Security Threat Advisory
Looking Glass
FireEye
Governance Risk and Compliance
Governance / Risk / Compliance
Strategic Consulting
ADSIC
FISMA
ISO 20000 ITSM
ISO 22301 BCMS
ISO 27001 ISMS
PCI DSS
Information Security Review

Data & App Security

Database Security & Protection Data Encryption & Control Enterprise Digital Rights Management Data Vulnerability Assessment Application Protection Vulnerability Assessment & Penetration Testing Web Application Firewall Data Governance

Network Security

Network Access Control Next Generation Firewall Email Security Network IPS Web Gateway Next Generation APT Next Generation DDoS Mitigation Smart DDI

Security Operation & Response

Governance Risk & Compliance Cyber Security Transaction Monitoring Compromised Card Monitoring Incident Response & Orchestration Encrypted Calls and Messaging Travel Risk Management & Crisis Avoidance Anti Phishing Services

User Security

Identity Management Single Sign On Two Factor Authentication Privileged User Password Management Insider Threat Management Endpoint Security Management Endpoint Detection & Remediation Employee Monitoring Tool

Infrastructure Security

Virtual Security SCADA Security Mobile Device Management Public Key Infrastructure Certificates

Policy & Compliance Management

NETconsent Compliance Suite File Integrity Monitoring, Network Configuration, and Compliance

Network & DDoS Threat Protection Appliance
SmartWall® Threat Defense System

Real-time protection against DDoS Attacks

Disruptions to Internet-facing services due to Distributed Denial of Service (DDoS) attacks can cripple operations, impact customers and result in major economic losses. The SmartWall Network Threat Defense System (TDS) is an intelligent, always on appliance that inspects traffic, detects threats and blocks DDoS attacks targeting protected network resources. It allows Service Providers, Hosting Providers, and Managed Security Service Providers (MSSPs) to deploy centralized or distributed DDoS attack protection solutions via purpose-built network security appliances that provide advanced Layer 3-7 threat protection.

This next-generation slim line DDoS protection appliance delivers 10Gbps full duplex or 20Gbps unidirectional performance in a ¼ wide, 1 RU form factor. It is a member of the Corero SmartWall Threat Defense System (TDS), an innovative family of space-saving, modular security platforms that will change the rules for inspection performance, security intelligence and network forensics, while providing an unprecedented level of scalability for protection against DDoS attacks.

This groundbreaking new appliance provides configurable policies to selectively enable a broad range of specific protection mechanisms to defend critical network assets against suspicious or malicious traffic types while allowing uninterrupted service access to legitimate users and applications. The SmartWall TDS also utilizes the concepts of Flex-Rule and Smart-Rule technology to apply granular detecting and blocking filters to a very specific DDoS attack with ease. These rules, leverage heuristic and closed loop policy, allow for rapid creation and deployment, thereby providing customers with the ability to respond rapidly to the evolving nature of sophisticated DDoS attacks.

Easy-to-Use Centralized Management

Each appliance has a dedicated management port and is assigned a unique IP address. This centralized management minimizes IT overhead, speeds deployments and streamlines provisioning. In addition, Corero offers multiple management options for configuring, controlling, and monitoring the appliances including a flexible Browser-based GUI, a full SSH CLI and powerful REST API that supports open integration with existing management frameworks.

Management is performed via secure connection to the Corero Management Server (CMS). The CMS includes a dashboard for monitoring threat activity and viewing key security events. The CMS is delivered as a virtual appliance to run on customer-provided hardware.

Robust Security Protection

Category of DDoS Attack Type	DDoS Attack Coverage
Volumetric DDoS Attacks	TCP Flood Attacks HTTP GET/POST Floods UDP Flood Attacks UDP Fragmentation Attacks ICMP Floods
Reflective DDoS Attacks	NTP Monlist Response Amplification SSDP/UPnP Responses SNMP Inbound Responses Chargen Responses Smurf Attack Fraggle Attack DNS DNS Amplification
Resource Exhaustion DDoS Attacks	Malformed and Truncated Packets (e.g. UDP Bombs) IP Fragmentation/Segmentation AETs Invalid TCP Segment IDs Bad checksums and illegal flags in TCP/UDP frames Invalid TCP/UDP port numbers Use of reserved IP addresses Slow HTTP requests (from tools like Slowloris, RUDY, Slowread)
Other DDoS Attacks	Command and Control Operations Tunnel Inspection (GRE, MPLS etc.) GRE, MPLS etc. NTP Monlist Requests Whitelisting Known malicious IP Addresses (botnets, scanners, anonymization services, phishing sites, spammers) Customized Protection with Blacklisting of IP Addresses Port address range filters (provides protection for generic TCP/UDP port based Rate Limiting Policies Flex-Rule – Programmable filters based on the Berkley Packet Format (BPF) syntax. These can be programmed to address a variety of attack categories volumetric, reflective through to attacks leveraging specific payloads (Teamspeak, RIPv1, netbios). Smart-Rule – Heuristics based engine leverages heuristics and behavioral analysis to track and rate limit L1-L4 attacks