There is almost an unlimited array of tools that Hacktivists and Cyberterrorists can use to prevent access to your network. Sophisticated DDoS attacks create not only Layer 4 volumetric assaults, but also target Layer 7 and DNS services where much smaller attack sizes can hide the attacks from cloud-based mitigation methods.
To combat these attacks, you need a solution that is equally dynamic and broad-based. Fortinet s FortiDDoS Attack Mitigation appliances use behavior-based attack detection methods and 100% hardwarebased detection and mitigation using security processing units (SPUs) to deliver the most advanced and fastest DDoS attack mitigation on the market today.
Only Fortinet uses a 100% SPU approach to its DDoS products without the performance compromises of a CPU or CPU/ASIC hybrid system. The SPU-TP2 transaction processors inspect 100% of both inbound and outbound Layer 3, 4 and 7 traffic, resulting in the fastest detection and mitigation, and the lowest latency in the industry.
FortiDDoS uses a 100% heuristic/behavior-based method to identify threats, compared to competitors that rely primarily on signaturebased matching. Instead of requiring predefined signatures to identify attack patterns, FortiDDoS uses its massively-parallel computing architecture to build an adaptive baseline of normal activity from hundreds-of-thousands of parameters and then monitors traffic against that baseline. Should an attack begin, FortiDDoS sees this as abnormal and immediately takes action to mitigate it.
FortiDDoS protects you from known attacks and from zero-day attacks because it doesn t need to wait for updated signature files. FortiDDoS handles attack mitigation differently than other solutions. In other DDoS attack mitigation appliances, once an attack starts, it s 100% blocked or traffic is rate-limited to the destination IP which has the negative affect of also rate-limiting good traffic. If an event is a false positive" then all traffic is affected, requiring intervention. FortiDDoS uses a more surgical approach, by monitoring normal traffic and then using Source Tracking to detect up to 6 million Source IP addresses that are causing the problem.
FortiDDoS blocks the offending Source IP addresses, then reevaluates the attack at user-defined intervals. If the offending Source IP addresses continue to be a threat for each of these reevaluation periods, the blocking period is extended until the attack subsides. Destination IPs are seldom rate-limited and valid Source IPs are always allowed.
FortiDDoS protects against every DDoS attack including Bulk Volumetric, Layer 7 Application, DNS, and SSL/HTTPS attacks. From the oldest trick in the book to the latest in advanced application layer attacks, FortiDDoS has you covered.
|Product Name||Fortinet FortiDDoS-1200B - Appliance Only|
|Service Length||No Services Included|
|Data Sheet||View Sheet|
Please fill out the form below and our sales team will get you the information you need.