From: InfoSecurity.com
Simwood has launched a defence technology that it claims can be used defend against distributed denial of service (DDoS) attacks.
Integrated as a hardware-based system with a server-side service running on its own servers, Simwood says that its offering is modular, offering users a layered approach to DDoS defences.
The offering, says the firm, is hardware-based, always-on and blocks traffic from questionable sources, as well as providing rapid and continuous monitoring for anomalies, and actively blocking intrusions.
Simwood’s offering is billed as integrating four key aspects of security within a multi-layered model and backing this up with a vast provision of capacity and DDoS mitigation for extreme attack scenarios. In essence, says the firm, dirty IP traffic comes in one side, passes through progressive layers and leaves only clean traffic to pass into the customer network. Some layers, adds the firm, are also offered as a partial DDoS solution for those seeking to augment existing security models.
Layer A centres on the fact that an estimated 60% of attack traffic originates from falsified or otherwise invalid IP addresses, usually those which are reserved for internal use or are not allocated to an ISP. Simwood edge routers then maintain a continuous track of these and deny any traffic to or from them.
Layer B involves traffic from suspicious sources being blocked through the use of the firm’s ThreatSTOP block list database, which provides a note of infected hosts involved in botnets, botnet command and control hosts, spam sources and malicious ISPs, which is updated every two hours.
Layer C centres on rapid and continuous monitoring for anomalies within traffic at ISO layer 3, 4 and 7, with checks being conducted on all traffic, rather than only sample traffic, as many other monitoring solutions do, claims the company. This layer, Simwood adds, seeks to identify and take the volume out of an attack, blocking traffic which deviates from continually updated acceptable behaviour patterns whilst avoiding false positives.
Layer D, meanwhile, supports a final check and ‘polishing’ of IP traffic through eight sub-layers. This layer is billed as combining packet and protocol consistency checking, rate-based protection at the lowest level, traffic rate limits and highly configurable firewalling that can specify acceptable traffic types for a particular customer.
Simon Woodhead, Simwood’s managing director, said that the impetus for developing this solution was that his firm was unable to find an adequate solution at a workable price-point for itself.
“We certainly couldn’t find one that could be made to work economically for our customers, and were deeply concerned at the growing risks. We identified a number of best of breed partners and equipment to weave a solution that offers protection with multiple selling points at a price point that is workable for customers of all sizes,” he said.
According to Woodhead, the only DDoS defence solutions that were previously available to corporates and ISPs were either inadequate or overly expensive.
Individual solutions such as buying outsourced ‘scrubbing’ capacities are often designed and priced for large enterprises, making them cost prohibitive for SME sized service providers.
Hosted proxy server solutions, meanwhile, which field and then ‘scrub’ traffic can, he notes, only be effective in the case of direct website host name attacks, and do not protect against associated non-web services.
Simwood also reports that firewalls and other security hardware elements have provided only partial defences, alongside anti-virus and malware software solutions, to some types of malicious attack.
The firm’s systems are based at London Telehouse East, with addition systems in Manchester plus Edinburgh, Infosecurity notes.
Leave a Reply