Skyfilter

Slide
DDoS Attack Solution
Protection and Mitigation
DDoS Attack Solution
Protection and Mitigation
DDoS Attack Solution
Protection and Mitigation
Slide
DDoS Attack Solution
Protection and Mitigation
DDoS Attack Solution Protection and Mitigation
DDoS Attack Solution Protection and Mitigation

S1000

100% Machine Learning Detection

100% Machine
Learning Detection

Overview

Skyfilter mitigation engine with machine learning and behavior analysis, does not require any pre-configuration to start the protection; when attacked, Skyfilter Anti-DDoS automatically detects the malicious traffic and starts mitigation up to 2Tbps Distributed Denial of Service (DDoS) attacks remain a top threat to IT security and have evolved in almost every way to do what they do best: shut down access to your online services. Skyfilter uses vital technologies -inorder to protect from malicious ddos attack- such as machine learning, packet analysis, anomaly detection, behavioral detection. Structurally ,machine learning and packet analysis are performed at network adapter level.

Functional detection and anomaly detection techniques are applied at kernel level. Dedicated drivers using the Intel chipset cards are designed to use machine learning algorithms for maximum detection and mitigation thresholds. This inturn creates a more stable and secure environment due to the fact that standard kernel operating on the FreeBsd operating system. When an attack is detected in the system, algorithms, very powerful tools, are activated to isolate harmful packets and does not block the IP addresses unlike our competitors technologies,  this reduces false positive events significantly.

In the event of a possible attack the system uses various markers on the incoming packets (Packet checksum, Packet identification number, IP header, Fragment offset, Packet size, TTL, ToS, TCP sequence number, Acknowledgment Number, UDP Header, TCP Header, Dns Qcount, Dns Qname), so if the incoming request is a confirmed of malicious intent, the system can respond against said harmful packages more efficiently and effectively. Unlike the usual approach of the industry, the system does not sign the attack at the time of the attack, instead the system uses temporary rule signatures that are automatically created to isolate and overcome the issue. The system uses innovative Skyfilter algorithms in tandem with industry leading Naive Bayes and Support Vector Machine learning algorithms which can make various analyzes and packet classification. With these leading technologies we created a cutting edge automatic intrusion detection and blocking. The technology we have developed can be integrated into cloud systems and is ready to provide global protection.

Specifications

The Resurrection of Botnets

Easily-compromised IoT devices have allowed Botnet attacks to rise again and massive IoT growth assures us they are here to stay. While individual devices have little power, large groups can generate record traffic. Attackers want to hide the real Source IPs of botted devices so UDP, SYN, TCP Out-of-State (FIN/ACK/RST, etc.), DNS and Protocol direct and reflected floods using spoofed Source IPs are back in vogue. Attackers can launch an unprecedented variety of simultaneous attack vectors. Small-packet floods stress both firewalls and CPU-based DDoS appliances, preventing full inspection with unexpected results. Skyfilter’ fully inspected packet rate is class-leading.

The Resurrection of Botnets

Easily-compromised IoT devices have allowed Botnet attacks to rise again and massive IoT growth assures us they are here to stay. While individual devices have little power, large groups can generate record traffic. Attackers want to hide the real Source IPs of botted devices so UDP, SYN, TCP Out-of-State (FIN/ACK/RST, etc.), DNS and Protocol direct and reflected floods using spoofed Source IPs are back in vogue. Attackers can launch an unprecedented variety of simultaneous attack vectors. Small-packet floods stress both firewalls and CPU-based DDoS appliances, preventing full inspection with unexpected results. Skyfilter’ fully inspected packet rate is class-leading.

