Cisco's DDoS Protection technology includes new software for its Cisco Guard and Cisco Traffic Anomaly Detector products that learns what is normal on a network and adjusts its behavior on the basis of that information. It also communicates that information, along with user-established security policies and administrative changes, to service providers.
Distributed denial-of-service attacks flood Web sites or E-mail addresses with traffic, keeping them so busy that they can't serve up Web pages or handle routine E-mail traffic. The Cisco package of technology, which includes Cisco routers, the Cisco Guard and Detector, and network monitoring and detection gear from Arbor Networks Inc., is designed to let telecom service providers better protect their own networks from attack while at the same time offering managed-security services to their customers.
Sales of managed services, especially for security, are growing in importance for service providers as intense competition is causing a decline in the price and profitability of basic bandwidth services. Sprint uses Cisco's products to offer its IP Defender services. The service provider's managed-security portfolio includes network-based firewalls, an E-mail protection service, anti-spam and antivirus services, and a distributed denial-of-service detection and mitigation service.
The Cisco technology lets Sprint conduct deep inspection of packets flowing over the network to identify malicious traffic. So-called dirty traffic can be blocked or diverted to a quarantined area where it can be removed; legitimate traffic is sent back to the network. "Our focus is on scrubbing the traffic when it's in the network and only forwarding on legitimate traffic," says Randy Ritter, VP of product management at Sprint. "When you're dealing with a distributed denial-of-service attack, you want to deal with it in the network and not at the customer premises."