A10 Networks extends its Thunder TPS line of DDoS mitigation appliances

DDoS (Distributed Denial of Service) attacks have been around for many years, but remain one of the most-used weapons in the hackers’ armoury. Indeed, thanks to the proliferation of devices that can be recruited into a botnet (poorly secured IoT devices in particular), the frequency and scale of DDoS attacks is increasing: September saw high-profile, high-bandwidth assaults on cybersecurity journalist Brian Krebs (620 gigabits per second, or Gbps, of traffic) and web hosting vendor OVH (peaks of around 1Tbps), while the Rio Olympics suffered a 540Gbps attack in August.

Average peak bandwidths for DDoS attacks are currently around 30-40Gbps, according to a recent A10 Networks/IDG Connect report, which also found that organisations were attacked, on average, 15 times in the past 12 months.

The cost of such attacks can be difficult to quantify, but studies have reported average figures of 17 hours of effective downtime per attack at an hourly cost of $40,000, which would give a total of $680,000 for the average DDoS attack. This is in broad agreement with a recent Ponemon Institute study, which estimated the average cost (of a DDoS attack that results in total data centre outage) at $610,300.

Businesses of all sizes therefore need to be able to detect and mitigate DDoS attacks (particularly ‘multi-vector’ ones that simultaneously attack the bandwidth, application and network layers), which is why A10 Networks has extended the reach of its Thunder TPS (Threat Protection System) family of on-premises appliances to include new offerings at both the high end (Thunder 14045 TPS) and entry level (Thunder 840 TPS and vThunder TPS).

The top-end Thunder 14045 TPS is designed for high-performance networks (such as those operated by service providers, large websites and online gaming networks) and can handle throughput of 300Gbps, and a forwarding rate of 440Mpps (mega-packets per second). It’s a 3U hardware appliance with dedicated FPGA-based processors to detect and mitigate common network-layer attacks (such as SYN floods) in hardware, and four 18-core Xeon processors to handle deep packet inspection at the application layer. The 14045 has four 100GbE network adapters and 2+2 redundant 80 Plus Platinum-rated power supply units.

Although the Thunder 14045 TPS is understandably expensive (it costs £1,039,995), Paul Nicholson, director of product marketing at A10 Networks, says it’s cost-effective compared to some competing products that require many more units of data centre rack space and many times the outlay to get an equivalent 440Mpps forwarding rate.

There are two new entry-level offerings aimed at medium-sized enterprises, remote sites, MSSPs (Managed Security Service Providers) and service-provider CPE (Customer Premise Equipment): the 1U Thunder 840 TPS, which costs from £19,945, can handle 2Gbps of throughput and includes a hardware bypass option (to keep network traffic flowing in the event of appliance failure); and the vThunder, a 1, 2 and 5Gbps virtual appliance that’s available on VMware ESXi and Microsoft Hyper-V hypervisors. The latter, says Paul Nicholson, is already being used by service providers in their NFV (Network Function Virtualisation) strategies, to give customers dedicated appliances that only handle their own traffic. Organisations can also deploy the vThunder on existing infrastructure, although there’s clearly a performance hit compared to using a dedicated hardware appliance.

A10 Networks is also enhancing its support offering, with 24x7x365 support now including access to a dedicated 15-strong DDoS Security Incident Response Team (DSIRT) who can provide expert assistance in mitigating attacks as they are happening. Customers with a support contract can also use A10’s Threat Intelligence Service, which leverages black/whitelisting from ThreatStop, and allows them to block different types of traffic.

Finally, for those occasions where an on-premise Thunder TPS appliance is overwhelmed by a high-volume DDoS attack, organisations can deploy a ‘cloud-bursting’ solution, offloading attack mitigation to a global terabit-scale cloud courtesy of a partnership with Verisign.

Read more