Radware switch targets attacks
- 24 December, 2003 08:00
Radware recently debuted a security appliance that could help businesses stop Web-based attacks such as Welchia and MS-SQL Slammer at the network gates.
The DefensePro appliance is a modified version of Radware's Web switch that the vendor says can identify and stop malicious IP traffic by inspecting packets at Layer 4 through Layer 7. The company adds that its Gigabit-speed box can match the performance of other security appliances at a lower cost.
DefensePro uses Radware's inspection technology to glean information on IP packets for security purposes, instead of Web switch tasks such as server farm traffic optimization. Network processors added to the Web switch match Layer 4 to Layer 7 packet data against 1,200 known attack signatures stored in the box's firmware. Polices can be set to discard or reroute certain kinds of traffic based on attack signature matches.
The device sits behind an enterprise router and can filter incoming and outgoing traffic.
The DefensePro was beta-tested in the network of Evergreen Assurance, a US service provider of remote disaster-recovery and failover services to corporations such as the International Monetary Fund and Forbes.com. The box will be installed to add network attack protection to Evergreen's service offerings.
"DefensePro fills gaps in our approach," says John Liccione, CTO for Evergreen. The service provider offered basic firewall capabilities to customers in the past, he says, but the DefensePro will allow for more sophisticated traffic blocking.
"We like the [DefensePro] because the throughput and scalability is there: 1,200 attack signatures and Gigabit wire speed - that's what we need," Liccione says.
"We looked at what some of the firewall guys do, and [DefensePro] goes far beyond. It has much faster speeds and functionality," he adds.
The box includes 16 Fast Ethernet ports, seven Gigabit Ethernet ports and one 10G Ethernet port. Each port is capable of routing traffic based on Layer 4 to Layer 7 packet information at wire speed, the company says. For processing traffic through its security filter, the performance slows to 3G bit/sec, 1G bit/sec or total throughput, depending on the product version installed.
The box will compete with products from security switch vendors including Crossbeam Systems and TippingPoint Technologies, and firewall vendors Check Point Software Technologies Ltd. and NetScreen Technologies. Radware says that its starting price of $25,000 for 1G bit/sec of security filtering is 25 percent to 50 percent less than competing Gigabit-speed security appliances that offer similar inspection levels.
A recent Infonetics survey of 240 IT product buyers found that users are looking for the kind of device Radware is offering: 92 percent of respondents said intrusion detection/ prevention were features they looked for when shopping for a security appliance.
Also, 69 percent said they prefer a security appliance to operate "in-line" - meaning the device sits as a gateway on a network ingress/egress point, instead of hanging in the background detecting network threats.
Several Web switch vendors have made a similar move to leverage their Layer 4 to Layer 7 Web switch technology into the security market.
TopLayer Networks, F5 Networks, NetScaler, Cisco Systems, Extreme Networks, Foundry Networks and Nortel Networks, offer security features in some of their Layer 4 to Layer 7 gear that can mitigate denial-of-service attacks and other types of malicious traffic.
The product will be available in Australia in Q1 2004.