DNS-Based Attacks

Botnet-driven DNS attacks are popular because they can target any type of infrastructure or they can co-opt your DNS servers to attack others with reflected DDoS attacks. Skyfilter is the only DDoS mitigation platform that inspects 100% of all DNS traffic in both directions, to protect against all types of DDoS attacks directed at, or from DNS servers. It validates over 30 different parameters on every DNS packet at up to 100M Queries/second. Its built-in cache can offload the local server during floods. Skyfilter’s innovative DQRM feature stops inbound Reflected DNS attacks from the very first packet. Skyfilter also supports SkyfilterGuard’s Domain Reputation Service for ISPs to protect clients from known malicious domains.

DNS-Based Attacks

Botnet-driven DNS attacks are popular because they can target any type of infrastructure or they can co-opt your DNS servers to attack others with reflected DDoS attacks. Skyfilter is the only DDoS mitigation platform that inspects 100% of all DNS traffic in both directions, to protect against all types of DDoS attacks directed at, or from DNS servers. It validates over 30 different parameters on every DNS packet at up to 100M Queries/second. Its built-in cache can offload the local server during floods. Skyfilter’s innovative DQRM feature stops inbound Reflected DNS attacks from the very first packet. Skyfilter also supports SkyfilterGuard’s Domain Reputation Service for ISPs to protect clients from known malicious domains.

Hybrid On-premise /
Cloud DDoS Mitigation

While Skyfilter can mitigate any DDoS attack to the limit of the incoming bandwidth, large attacks can saturate incoming links, forcing ISP routers to drop good traffic. Skyfilter’s open and documented Attack Signaling API allows our Security Fabric partners to provide you a choice of best-in-class hybrid CPE/cloud DDoS mitigation when attacks threaten to congest upstream resources. Skyfilter inspects incoming GRE clean traffic from cloud DDoS providers to ensure continuity of logging and reporting, and complete threat mitigation. Skyfilter on-premise appliances can also provide your ISP with Flowspec scripts to support diversion and multi- parameter blackholing of attack traffic.

Hybrid On-premise /
Cloud DDoS Mitigation

While Skyfilter can mitigate any DDoS attack to the limit of the incoming bandwidth, large attacks can saturate incoming links, forcing ISP routers to drop good traffic. Skyfilter’s open and documented Attack Signaling API allows our Security Fabric partners to provide you a choice of best-in-class hybrid CPE/cloud DDoS mitigation when attacks threaten to congest upstream resources. Skyfilter inspects incoming GRE clean traffic from cloud DDoS providers to ensure continuity of logging and reporting, and complete threat mitigation. Skyfilter on-premise appliances can also provide your ISP with Flowspec scripts to support diversion and multi- parameter blackholing of attack traffic.

Always-On Inline vs.
Out-of-Path Mitigation

Many hosting providers, MSSPs and ISPs are moving away from out-of-path detection, diversion and scrubbing as too limited and too slow for important infrastructure. Netflow-based detection and mitigation monitor a limited number of parameters for a few different attack types. Skyfilter mitigates more than 500 attack events, many with “depth” (all 65,000 TCP and UDP ports are monitored and mitigated, for example). 100% packet inspection and leading packet performance ensure mitigation from single-packet anomalies to link-filling small-packet, fragmented UDP floods. Studies are showing that 75% of DDoS attacks last less than 15 minutes. Customers are also seeing multi-vector attacks, attacks that sequentially change vectors and pulsed attacks that start and stop frequently. Skyfilter begins mitigating in less than 5 seconds and its massively-parallel detection and mitigation ensures multi- vector, sequential and pulsed attacks are seen and stopped. Skyfilter offers multitenant real-time graphing and attack reporting for resale to customers.

Always-On Inline vs.
Out-of-Path Mitigation

Many hosting providers, MSSPs and ISPs are moving away from out-of-path detection, diversion and scrubbing as too limited and too slow for important infrastructure. Netflow-based detection and mitigation monitor a limited number of parameters for a few different attack types. Skyfilter mitigates more than 500 attack events, many with “depth” (all 65,000 TCP and UDP ports are monitored and mitigated, for example). 100% packet inspection and leading packet performance ensure mitigation from single-packet anomalies to link-filling small-packet, fragmented UDP floods. Studies are showing that 75% of DDoS attacks last less than 15 minutes. Customers are also seeing multi-vector attacks, attacks that sequentially change vectors and pulsed attacks that start and stop frequently. Skyfilter begins mitigating in less than 5 seconds and its massively-parallel detection and mitigation ensures multi- vector, sequential and pulsed attacks are seen and stopped. Skyfilter offers multitenant real-time graphing and attack reporting for resale to customers.

