Arbor Networks

Detecting and mitigating the most damaging attacks is a challenge that must be shared by network operators, hosting providers and enterprises.  The Cloud Signaling Coalition (CSC) launched by Arbor Networks offers the next evolutionary step in addressing this complex challenge. The CSC provides an infrastructure that facilitates both local and upstream DDoS mitigation in an automated and real-time manner. It is an efficient and integrated system coordinating DDoS mitigations from the customer premise to the service provider cloud.

The following are the initial members of the Cloud Signaling Coalition:

How Cloud Signaling Works

Let’s assume an MSSP is offering a comprehensive DDoS service, including detection and mitigation capabilities, to a data center customer. The service offering includes a cloud-based DDoS component, as well as a CPE-based application-aware DDoS component. The cloud-based DDoS service is based on Arbor Peakflow SP solutions and the edge-based product is the Arbor Pravail APS (Availability Protection System) appliances.

First, the MSSP must provision the cloud-based service to accept cloud signals from the edge-based Pravail appliance or software. The customer’s edge product is provisioned into a Peakflow SP deployment that includes Arbor Peakflow SP Threat Management System (“TMS”) appliances using the Peakflow SP user interface. The MSSP can then allow customers to either automatically start a TMS mitigation in the cloud or manually issue an alert when they want to initiate cloud signaling. In the manual option, the MSSP can decide either to accept the customer cloud signal to start a mitigation event or to create a mitigation event manually.

To ensure end-to-end cloud signaling, the edge-based device must be configured with the MSSP’s Peakflow SP information, including IP address and customer authentication information.

Auto-Mitigation via Cloud Signaling

When the Pravail appliance detects an attack, the operator can manually signal the Peakflow SP cloud deployment about the attack or preset Pravail to automatically send a cloud signal upstream when a threshold is reached. For the new mitigation in Peakflow SP, the solution applies the mitigation template configuration that has been assigned in the Pravail customer configuration in Peakflow SP. Then it reports back to Pravail that a mitigation event has been started. Pravail will display the mitigation status in the user interface, showing an active mitigation is taking place. If Peakflow SP already has a mitigation running for the resource under attack, it will convey that to the Pravail appliance and disregard the mitigation request.

Operator-Assisted Mitigation via Cloud Signaling

If Peakflow SP is configured for manual cloud-signaling mitigation for a Pravail customer, it will create an alert when it receives a cloud signal from the Pravail appliance and report back to the appliance that the request was received. A Peakflow SP operator would be required to initiate a mitigation based on the cloud signal.

An active heartbeat exists between the Peakflow SP cloud deployment and the Pravail appliance on the customer premise. This assures that both products are available and operational at all times.

Real-Time Analysis and Reporting

The operators of both the cloud-based Peakflow SP solution and the edge-based Pravail appliance can monitor the progress of the mitigation in real-time.  Both products also provide post-incident reports with details of the attack and the steps taken to mitigate it.

How to Get Involved

For MSSPs and other managed DDoS providers, the Cloud Signaling Coalition can be an immediate competitive differentiator and can increase the revenues of existing service offerings.  To inquire about participation please complete and submit the site Request Information form.