2014 Information Security Readers' Choice Winners
The denial-of-service attacks that render systems useless by flooding websites and networks with traffic have continued to plague financial services and other online businesses. Distributed denial-of-service (DDoS) attacks and domain name system (DNS) attacks are on the rise, increasing in size and frequency.
The contenders in this year's Denial of Service category, which makes its debut in the Readers' Choice Awards, are designed to protect websites, applications and core infrastructure.
The two products at the top of the leaderboard for denial of service ranked high in their ability to mitigate application and protocol layer attacks. Both products offered a high return on investment, according to readers. We honor the first winners in this long overdue category.
Winner: Incapsula DDoS Protection, Incapsula Inc.
A subsidiary of Imperva, Incapsula offers a cloud-based security service that scrubs websites and applications for online threats and malicious code. Incapsula's DDoS Protection received high marks from readers for its vendor service and support, as well as its ability to mitigate Layer 3 network attacks, including SYN floods and other IP-related compromises. Readers also applauded Incapsula's ability to mitigate application and protocol layer attacks. The product handles application, infrastructure and DNS attacks against all types of services, including UDP/TCP, SMTP, FTP, SSH, VoIP and more. Incapsula protection can be set up to work 24/7 or on-demand.
The company added two services in May to bolster its DDoS Protection: DNS protocol protection and infrastructure protection. DNS protection defends servers that resolve domain names to IP addresses, which are targeted by attackers who intend to use these DNS servers to corrupt websites and cloud applications. Infrastructure protection defends networks from attacks on IP addresses or ranges and exploits on internal websites, email servers, FTP servers and other applications. Nicknamed "Behemoth," Incapsula's DNS and infrastructure protection services can process up to 170 Gbps of traffic and perform deep packet inspection and filtering of traffic, including GRC tunnels and BGP routing, according to the company.
In 2014, Incapsula reportedly mitigated a multi-vector DDoS attack that lasted over a month against a video game company, getting rid of more than 51,000 terabytes of malicious traffic. In October 2013, Incapsula protection was used to halt and clean up the malicious traffic from a nine-hour attack against a Chinese Bitcoin company.
Incapsula's DDoS product is touted by readers as a "very good idea" and able to "protect organization data effectively."
Winner: Thunder Threat Protection System, A10 Networks Inc.
A10 Networks' Thunder Threat Protection Systems (TPS) protects networks against DDoS, protocol, resource and other application attacks. Like Incapsula, Thunder TPS received high marks from readers for its ability to mitigate volumetric attacks, as well as Layer 3 attacks, including SYN and other IP-related incidents. The technology is built on A10's Advanced Core Operating System platform, and it uses symmetric, scalable multicore processing software to provide features like shared memory and network flow tracking. The Thunder TPS can be used either on-premises or through the cloud. It is currently available in 40 Gbps, 80 Gbps and 160 Gbps models. All of these models include SSL acceleration.
TPS devices use field-programmable gate arrays to block 30 attack vectors in hardware, according to the company. They are also powered by Intel Xeon CPUs, and can detect complex application-level attacks.
Earlier this year, A10 Networks announced the expansion of its Thunder TPS line with plans to offer a wider range of network protection for smaller service providers, midsize enterprises, in addition to more carrier grade services. That includes the pending release of a DDoS protection service within A10's Thunder CGN (Carrier Grade Networking) products that provides IPv4 address extension and IPv6 migration abilities, further enhancing A10's DDoS security program. This new DDoS protection defends websites, DNS servers and messaging services on network infrastructures.
Send comments on this article to firstname.lastname@example.org.
How to prevent a DoS attack
Don't get spoofed by DDoS attacks! Here's how.