Features

100% Machine Learning DetectionSkyfilter doesn’t rely on signature files that need to be updated with the latest threats so you’re protected from both known and unknown “zero-day” attacks. No “threat-protection” subscriptions required.
100% Hardware-based Protection100% packet inspection with bidirectional detection and mitigation of Layer 3, 4 and 7 DDoS attacks for industry-leading performance.
Continuous Attack EvaluationMinimizes the risk of “false positive” detection by reevaluating the attack to ensure that “good” traffic isn’t disrupted. Less management time needed.
Advanced DNS ProtectionSkyfilter provides 100% inspection of all DNS traffic , for protection from a broad range of DNS-based volumetric, application and anomaly attacks. DNS Reflection floods are stopped on the FIRST packet.
Machine LearningWith minimal configuration, Skyfilter will automatically build normal traffic and resources behavior profiles saving you time and IT management resources.
Autonomous MitigationNo operator intervention required for any type or size of attack.
Hybrid On-premise/Cloud SupportNo operator intervention required for any type or size of attack.
Skyfilternet Security Fabric IntegrationSingle-pane visibility of attack mitigation and network performance reduces management and improves response time.
RESTful APISkyfilter can be integrated into almost any environment through its RESTful API.
Central ManagerSkyfilter-CM is available for users with multiple geographically dispersed Skyfilter units. One management screen for all devices with single sign-on.
Packet Inspection Technology100% Packet Inspection
Full IPv4 Support to single IP addresses
Machine learning for Predictive, Heuristic, Adaptive Analysis
Deep Packet Inspection
TCP State knowledge to instantly mitigate out-of-state attacks
DNS Reflected attacks
Complete invisibility with no MAC nor IP addresses in the data path
Massively parallel processing for multiple simultaneous attack vectors
Behavioral Threshold ManagementMachine-learning thresholds for millions of L3-L7 parameters
Automatic adaptive thresholds estimation for critical L3, L4 and L7 parameters
100% Anomaly InspectionL3/L4/L7 HTTP Headers
DNS Header and Payload
TCP State and Transition Anomalies
Layer 4 Attack MitigationTCP Ports (all 65k)
UDP Ports (all 65k)
TCP / UDP Service / Gaming Ports
ICMP Type/Codes (all 65k)
SYN, SYN/Destination with line-speed validation, SYN/Source
First-packet TCP State flood mitigation
Slow Connections
TCP Source validation
L4 Aggressive Connection Aging
HTTP Attack MitigationTop 32k HTTP URLs
Top 500 Referers, Cookies, Hosts, User Agents
HTTP METHOD Floods (all 8 METHODS
+Total Methods/Source)
SSL Renegotiation
L7 Aggressive Aging
DNS /NTP Attack MitigationFirst-packet DNS / NTP Response Flood mitigation (DQRM/NRM)
DNS / NTP Header/payload/state anomalies
DNS Query / MX / ALL / ZT / fragment / per-Source Floods
DNS Response Code Flood mitigation
NTP Request / Response / Response- per-Destination Floods
DNS Query Source validation, Unexpected Query, Legitimate Query
DNS Query TTL validation
DNS Response cache under flood
DNS Resource Record ACLs
DNS Domain Reputation Subscription
NTP Monlist / Mode 6 ACL
