DDoS Attack Mitigation

Oplon ADC is the Application Delivery Control platform created to work in modern virtualized environments both on premise and in Cloud exploiting the enormous computing power available today and allowing them to be used spontaneously in these environments.

Oplon ADC implements a traffic balancing and routing system at application level 7 (HTTP/S, DNS) with session affinity features, able to ensure high scalability on modern multiprocessor/multithread systems with encryption on chip features (AES- NI or on-board/on-chip encryption functionality).

The design of an application-level routing system today must combine the needs of networking, security, with the need to use distributed services placed in high reliability.

In a modern businss-critical or mission-critical information system, the ADC component becomes the focus.

The data traffic balancing and routing system integrates an Application Firewall (AF) system with advanced security features to prevent Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks that can control and catalog time the dynamics of service requests and their evolution.

The distribution in Virtual Appliance allows the product to retain all the features of the Enterprise Datacenter appliances while retaining all the features. The functional characteristics allow to climb towards higher configurations without changing the platform and acquired know-how.

DoS/DDoS Address Quarantine

DoS/DDoS protecting the infrastructure

Oplon DoS/DDoS Attack Mitigation leverages the advanced features of the forwarding engine to mitigate and resolve DoS/DDoS attacks or click-day events. The DDoS Attack Mitigation solution is based on application stress (with reaction capacity within 50 milliseconds) and is able to control traffic flows discriminating them at the application level, by type of user, service, IP, subnet, geographical region.

Oplon DoS/DDoS Attack Mitigation detects the application stress without the use of agents (agentless) by checking the connections from Layer 4 to Layer 7 and can intervene by deleting/limiting the requests that are causing the suffering.

Oplon DoS/DDoS Attack Mitigation also allows you to temporarily confine attacks from individual IP addresses/subnets. The algorithm has been designed to identify dynamic IPs and place them temporarily in the condition of not harming without any human intervention.

DoS/DDoS Address in Quarantine is a function able to identify sophisticated attempts at exclusive use of resources by a few subjects. The latter are automatically recognized and placed in “quarantine” for a fixed period of time. Normally these attacks come from dynamic addresses and therefore can not be inserted on public blacklist directories. Once the “quarantine” time has expired, access to the services is made available again.

DDoS VIP iRedCarpet

The algorithm (VIP iRedCarpet ©) allows (in particular moments of application stress) to filter to Layer 7 the “useful” traffic from “less useful” traffic, reacting differently depending on the stress conditions and the single function or application transaction. The system, through simple rules, has been designed to favor the access of connections based on the type of application required service, for example privileging connections (or users) who are making payments or those who have already authenticated to the portal or, in the transactional field, those who have already started the transaction and have a session associated with those who are only browsing in consultation only .

The technology allows to set up application privileges in case of attack or overload of the entire infrastructure ensuring operational continuity.