A10 Networks has announced its Thunder TPS Release 3.1. Thunder TPS 3.1 offers customers a fully programmable policy engine via the regex or enhanced aFleX commands, extends new advanced DDoS mitigation capabilities to block additional attacks such as the recent POODLE attack, and provides advanced rate-limiting for granular Layer 4-7 control to enable best-in-class mitigation.
Another benefit of Thunder TPS 3.1 includes comprehensive detection capabilities with access to over 400 global, destination-specific and behavioral counters, to eliminate false positives. These granular forensics protect applications and networks while they remain highly available. Significant visibility enhancements expose enhanced traffic details to provide a comprehensive understanding of regular and anomalous traffic patterns. The enhanced easy-to-use GUI provides dashboard, incident and rich report views, which can be analyzed to improve any DDoS protection strategy.
Organizations depend on the Internet to operate their business, with service interruptions resulting in significant loss of revenue, brand damage, and liability. DDoS attacks are constantly evolving, growing in scale and sophistication, and can inflict severe damage to application and networking infrastructure. With Thunder TPS Series, security professionals can now defend against growing and sophisticated attacks. Early success of the Thunder TPS Series includes new customer deployments within several key market verticals, including gaming, cloud and Internet providers. Thunder TPS has received industry recognition with key industry awards from the North American IPv6 Task Force and Information Security magazine.
“Network and security staff will greatly benefit from the new mitigation and visibility options provided by Thunder TPS 3.1. More detailed threat analysis and updated tools help to combat the impact of DDoS attacks by preventing damage to critical online resources and the bottom line,” said Raj Jalan, CTO of A10 Networks. “With these enhancements, A10 Networks sets the stage to provide additional correlated analytics and ease of administration, including centralized management and automatic traffic baselining features in the near future.”
“The RMv6TF feels strongly about the need for new IT products and services to support IPv4 and IPv6 equally, given the increasing IPv6 adoption rate. Providing security for both protocols is a benefit to A10 customers who seek a comprehensive security solution,” said Scott Hogg, Chair Emeritus at Rocky Mountain IPv6 Task Force (RMv6TF). “We were proud to award A10 Networks with the ‘Best of Show’ at the North American IPv6 Summit for their embracement of IPv6; providing feature parity and showcasing the ability to detect and mitigate attacks over IPv6 equally well.”
Key Features and Benefits
Thunder TPS 3.1 new and enhanced functionality includes:
· Programmability
o Policy Engine provides a fully programmable centralized configuration and management engine along with access to system states and statistics to simplify enforcement of advanced application and security policies.
o Regular Expressions (regex) quickly matches a search pattern to an incoming packet and enforce policy.
o Berkeley Packet Filter (BPF) defines custom filters. This format is widely used in packet capture tools such as tcpdump or Wireshark.
o Enhanced aFleX TCL-based scripting functionality provides additional options to create customized policies.
· Mitigation
o Advanced rate limiting with configurable over-limit actions for TCP, UDP, HTTP and DNS to regulate the rate limit per TCP or UDP connection for granular control.
o Enhanced protection against TLS/SSL vulnerabilities such as the recent POODLE attack, as well as SSL authentication to validate whether clients are legitimate or part of a botnet.
o MPLS protection allows Thunder TPS to inspect MPLS encapsulated traffic.
o High-performance Network Address Translation (NAT) support as an alternate to tunneling technologies for transporting clean traffic to other network areas.
· Detection
o Expanded packet statistics provide enhanced traffic visibility by offering over 400 global, destination-specific and behavioral counters. Counters are available through the GUI or the CLI.
o High-speed statistics export enables granular packet statistics to be exported at high speed to third-party analytic devices, using sFlow and NetFlow based protocols. Technology partners such as FlowTraq and Genie can now receive more data to enhance traffic analysis.
o Passive mode deployment allows deployment without affecting ongoing packet flows.
· Visibility
o Enhanced logging functionality including the common event format (CEF) open log management standard, increasing cross-platform support.
o Enhanced GUI allows for detailed overviews of network statistics, reports, and an easy-to-use interface to define and edit policies.