DDoS (distributed denial of service) attacks have become an inherent element of the Internet, regardless of whether we are aware of it as users or not. Such an attack involves saturating specific resources on the side of the server providing the service. If a service or website is unavailable, this can mean that it fell victim to such an attack. As you can easily guess, dealing with such threats has become bread and butter for all service providers on the Internet.
The battle for service availability involves applying every possible method. These range from manual and crude blocking of the attack target (and rescuing casual victims), to automated, sophisticated and multi-faceted filtering processes. Of course, the more convenient (less engaging and intrusive) the solution, the more expensive it becomes, and the distinguishing factors of DDoS attacks is the large gap between its costs, and the resources required to guarantee protection.
Additionally, the nature of a distributed network of attack sources means that virtually only telecommunications operators (Internet providers) are able to efficiently organize defence measures. EXATEL is not alone in these activities and has even gone a step further.
The EXATEL approach
Attack techniques are constantly evolving; thus, it is necessary to update security measures. EXATEL decided to develop a proprietary solution called TAMA in response to the need to directly impact the evolution of anti-DDoS system development depending on real (and diversified at the same time) requirements of attacked clients.
Owing to the fact that we can continuously analyse network traffic characteristics, if we detect an unusual event (and classify it as malicious) – we are able to immediately respond and efficiently filter out malicious network traffic. We, therefore, enable the normal operation of an attacked website.
What is TAMA?
TAMA is a scalable and efficient software solution protecting any network against DDoS (Distributed Denial of Service) attacks. EXATEL developed it as a service. Here, protection against volumetric DDoS attacks is based on a central platform.
TAMA consists of several elements:
- Aperture monitors the network traffic from edge routers, aggregates statistical information and forwards them to the Controller.
- Controller integrates information from probes in the form of “the current status of the monitored network”, saves them in an analytical database, makes decisions regarding detecting, sustaining and acknowledging an alarm, and starts and stops automatic mitigations.
- GlaDDoS is a filtering unit. It is scalable. The bandwidth on a single GlaDDoS depends on the settings of the mitigation policy and parameters of the server it is running on. In order to achieve the best performance, our filter units are geographically dispersed.
- Chell is a management console that enables administrators and operators to handle the security of our clients’ networks.
- Client portal is an additional element that is used by our clients to observe alarms and mitigation triggered in regard to their facilities and to monitor traffic within their network.
How is the product innovative?
- The architecture of our solution is based on widely available x86 equipment – and does not incorporate expensive FPGA and ASIC systems
- Potential bandwidth of 100 Gb/s – owing to the application of effective scaling (vertical and horizontal) techniques
- Proprietary mechanisms and techniques with machine learning elements
- Possible multi-tenancy mode operation (simultaneous protection of numerous clients with different policies) and protection of lines regardless of the provider’s actions
- Development of a fast and flexible decision-making engine to identify and neutralize threats.
What is ARFA?
ARFA is the continuation of the TAMA project – it is a set of additional modules that will be used to enhance the TAMA anti-DDoS solution.
ARFA will enable counteracting:
- new volumetric attacks (owing to added new techniques in the field of DDoS attack detection and mitigation)
- attacks on service server resources (including fragmentation attacks)
- attacks on the application layer
- BGP hijacking attacks.
——-
The project is co-financed by the National Centre for Research and Development (NCBiR) as part of the “Cybersecurity and e-Identity” program. The value of the project is PLN 11,502,685.00, of which the co-financing value is PLN 8,116,987.00.
Project title: ARFA – a multi-context software development solution against advanced DDoS (Distributed Denial of Service) attacks.
Co-financing agreement number: CYBERSECIDENT / 487721/2021 / IV / NCBR / 2021.
Project implementation period: 01/06/2021 – 31/05/2023.
Does this topic interest you? Check out our Blog
Scan safely! A few words about QR codes, their use, and cybersecurity
In today’s world, where mobility and convenience are key aspects, QR codes (Quick Response codes) have become an i...
How DDoS attacks work based on example of “Romeo and Juliet”
Hi! How did you spend your last day? Did you listen to music online? Perhaps you watched some movies or series? Many peo...
The Impact of AI on Our Choices and World Perception
Recently, an article was published on ZDNET in which Professor Robert Crossler addressed issues related to elections in...