Security Experts:

Connect with us

Hi, what are you looking for?


Network Security

A10 Networks Adds DDoS Protection to Product Line, Launches SPE Appliance

A10 Networks Thunder SPE Appliance Photo

A10 Networks Thunder SPE Appliance Photo

Application networking solutions provider A10 Networks has added distributed denial-of-service (DDoS) protection to its Thunder CGN (Carrier Grade Networking) products, and has introduced a new product family that leverages the company’s Security and Policy Engine (SPE).

Thunder CGN solutions are built upon the company’s Advanced Core Operating System (ACOS) platform and provide high-performance address and protocol translation that enables organizations to extend their IPv4 network connectivity, and provides them with IPv6 migration capabilities. According to A10 Networks, the new DDoS protections are designed to help carriers and service providers secure their IPv4 and IPv6 address pools, and guard networks against both internal and external attacks.

The DDoS protection includes features like connection rate limiting, which limits per user connection rate and the total number of sessions to mitigate malware and botnet attacks; selective dynamic filtering, which prevents spoofing, reflection and flood attacks (DNS, NTP, SYN); IP anomaly filtering, which automatically checks inbound traffic for over 30 IP packet anomalies; and adaptive traffic distribution to prevent congestion.

There are three main use cases for the new DDoS protections, the company told SecurityWeek. First, the appliances incorporate features designed to protect the device itself against external attacks. Next, the protection mechanisms are highly efficient in protecting internal hosts and services against outside cyberattacks, A10 said.

Finally, the appliances can also provide protection against internal attacks. These cases occur when an internal host is compromised and used to attack external hosts, and to bring down all users behind a Network Address Translation (NAT) pool.

Kishore Inampudi, director of product marketing for A10 Networks, told SecurityWeek that Thunder CGN products include logging mechanisms that can help IT teams track down the compromised host.

“DDoS has rapidly become a significant and escalating threat to all customers, and is particularly worrisome for large service providers, enterprise and web giants whose business is entirely or largely predicated on network and application availability,” said Jason Matlof, A10 Networks vice president of marketing. “By adding DDoS mitigation functionality at the critical network perimeter NAT gateway, A10 gives customers another important layer of security and uptime protection.”

The Thunder SPE product family launched by A10 Networks enables enterprises to implement security and policy enforcement functions at high speed. The robust security and processing hardware incorporated into these solutions is designed to ensure full system functionality even during volumetric attacks, the company said.

According to A10 Networks, Thunder SPE appliances are capable of performing security and any other policy-based networking actions in hardware. Furthermore, policies are enforced at high speeds even in dynamic cloud environments where changes occur frequently.

Top of the line products like Thunder 6435(S) SPE come with Dual Xeon processors with 24 cores and they deliver up to 40% boost in processing performance. The appliance can handle 155 Gbps throughput, 100 million packets per second, 7.5 million setups per second, and 256 million concurrent sessions, data sheets provided by the company show.   

“Threat detection and mitigation is rapidly becoming a performance game, where the sophistication and volume of attacks are specifically designed to overwhelm lesser performing network devices, thus rendering a provider’s network infrastructure and applications vulnerable to downtime and further threats,” Matlof explained. “With leading high-performance hardware systems, A10 is able to offer protection against aggressive attacks to customers in the most challenging threat environments.”


In January 2014, the company launched a line of standalone, high performance DDoS protection appliances targeted to service providers and large enterprises, putting the company in direct competition with other vendors such as Arbor Networks, Radware, Corero Network Security and NSFOCUS, among others.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Cybersecurity Funding

Forward Networks, a company that provides network security and reliability solutions, has raised $50 million from several investors.

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Cisco patched a high-severity SQL injection vulnerability in Unified Communications Manager (CM) and Unified Communications Manager Session Management Edition (CM SME).

Network Security

Our networks have become atomized which, for starters, means they’re highly dispersed. Not just in terms of the infrastructure – legacy, on-premises, hybrid, multi-cloud,...