Story image

A10 Networks adds zero-day automated protection (ZAP) to DDoS Defence

05 Jun 2019

A10 Networks has announced Zero-day Automated Protection (ZAP) capabilities to its Thunder Threat Protection System (TPS) family of Distributed Denial of Service (DDoS) defence solutions.

The ZAP capabilities automatically recognise the characteristics of DDoS attacks and apply mitigation filters without advanced configuration or manual intervention.

This speeds the response to the increasingly sophisticated multi-vector attacks to minimise downtime and errors and lower operating costs.

Today’s DDoS attacks are more prevalent, multi-vector in nature and morph over time. With millions of IoT devices predicted to be in use over the coming years, driven by the transition to 5G networks, traditional DDoS solutions will quickly become inadequate.

Current solutions are static, reactive and require significant operator intervention, resulting in slow response time to the rapidly evolving attack landscape.

It is clear that DDoS detection and mitigation is a growing concern for enterprises, cloud providers and service providers, alike.

In fact, in a recent A10 Networks survey of mobile operators, 63% saw advanced DDoS protection as the most important security capability needed for 5G networks.

And, in an IDG research report, respondents confirmed that the number-one most important capability in a DDoS solution was automated detection and mitigation.

“The economics of DDoS mitigation and attacks are very much slanted towards the attackers now, so we will need more efficient tools and advanced technologies to balance the equation to make DDoS defence more effective and economical,” says cybersecurity products research manager Chris Rodriguez.

“A10 Networks is advancing the economics of DDoS security by leveraging machine learning and advanced heuristics to create that balance.” 

DDoS protection powered by machine learning

A10 Networks’ ZAP is comprised of two components: dynamic attack pattern recognition by a machine learning algorithm and heuristic behaviour analysis recognition to dynamically identify anomalous behaviour and block attacking agents. 

ZAP works in conjunction with A10 Networks’ adaptive DDoS security model and its five-level adaptive policy mitigation engines to provide a complete in-depth defence system.

This approach blocks DDoS attacks while protecting legitimate users from indiscriminate collateral damage typically associated with traditional DDoS protection methods.

The ZAP policies can be enforced by a combination of hardware and software.

Thunder SPE (Security and Policy Engine) appliances can serve up to 100,000 ZAP

policies at line rate and the remaining ZAP policies can be served by software.

This provides superior mitigation performance over the traditional software-only solution, enabling superior response time and scalability.

“In today’s climate with the dramatic increase in polymorphic multi-vector attacks and the chronic shortage of qualified security professionals, enterprises and service providers need intelligently automated defences that can accomplish tasks autonomously,” says A10 Networks CEO Lee Chen.

“Manual interventions are not only resource-intensive but too slow and ineffective, resulting in a greater potential of network downtime and high cost to the organisation.”

A10 Networks provides the highest performance with 500 Gbps of protection in a single one-rack-unit (RU) appliance, leading automation capabilities with ZAP and five-level adaptive policy, and actionable DDoS weapons threat intelligence for a complete multi-modal defence in depth solution.

A10 Networks Thunder TPS with ZAP is available now.