Check Point® Software Technologies Ltd, the worldwide leader in securing the Internet, today introduced a new line of security appliances designed to fight Distributed Denial of Service (DDoS) attacks. The new DDoS Protector™ appliances deliver multi-layered protection and up to 12 Gbps of throughput to help businesses stop and defend against the widest range of Distributed Denial of Service (DDoS) attacks.
DDoS attacks are attempts to disrupt or disable network services by overloading the network with traffic. Cybercriminals can flood targeted networks with an overwhelming amount of traffic or with a few well-crafted requests to completely interrupt legitimate traffic, causing serious network downtime to businesses that rely on networks and Web services to operate. A recent study conducted by the Ponemon Institute1 found that DDoS attacks rank as one of the top risks among IT practitioners, and in the United States DDoS attacks were the number one concern.
The Check Point DDoS Protector appliance line safeguards organizations by blocking all major attack types such as network floods, server floods, application layer DoS attacks, as well as low-and-slow attacks. The new product line provides customers with multi-layered protections that employ a variety of advanced detection and mitigation techniques, including:
Network and Traffic Flood Protections
• Behavioral DoS—Protects against TCP, UDP, ICMP, IGMP and Fragment DDoS attacks with adaptive behavioral based detection.
• DoS Shield—Protects against known DDoS attack tools with pre-defined and customized filters to block rate-limits per pattern.
• SYN Protection—Blocks SYN-spoofed DoS with SYN rate thresholds per protected servers.
• Black List—Blocks generic attacks with L3 and L4 source-destination classifications and expiration rules.
• Connection Rate Limit—Blocks generic, non-supported protocols (non DNS, HTTP) and application level flood attacks with rate-based thresholds.
Application Based DDoS Protections
• SYN Protection with Web Challenge—Protects against HTTP connection-based DoS attacks with SYN rate threshold per protected server.
• Behavioral DNS Protections—Block DNS query DoS attacks with DNS adaptive behavioral based detection using DNS footprint blocking rate limits and DNS challenge and response.
• Behavioral HTTP Protections (The "HTTP Mitigator")—Blocks HTTP connection-based DoS attacks and upstream HTTP bandwidth attacks with server-based HTTP adaptive behavioral detection, HTTP footprint with web challenge.
Directed Application DoS/DDoS Protections
These repel DoS and DDoS attacks that require special filtering criteria. Flexible filtering definitions search for specific content patterns in each packet, and can analyze and block ongoing attacks by defining on-the-fly protections.
The DDoS Protector appliance sits in front of an organization's perimeter gateway and cleans the traffic from DDoS attacks before it reaches the main security gateway. The appliances are integrated with the Check Point management suite to deliver a single point of control over security and provide full visibility of security events. With Check Point SmartEvent, SmartLog and SmartViewTracker, customers benefit from current and historic views of an organization's overall network security and DDoS attack status.
"The DDoS Protector appliance line marks our entrance into a new and critical area of network security," said Dorit Dor, vice president of products at Check Point Software Technologies. "As the prevalence of DDoS attacks on enterprises continues to rise, it's important to enable our customers to protect themselves and mitigate one of the biggest security risks across today's threat landscape."
Check Point DDoS Protector appliances were developed in conjunction with Radware®, a leading provider of application delivery and application security solutions for virtual and cloud data centers. The DDoS Protector line is comprised of seven models that offer organizations low-latency, high-performance and high port density of up to 16 ports. With ultra-fast response times, the DDoS Protector appliance blocks a wide range of attacks within seconds, and can be easily customized to meet specific network environments and security needs. Check Point customers benefit from 24x7 customer support and access to a dedicated emergency response team.
"Check Point DDoS Protector appliances protect organizations with an additional layer of security to stop DoS attacks in their tracks," concluded Dor.
The Check Point DDoS Protector appliance line is available for purchase immediately through the Check Point worldwide network of value-added resellers. To find a Check Point partner, visit partners.us.checkpoint.com/partnerlocator/.
About Check Point Software Technologies Ltd
Check Point Software Technologies Ltd (checkpoint.com), the worldwide leader in securing the Internet, provides customers with uncompromised protection against all types of threats, reduces security complexity and lowers total cost of ownership. Check Point first pioneered the industry with FireWall-1 and its patented stateful inspection technology. Today, Check Point continues to develop new innovations based on the Software Blade Architecture, providing customers with flexible and simple solutions that can be fully customized to meet the exact security needs of any organization. Check Point is the only vendor to go beyond technology and define security as a business process. Check Point 3D Security uniquely combines policy, people and enforcement for greater protection of information assets and helps organizations implement a blueprint for security that aligns with business needs. Customers include tens of thousands of organizations of all sizes, including all Fortune and Global 100 companies. Check Point's award-winning ZoneAlarm solutions protect millions of consumers from hackers, spyware and identity theft.
1The Impact of Cybercrime on Business Report is independently conducted by Ponemon Institute, LLC Publication Date: May 2012