Network security vendor Fortinet today introduced a series of dedicated appliances designed to help organizations defend against DDoS attacks.
Designed for enterprises, hosting providers, and cloud service providers, the new FortiDDoS family of appliances takes advantage of custom ASICs (custom chips designed for a particular use) that the company says are capable of mitigating DDoS attacks while maintaining latency less than 26 microseconds.
The new models include the FortiDDoS-100A, FortiDDoS-200A and FortiDDoS-300A, all designed to help to prevent critical systems, servers and applications from being knocked offline.
The technology powering the new line of appliances comes from Fortinet’s under-the-radar acquisition of Silicon Valley-based IntruGuard Devices, Inc., which the company said occurred during Q1 of this year for an undisclosed sum.
Built in features include real-time network traffic visibility and automatic protection against targeted DDoS attacks, support for network virtualization and automatic and continuous traffic baselining, and provides real-time and historic attack traffic analysis with detailed information on top attacks, top attack sources and top attackers.
Network virtualization helps prevent attacks on one segment of the network from affecting other segments, thereby preserving availability in virtualized environments of datacenters and cloud-based service providers. The automatic traffic baseline model building helps the appliances build a network behavior model initially and adaptively update it continuously.
Each of the new models feature eight virtualized network partitions with independent protection policies for virtualized environments, automatic traffic profiling and rate limiting context-aware policy enforcement.
• The FortiDDoS-100A features 1 Gbps full-duplex anti-DDoS throughput, four 1GbpsRJ-45 copper and SFP ports for LAN and WAN connectivity and one terabyte of storage. This model can be used to protect 2 Internet links.
• The FortiDDoS-200A features 2Gbps full-duplex anti-DDoS throughput, eight 1Gbps RJ-45 copper and SFP ports for LAN and WAN connectivity, a redundant power supply and two terabytes of RAID storage. This model can be used to protect up to 4 Internet links.
• The FortiDDoS-300A features 3Gbps full-duplex anti-DDoS throughput, twelve 1Gbps RJ-45 Copper and SFP ports for LAN and WAN connectivity, a redundant power supply and two terabytes of RAID storage. This model can be used to protect up to 6 Internet links.
All models are scheduled for release in June 2012.
While these models will help fend off a casual or moderate attack, they will struggle to defend against massive scale, complex DDoS attacks. As SecurityWeek columnist Wade Williamson notes in a recent column, “When it comes to DDoS it’s always important to remember that there will likely never be a single silver bullet. Stopping DDoS attacks requires a blend of strong local security controls as well as efforts to mitigate the attack upstream.”
