DDoS Attack Mitigation
Oplon ADC is the Application Delivery Control platform designed to work in modern virtualized environments both on premise and in the Cloud by taking advantage of the enormous computing power available today and allowing it to be used spontaneously in these environments.
Oplon ADC implements an application level 7 traffic balancing and routing system (HTTP/S, DNS) with session affinity features, capable of high scalability on modern multiprocessor/multithreaded systems with encryption on chip feature (AESI or on-board/on-chip encryption functionality).
The design of an application-level routing system today must combine the needs for networking, security, with the need to use distributed services placed in high reliability.
In a modern business-critical or mission-critical information system, the ADC component becomes the focus.
The data traffic balancing and routing system integrates an Application Firewall (AF) system with advanced security features to prevent Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks that can control and catalogue the dynamics of service requests and their evolution in real time.
The distribution in Virtual Appliance allows the product to retain all the Enterprise Datacenter appliances while retaining all the features. The functional characteristics allow to climb towards higher configurations without changing platform and acquired know-how.
DoS/DDoS Address Quarantine
Oplon DoS/DDoS Attack Mitigation leverages the advanced features of the forwarding engine to mitigate and resolve DoS/DDoS attacks. The DDoS Attack Mitigation solution is based on application stress (with reaction capacity within 50 milliseconds) and is able to control traffic flows discriminating them at the application level, by type of user, service, IP, subnet, geographical region.
Oplon DoS/DDoS Attack Mitigation detects application stress without the use of agents (agentless) by checking the connections from Layer 4 up to Layer 7 and can intervene by deleting/limiting the requests that are causing the stress.
Oplon DoS/DDoS Attack Mitigation also allows to temporarily confine attacks from individual IP addresses/subnets. The algorithm is designed to identify dynamic IPs and place them temporarily in the condition of not harming without any human intervention.
DoS/DDoS Address in Quarantine is a function able to identify sophisticated attempts at exclusive use of resources by a few subjects. The latter are automatically recognized and placed in “quarantine” for a fixed period of time. Normally these attacks come from dynamic addresses and therefore can not be inserted on public blacklist directories. Once the “quarantine” time has expired, access to the services is made available again.
DDoS VIP iRedCarpet
The algorithm (VIP iRedCarpet ©) allows, in particular moments of application stress, to filter up to Layer 7 the “useful” traffic from “less useful” traffic, reacting differently depending on the stress conditions and the individual application function or transaction. The system, by means of simple rules, has been designed to privilege the access of connections according to the application type of the service requested, for example by privileging connections (or users) who are making payments or those who have already authenticated to the portal or, in the transactional sphere, those who have already started the transaction and have an associated session with respect to those who are only browsing in consultation only.
The technology allows to set up application privileges in the event of attack or overload of the entire infrastructure ensuring operational continuity.