Radware's Attack Mitigation System Protects Online Businesses Against Encrypted DoS & DDoS Attacks

Page 1
Radware's Attack Mitigation System Protects Online Businesses Against Encrypted DoS & DDoS Attacks

Financial Institutions, Government Agencies, Social Networking Firms and Other Online Businesses Can Benefit from Integrated Protection of their SSL-based Services

MAHWAH, New Jersey, June 27, 2012/PRNewswire-FirstCall/ --

    For businesses that depend on secure Internet transactions, attacks to their Web
services over Secure Socket Layer (SSL) protocol can knock servers offline resulting in
lost revenue and decreased consumer trust. For many of these businesses -- such as
financial institutions, government agencies, social networking firms, or online retailers
-- this scenario is a nightmare currently playing out at the hands of cyber criminals
worldwide. To meet this growing cyber security concern, Radware [http://www.Radware.com
](R) (NASDAQ: RDWR), a leading provider of application delivery
[http://www.radware.com/Products/ApplicationDelivery/default.aspx ] and application
security [http://www.radware.com/Products/ApplicationNetworkSecurity/default.aspx ]
solutions for virtual and cloud data centers, today announced its Attack Mitigation System
(AMS) is the first solution of its kind that detects and mitigates denial of service (DoS)
and distributed denial of service (DDoS) attacks that are SSL encrypted.

    Encrypted SSL-based transactions have become an essential component of online
businesses that aspire to protect the privacy of their online users, driving increased use
of the encryption protocol. Decryption of encrypted data consumes more CPU resources than
processing of a clear text. Thus, encrypted application DoS & DDoS attacks amplify the
impact even at relatively low rates of requests per second. Cyber criminals and hackers
are taking advantage of this and have been targeting online organizations with encrypted
application DDoS attacks resulting in significant consumption of servers' CPU resources
that either slow down or shut down services.

    "Recently, we have seen some powerful DoS and DDoS attacks that took advantage of the
encrypted SSL traffic, targeting firms that depend on secured online transactions such as
financial institutions, government agencies, social networking companies and others. Any
organization that relies on SSL-based traffic without a proper decryption engine working
in synch with an attack mitigation solution is exposing itself to great risk," said Avi
Chesla, chief technology officer, Radware.

    "Radware's AMS is the only real solution for SSL-based encrypted DoS/DDoS attacks.
With its anti-DDoS tools and advanced research, Radware's AMS ensures online businesses
have the most extensive protection to meet the challenges of sophisticated,
multi-vulnerability attack campaigns that include encrypted attacks," Chesla said.

    Today's anti-DoS security solutions do not effectively mitigate HTTP-encrypted DoS and
DDoS attacks. Through patent-pending technology, Radware's AMS is the only network
security solution with the ability to protect against high rate, SSL-based, Web-encrypted
DoS and DDoS attacks, in both symmetric and asymmetrical network traffic environments that
typify today's anti-DoS scrubbing and cleaning centers. Radware's AMS does this by
performing the following steps:

   
    - Identify encrypted, SSL-based, DoS or DDoS attack events,
    - Decrypt the traffic and perform a deep-packet inspection to filter out a
      specific pattern of requests or behaviors that are associated with DoS or DDoS
      attacks,
    - Challenge users through encrypted HTTP challenge-response techniques to
      determine if the request comes from a legitimate user, or from an artificial one
      (e.g., a bot).

    Performing these actions ensure highly accurate attack mitigation, even in cases where
the attack traffic integrates well into legitimate forms of applications and user
behaviors.

    Research shows that the encrypted DoS and DDoS attack is an emerging category of
threat that today's anti-DoS mitigation tools cannot effectively mitigate. According to
Radware's "2011 Global Network and Application Security Report
[http://www.radware.com/Resources/lp.aspx?campaign28918&WT.mc_id 11GlobalApplicationNetSecurityReport_HP ]
", the company's Emergency Response Team has been tracking SSL DoS
tools since late 2011 and has seen these tools grow in use and in sophistication.

    Radware's AMS is a real-time network and application cyber attack mitigation solution
and the first solution with the capability to effectively mitigate SSL-based encrypted DoS
and DDoS attacks. Through a powerful and scalable SSL processing engine providing SSL
decryption and encryption capabilities matched with an advanced attack mitigator,
Radware's AMS provides the industry's fullest set of protections against advanced cyber
criminal techniques. This includes the "low & slow" threats in the network and application
layers, as well as traffic anomaly attacks, connection-based misuse attacks, service
cracking attacks, and application scan pre-attack probes. All of these attacks misuse
network and application resources, and are components of today's sophisticated
multi-vulnerability based attack campaigns.

    For more information about SSL-based attacks, please read Radware's "2011 Global
Application & Network Security Report" at
http://www.radware.com/2011globalsecurityreport , and the Radware white paper on SSL
mitigation at
http://www.radware.com/WorkArea/DownloadPDF.aspx/Radware_SSL_Based_DDoS_Attacks_WP.pdf?id29030
.

    About Radware

    Radware [http://www.radware.com ] (NASDAQ: RDWR), is a global leader of application
delivery [http://www.radware.com/Products/ApplicationDelivery/default.aspx ] and
application security
[http://www.radware.com/Products/ApplicationNetworkSecurity/default.aspx ] solutions for
virtual and cloud data centers. Its award-winning solutions portfolio delivers full
resilience for business-critical applications, maximum IT efficiency, and complete
business agility. Radware's solutions empower more than 10,000 enterprise and carrier
customers worldwide to adapt to market challenges quickly, maintain business continuity
and achieve maximum productivity while keeping costs down. For more information, please
visit http://www.radware.com.

    Radware encourages you to join our community and follow us on; LinkedIn
[http://www.linkedin.com/company/165642 ], Radware Blog [http://blog.radware.com ],
Twitter [http://twitter.com/#!/radware ], YouTube [http://www.youtube.com/radwareinc ] and
the Radware Connect [http://itunes.apple.com/us/app/radware-connect/id391124100?mt=8 ] app
for iPhone(R).

    This press release may contain statements concerning Radware's future prospects that
are "forward-looking statements" under the Private Securities Litigation Reform Act of
1995. These statements are based on current expectations and projections that involve a
number of risks and uncertainties. There can be no assurance that future results will be
achieved, and actual results could differ materially from forecasts and estimates. These
risks and uncertainties, as well as others, are discussed in greater detail in Radware's
Annual Report on Form 20-F and Radware's other filings with the Securities and Exchange
Commission. Forward-looking statements speak only as of the date on which they are made
and Radware undertakes no commitment to revise or update any forward-looking statement in
order to reflect events or circumstances after the date any such statement is made.
Radware's public filings are available from the Securities and Exchange Commission's
website at http://www.sec.gov or may be obtained on Radware's website at
http://www.radware.com.

   
    Corporate Media Relations:
    Michael Lordi
    +1-201-785-3206 (office)
    +1-201-574-3840 (cell)
    mikel@radware.com

Source: Radware Ltd