Physical Dimensions S1000Chassis: 1U rack height; Height: 1.7
inches (43 mm); Width: 17.2 inches
(437 mm); Depth: 29.7 inches (754
mm); Net Weight: 26 lbs (11.8 kg) ;
Gross Weight: 41 lbs (18.6 kg)
Power OptionsDC: 2 x DC redundant, hot swap capable
power supplies; DC Power Ratings: -40
to -72 Vdc, 28/14 A max (per DC input);
AC: 2 x AC redundant,hot swap capable
power supplies; AC Power Ratings: 100
to 240 VAC, 50 to 60 Hz, 12/6 A max;
Watts: 315 typical, 375 max
Hard Drives2 x 256 GB SSD in RAID 1 Configuration
EnvironmentalOperating: Temperature : 41ºF to 104ºF (5º to 40ºC) Humidity: 5–85%;
Non-Operating: Temperature -40º to 158ºF (-40º to 70ºC); Humidity 95%
Memory32 GB
Processort2 x Intel Xeon E5-2643 v4 (8 cores)
Watts: 135W
Operating SystemOur proprietary, embedded SKYFILTER operating
Management Interfaces1 x 10/100/1000 BaseT Copper; RJ-45 serial console port
Protection InterfaceMTBF at 40 degrees C is 82,169 hours and MTBF at 20 degrees C is 137,592 hours for
the system
MTBF• 4 x 1GigE (copper, sx fiber, lx fiber)
• 2 x 10 GigE (SR or LR mixed fiber
Traffic Bypass OptionsIntegrated hardware bypass; Internal “software” bypass to pass traffic without inspection
LatencyLess than 10 microseconds
AvailabilityInline bypass, dual power supplies, solid-state hard drive RAID cluster
Inspected ThroughputLicenses for 100 Mbs, 250 Mbs, 500
Mbs, 1 Gbps, 2 Gbps, 5 Gbps, 10 Gbps,
20 Gbps
Maximum DDoS Flood Prevention RateUp to 19 Mpps
Maximum Concurrent SessionsNot applicable: SKYFILTER does not track connections
Protected EndpointsUnlimited
AuthenticationOn device, TACACS, LDAP
ManagementSNMP gets v1, v2c; SNMP traps v1, v2c, v3; CLI; Web UI; HTTPS;
role-based management
Reporting and ForensicsTraffic information chart, Traffic tendency chart, Real-time and historical IPV4 traffic
reporting, IP ARP List, extensive drill-down by protection group and blocked host
including total traffic, passed/blocked, top destination URLs/services/domains, attack
types, blocked sources, top sources by IP location. Packet visibility in real-time.
DDoS ProtectionReflection Amplification Flood Attacks (TCP, UDP, ICMP, DNS, mDNS,
Memcached, SSDP, NTP, NetBIOS, RIPv1, rpcbind, SNMP, SQL RS,
Chargen, L2TP, Microsoft SQL Resolution Service); Fragmentation
Attacks (Teardrop, Targa3, Jolt2, Nestea); TCP Stack Attacks (SYN, FIN,
RST, ACK, SYN-ACK, URG-PSH, other combinations of TCP Flags, slow
TCP attacks); Application Attacks (HTTP GET/POST Floods, slow HTTP
Attacks, SIP Invite Floods, DNS Attacks, HTTPS Protocol Attacks); SSL/
TLS Attacks (Malformed SSL Floods, SSL Renegotiation, SSL Session
Floods); DNS Cache Poisoning; Vulnerability Attacks; Resource
Exhaustion Attacks (Slowloris, Pyloris, LOIC, etc.); Flash Crowd
Protection; Attacks on Gaming Protocols
ModesInline active; inline inactive (reporting, no blocking); SPAN port monitor
NotificationsSNMP trap, syslog, email
BGP ProtectionYes (collaborative DDoS attack mitigation with service provider or SkyFilter Cloud)
Web-Based GUIEnglish
Supported BrowsersInternet Explorer v10-11, Firefox ESR v31, Firefox v40, Chrome v44, Safari v6

S1000

S4000

Ready to get started?

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.