Data Center Modernization
A growing number of service providers and data centers now face continuous DDoS attacks rather than the occasional attacks of the past. At the same time, the growing volume of applications and services are also forcing data centers to migrate from 10 Gbps to 100 Gbps. As a result, DDoS attack mitigation equipment deployed in the data center is expected to perform at levels approaching 100G speeds to avoid becoming a bottleneck. And at the same time, higher link speeds are needed for increased DDoS mitigation capacity.
To address the performance challenges of today’s need for always-on DDoS attack mitigation for data centers, Fortinet is announcing the immediate availability of new FortiDDoS 1500-E and FortiDDoS 2000-E models designed to meet these needs.
DDoS Attack Threat Landscape and FortiDDoS
Millions of devices are now joining the Internet and connecting to networks, the attack surface is increasing, and so is the attack power available to cyber criminals. DDoS attacks, especially from nation state actors with virtually limitless resources, are graduating to new techniques and dramatically higher scalability. Similarly, DDoS-related Crimeware is now being commercialized, with an affiliate model for distribution on tap for everyone from wannabe hackers to serious cybercriminal organizations.
Given the realities of this new threat landscape, modern data centers have to build DDoS attack mitigation into their basic infrastructure if they want to guarantee continuous availability to users. FortiDDoS products are designed to provide essential, broad, and advanced threat mitigation techniques for today’s environments that include, but are not limited to:
- Machine learning from millions of traffic parameters to predict future behavior.
- Local and remote address anti-spoofing.
- Rate limiting at Layers 3 and 4, and Layer 7 DDoS attack mitigation for HTTP, HTTPS, NTP, GTP, and DNS.
- IP and Domain reputation services via FortiGuard.
- DNS cache response under DDoS attacks.
- Cloud signaling to support third party cloud scrubbing for hybrid mitigation.
- Fabric integration with FortiGate.
- Extremely large DNS and IP blacklists.
- The ability to block any number of IPv4 addresses without performance implications. This can be done via the REST API through complementary downstream services (such as WAF and NGFW) which can observe the rogue behavior of an IP address.
FortiDDoS E-Series to Fill a Void in High Performance DDoS Attack Mitigation
The FortiDDoS E-series models – FortiDDoS 1500E and FortiDDoS 2000E – are built using a new architecture that delivers the industry’s highest DDoS attack mitigation performance to ensure data centers can scale their defenses while meeting the evolving needs of their business.
- Ideally suited for data centers that have 1G, 10G, 40G, and 100G links.
- Built around Fortinet’s patented hardware architecture that combines ASIC-based packet processing cards with no CPU, no MAC, and no IP address in the path of packets.
- FortiDDoS 2000-E delivers 70Gbps of throughput for mixed enterprise traffic and can handle much larger UDP and ICMP DDoS attacks via multi-vector mitigation mechanisms.
- Both appliances are in 2-U form factor and have passive optical (1310 nm) bypass for 1/10/40/100 GE.
- Besides mitigating all the DDoS attacks that B-series mitigates is geared for, the E-Series provides additional logic for NTP and mobile infrastructure (GTP) DDoS attacks.
Here are some additional performance and capacity details:
Learn more about Fortinet’s new FortiDDoS E-Series appliances here.
Find out how Fortinet’s Security Fabric delivers broad, integrated, and automated protection across an organization’s entire digital attack surface from IoT to the edge, network core and to multi-clouds.