Unfortunately, as more and more aspects of business have gone online, the risks to mission critical information has increased as well. In fact, as service provider, private and hybrid cloud-based solutions proliferate, it has become undeniably clear that they all need reliable protection from distributed denial-of-service (DDoS) attacks and other malicious acts by hackers.

In fact, as everyone in the networking business is painfully aware, the frequency, sophistication and scale of malicious attacks is growing seemingly exponentially. This raises a vital question, what tools and capabilities are available to prevent or mitigate the impact of such attacks?

The recent joint announcement from Alcatel-Lucent (News - Alert) (ALU) and Arbor Networks, a leader in network monitoring and security solutions, highlighted how an integrated approach is the kind of prevention needed to thwart the bad guys looking to make cloud networking a very dark experience. 

Combining forces

All types of DoS attacks are in lay terms attempts to render a network system or resource unavailable to intended users. This is done by flooding the targeted system with so much data or traffic that it temporarily or indefinitely becomes overwhelmed and is inaccessible or unusable. DDoS attacks involve multiple sources flooding the system or resource, and typically are aimed at services hosted on high-profile web servers such as banks, credit card payment gateways, and even root name servers.  

To ensure the integrity of infrastructure vital to building cloud-based services Alcatel-Lucent realized that no one vendor could provide all of the protection needed and that only an integrated approach would suffice in providing cloud-based DDoS protection. This is why they turned to Arbor.

The solution

Alcatel-Lucent and Arbor Networks have come together to integrate Arbor’s Threat Management System (TMS) software into Alcatel-Lucent’s carrier-class 7750 Service Router.

This means that service providers (SPs) can now embed the new DDoS mitigation capability in an integrated card, MS-ISA Threat Management System, directly within their networks to defend against attacks and cut costs. It is an extensible solution enabling SPs to provide assurance for their VPN, business internet and hosting customers.

Alcatel-Lucent in its description of the benefits of the solution cites a few key ones as including:

A distributed service model that enables low cost filtering of attack traffic:

• Reduced transit expenses - MS-ISA TMS blades surgically remove DDoS attack traffic at the 7750 SR network edge
• Increased scalability and operational simplicity – Router integration of DDoS scrubbing enables greater scalability and reliability without overlay solutions complexity
• Reduction in operational expenses – solution keeps up with scale and sophistication of DDoS attacks

Generation of new revenue streams from existing network services by bringing operators closer to their enterprise customers:

• Enables new or enhanced services that address enterprise IT trends and challenges
• Drives new DDOS revenues complementing existing VPN and business internet services
• Enables SPs to scale DDOS offerings to large enterprises and SMB opportunities
• Can help accelerate adoption of new cloud based services

Protection against DDoS attacks and other threats:

• Protect services and associated infrastructure from a wide range of threats including TCP stack / generic flood attacks, fragmentation attacks, application-layer attacks, vulnerability exploit attacks and malware pipes
• Operators can use MS-ISA TMS at the peering edge and centralized scrubbing centers to protect their Internet data centers, residential and high Sseed IPTV (News - Alert) infrastructure and mobile/wireless infrastructure

As a result of the comprehensive coverage given by the integrated approach, and possibly the most important benefit, the solution gives SPs the tangible deliverable of reputation protection and increased customer satisfaction. This is done by: the ALU DDOS protection offering identifying and blocking out bound attacks before they become a problem; a reduction of risk of customer portal or business process disruptions; and, via the optimization of content filtering at the network level which ALU says reduces the processing burden at the enterprise level.

In the press release detailing the integration, Kevin Macaluso, vice president and general manager of Alcatel-Lucent’s IP Service Router product line stated, “By integrating Arbor’s TMS into our IP service routers, we’re essentially moving the defensive perimeter further out to the ‘edge’ of the service provider’s network - in effect stopping criminals at the border.”  It was also noted that this solutions also, “Complements Alcatel-Lucent’s recently announced CloudBand solution which makes the carrier cloud possible through the dynamic orchestration and provision of cloud services, such as threat management, delivery of latency sensitive applications and guaranteed Quality of Service.

The SP edge

Those with malicious intent will always be pushing the envelope to see how much mayhem they can produce. However, it is also clear that being able to stop truly devastating DDoS attacks at the place where they gain network access to spread their mischief is a critical part of the arsenal of those seeking to keep SP and enterprise networks safe, especially as moving to the cloud becomes more and more important..