Arbor cloud to offer third-layer of defence against DDoS attacks

Network security provider Arbor Networks is to launch today a cloud-service that will provide a global cleaning service of internet traffic for ISPs, telco providers and enterprise clients.

“The cloud service will act as an effective third layer of defence. The first layer would be the on-premise Arbor solution at the service provider or customer’s end, the second layer would be when an enterprise customer uses its telco provider and works with them to clean the traffic, and the third layer would be the global cleaning solution that our cloud will bring,” says Nick Race, ANZ country manager at Arbor Networks.

According to Race, the service will provide 280gigabits of cleaning capacity, spread across four cleaning centres across the world.

“Distributed denial of service (DDoS) can come from anywhere, and sometimes from multiple sources simultaneously. When an attack originates, it will be sunk into the nearest cleaning centre or Arbor datacentre for cleaning. This means that all the customers downstream from the attack will only get clean traffic,” says Race.

Race point out that since NZ and Australia are at the bottom end of internet delivery and there is only limited capability coming into the countries, this service can be ideally suited for companies here.

“Cleaning offshore keeps pipes coming into the country healthy and won’t stretch limited resources. Enterprises will be able to subscribe to the service directly and telcos can use it to handle excess capacity to complement their own services,” points out Race.

Arbor will be charging a monthly fee for the service on a minimum 12 months contract, and will be sold through partners as its other solutions. Race adds that customers looking to tap into the service will need to have already invested in the company’s Prevail range of enterprise products, or work with them in the telco/ISP space.

The company, which currently works with distributors Observatory Crest in NZ and WhiteGold in Australia, is on the lookout for resellers across the region with relevant expertise in the security space who are looking to add DDoS capabilities to their portfolio. Though the firm had tied up with IngramMicro last year, Race says that the partnership just did not work.

“We are in the security business. That is a bit of a niche industry and we need specialist knowledge in our partners. They need to be specialist rather than volume-based.

“We are also recruiting R&D engineers as part of our acquisition of Packetloop. The move was part of our strategy to become an advanced security provider. As part of the agreement we have retained Packetloop’s Sydney office and its R&D base in Australia. There were around five people when we finished the acquisition in September. We hope to get 12 R&D engineers before Christmas. I think six of them have already been hired. This is part of our work to integrate their technology into the Arbor portfolio,” says Race.

As part of the acquisition, Arbor has picked up ownership of Packetloop’s cloud-based security analytics engine. Now the company is working on bringing real-time processing capabilities to the engine, which has traditionally been used to do post-processing of full packet captures to identify advanced threats.

“We will also be working to put the integrated solution into appliances, such that data that is sensitive to an enterprise can stay on-premise instead of being in the cloud. This will also enable the customer to go hybrid with the solution with some data remaining on-premise and meta-data being moved into the cloud,” says Race.

According to Race, Packetloop’s technology also allows data to be re-played by enterprises in the light of new threats and signatures to understand whether they were attacked in the past.

Speaking about DDoS attack sizes, Race says, “Having ATLAS telemetry gives us visibility into attacks. The average attack size globally is 2GBits/sec. That was announced as part of our Q3 analysis recently. Interestingly the average attack size out of NZ is 2.4GBits/sec. The largest attack size we have seen in the country in 2013 is 11GBits/sec. So NZ is punching above its weight when it comes to attack sizes.

“However, most DDoS attacks originate overseas. Less than 1 per cent of attacks globally originate from within the country. With the advent of UFB and ubiquitous broadband through the country, that might change. We have seen examples of Korea. That is the most hyper connected country in the world and quite isolationist. In that country, majority of DDoS traffic is domestically originated. So potentially attacks could increase from NZ in the future,” says Race.

As part of the work around Packetloop, Arbor will look for new partners, as well as encourage skills training of existing partners to handle the new products. Race assures that specialisations for Packetloop products will be enabled within the Arbor Advantage partner programme in keeping with the development of the product itself.