Cloud Signaling: From napkin to networks

By: Rob Malan -

Long time comin’!

Cloud Signaling! Man… what a long time coming! I remember drawing the concept for cloud signaling at a Denny’s at about 1:30 in the morning way back in the Spring of 1999. Arbor wasn’t even incorporated at the time, but Farnam and I were talking about being able to hit a ‘big red button’ at the target of the DDoS attack, and signal all the way back upstream to the sources of the attack, automatically protecting the target – I still have the slides that I made for the VC’s. We took a step in that direction when we introduced the Fingerprint Sharing Alliance back in 2002 – it allowed ISP’s to share attack data in real time through the system. However, it was more suited for use against big flooding attacks between large networks by network engineers. Not really suited for enterprise network and security teams who were close to the attack – you had to have a whole Peakflow system deployed and configured – which was just too much to ask just for signaling (they already had a phone).

Fast forward to 2010… the landscape had changed: the rise in both application-level attacks and botnet delivery platforms. This meant that for the new and significant class of application-level attacks, you needed to be in-line (or passively measuring) at the target site for both detection and mitigation. So we started to build Arbor Pravail – the first enterprise security product that really targets the availability component of security. However, sometimes the resources at the enterprise/data center edge won’t be enough. Just hit the big red button – cloud signaling! If the attack is a more typical bandwidth or packet flooding attack, just signal your upstream carrier to mitigate the attack before it saturates your access link’s bandwidth. Likewise, if the application-level attack requires more computing resources than your CPE gear can bring, signal your upstream to offramp it and put it through their heavy-duty cleaning solution.

We’re psyched about our Pravail launch with its Cloud Signaling functionality. So far, we’ve had a great response from our customers and the industry in general…

“Groundbreaking”
Network World

Customers

Adversor Managing Director Paul Steadman
“Adversor operates a cloud-based DDoS security service with global reach. To ensure the availability of our customer’s data and services we need to identify and mitigate application-layer attacks at the data center edge and volumetric attacks in the cloud. Arbor’s Cloud Signaling automates this process in an efficient and elegant manner. This combination is a must-have for anyone operating a data center today.”

Colt’s Network Architecture Director Nicolas Fischbach
“Colt’s information delivery platform has been relying on Arbor Peakflow to detect and mitigate denial of service threats against our and our customers’ infrastructure for over five years. Thanks to Cloud Signaling we are expanding our service’s capabilities and ensuring the availability of our managed IT and networking solutions.”

Telefonica’s Associate Director of Security Services Juan Miguel Velasco Lopez-Urd
“Cloud Signaling is another innovative solution from Arbor Networks that facilitates communication and information sharing in order to solve real world problems, namely, denial of service attacks that threaten the availability of data center resources.”

Analysts

The 451 Group, Network Security Analyst Andrew Hay
“The final piece of the puzzle, and perhaps the most interesting aspect of the Pravail APS system, is Arbor’s Cloud Signaling capability. Arbor has developed a protocol to facilitate both customer on-premises mitigation of application-layer attacks and upstream mitigation of volumetric attacks in an automated manner. When datacenter operators discover that they are under a service-disrupting DDoS attack, they can choose to mitigate the attack by triggering a signal to upstream infrastructure of their provider’s network. IDC customers also benefit from real-time monitoring of the attack mitigation, as well as granular post-mortem reports with details of the attack and the steps taken by the operator to mitigate the attack.”

Stratecast Vice President of Research Michael Suby
“What adds distinctiveness and protection value to this two product line family is Arbor’s Cloud Signaling capability. Cloud Signaling facilitates communication and DDoS protection between on-premise security appliances, Pravail APS, and network-based security services, such as DDoS mitigation services based on Arbor Peakflow platforms. In operation, Pravail APS is the first line of defense against DDoS attacks. If the attack expands to a level that exceeds access bandwidth or the throughput of the Pravail APS appliance, a signal is sent from Pravail APS to the customer’s network-based DDoS mitigation service provider to take countermeasures to block DDoS attack traffic from a single user interface or security dashboard.”

A lot of time and energy went into developing Cloud Signaling. It is very rewarding to see comments such as these from customers and industry analysts. It has been a long journey from napkin to networks. It took years, but I’m convinced it has been worth the wait!

Comments