Three Transformations of NSFOCUS ADS Solution

Three Transformations of NSFOCUS ADS Solution

October 3, 2022 | Adeline Zhang

With the continuous transformation of telecommunication infrastructure in recent years, the popularization of 5G technology has promoted the sustainable and rapid growth of network bandwidth resources, and driven the rapid development of technologies such as big data, cloud computing, and the Internet of Things (IoT). However, due to security flaws, a large number of IoT devices may be exploited by attackers and become bad bots. The affected devices may continue sending different types of attack packets to the servers in the network, causing a denial of service. How to effectively prevent DDoS attacks has always been a concern for security practitioners.

Here we will discuss the three significant transformations of NSFOCUS Anti-DDoS service (ADS) solution.

1 From Solo to Collaboration

Since DDoS attacks continue to become more frequent, more powerful, and more damaging, NSFOCUS believes that we cannot win with DDoS attack defense alone, and the cleaning devices deployed on various nodes around the world should not be siloed. NSFOCUS Threat Intelligence (NTI) can connect these isolated islands and send them information on malicious attack sources in real-time. Especially for DDoS attacks initiated by bots or slow encrypted traffic attacks that are difficult for traditional solutions to detect, NSFOCUS Anti-DDoS (ADS) solutions can synchronize intelligence information, such as botnet and C&C attack sources, in real-time through the NTI, send alerts on attack events, and automatically block attacks.

In addition, for transnational and cross-domain DDoS attacks, NSFOCUS ADS solutions can achieve near-source cleaning of attacks based on intelligence obtained from the NTI, reducing bandwidth consumption caused by DDoS attack traffic.

2 From Local O&M to Intelligent O&M

In traditional scenarios, DDoS protection products deployed on each node need to be tuned by professionals according to business characteristics. If encountering a new type of attack, non-professional users do not know how to handle it properly, and manual intervention by experts is required. Suppose some special attack packets appear. In that case, it is not easy for users to use the packet capture tool to capture packets and quickly analyze the characteristics of attack packets or the distribution of attack traffic. Even if they can analyze the attack characteristics of some packets, effective protection rules may fail to be extracted and applied. Sometimes they are uncertain whether the extracted protection rules are appropriate, and the impact of protection rules on the expected traffic of the business system cannot be accurately predicted.

Therefore, we can see that the DDoS attack defense of each node varies a lot and is not satisfactory in all cases. The defense effect depends on operations staff. To solve such pain points for users, NSFOCUS ADS solutions offer two innovative modules: an AI-driven ​​intelligent protection module and a cloud-based rule push module.

Based on traffic models with varying dimensions, the AI-driven ​​intelligent protection module learns various traffic characteristics, and then automatically generates protection algorithms and policy configurations that match business characteristics. It also monitors protection effects in real-time, and continuously pushes policy configurations. Users can choose to apply them automatically or manually.

The cloud-based rule push module pushes the detection rules configured by experts to the local detection device through the cloud, especially in the case of sudden new types of attacks. Neither manual intervention nor manual upgrade of the rule database is required. Customers can focus more on their own businesses.

3 From Business Assurance to Value-added Services

When it comes to the security transition, the business transformation of operators, Internet data centers (IDCs), and cloud service providers based on DDoS protection capabilities can be deemed a significant driver. For industry customers who run network-based businesses, ensuring the stability and security of their infrastructure is the premise and a must for business development. The deployment of security capabilities is not a business requirement. Instead, it shows indirect values by ensuring normal operations of the business. Today, after business transformation, security capabilities can deliver their business values directly through value-added services, bringing revenues to network service providers.

For large-scale user groups such as operators, IDCs, and cloud service providers, NSFOCUS Anti-DDoS Business Operations System (ADBOS) provides anti-DDoS resource management capabilities with DDoS attack detection and cleaning as the underlying ones. In addition, the ADBOS adopts an in-depth permission model that provides a user-specific view and a resource-based view to achieve a decentralized and domain-specific multitenancy system. With centralized device management and one-key diversion and scheduling, the ADBOS supports centralized O&M of traffic cleaning devices and detection devices deployed on various nodes to maximize resource utilization and perform unified scheduling. ADBOS also offers a variety of value-added operations services, including traffic scheduling, O&M management, and billing reports to simplify O&M and improve efficiency, thus satisfying the needs of customers and end users. With NSFOCUS ADBOS, you can build a multilevel value-added operations system that supports device management, service visualization, and intelligent O&M.

Contact us for more information about NSFOCUS ADBOS or DDoS protection solutions.