to provide integrated L3-7 protection with DoS mitigation and SSL/TLS decryption.