| WHY TRADITIONAL SECURITY PRODUCTS FAIL TO STOP DDOS Routers, firewalls and IDS may not be enough to cope with a DDoS attack... |
 |
| VULNERABILITY ASSESSMENT Rather than wait until your company is targeted you can have your systems' vulnerability tested FREE by a Webscreen security expert... |
|
| WHERE TO BUY Find out where to buy total protection for your webserver... |
|
| DOWNLOAD
BROCHURES Download the Webscreen product brochures. |
|
| DOWNLOAD
WHITE PAPER Download our free White Paper: Extending Network Integrity Software to Deliver Guarantee of Service (GoS) for Critical Applications and Services. |
Defence In Depth
Webscreen firmly believe that a multi-vendor, layered security architecture is fundamentally more robust than a single unified solution. The rationale for this approach is based on the common sense reality that every product regardless of size and brand can be exploited and is, therefore, vulnerable.
Yet, many leading security manufacturers are still providing multiple functionality through a single platform. History shows that 'putting all your eggs in one basket' is a risky strategy and can have serious consequences for the enterprise.
Webscreen on the other hand is in many ways controversial in its approach. Webscreen does not believe that it is possible to develop a 'wonder box' that solves all security threats. Instead, Webscreen supports a layered approach where the solution requires a number of discrete layers to provide a more robust and secure architecture. By adopting this strategy, the attacker is forced to compromise several devices in order to be successful. Webscreen refer to this approach as 'Defence in Depth'.
Defence in Depth architecture includes the following layers:
- Network Integrity Layer (Webscreen)
- Firewall Layer
- Network Intrusion Prevention Layer
- Host Intrusion Prevention Layer
Within a Defence in Depth strategy, Webscreen is the first line of defence designed to protect the integrity of the network layer. Ideally, Webscreen is positioned as far upstream as is possible, thus mitigating the attack before it starts to affect the performance of the devices further downstream.
Webscreen's focus is to monitor the behaviour of users, ensuring that the best behaved always get access. Webscreen achieves this by applying its multiphase packet inspection engine, known as CHARM, which makes use of an anomaly based heuristic algorithm to prevent outages and reduced service due to network layer events.
The next layer is the Firewall Layer. The firewall restricts the ports on which information can enter the infrastructure and it monitors and logs valid and invalid connection attempts.
The Intrusion Prevention Layer is positioned behind the firewall and is focused on inspecting packets for known threats with the use of signature technology and some anomaly based methods. The fundamental role of the intrusion prevention layer is to protect the integrity of the application layer and takes the successful download and implementation for comparison against live network traffic.
A traditional IDS is limited to only alert to a recognised, 'known' attack, leaving it to other security systems to defend against the attack.
Often, the time to compare traffic patterns against the signature database, determine a match and send out the alert is longer than it takes for a DDoS attack to generate the damage. Most DDoS attacks cause damage within a few seconds, and sustain the damage until the attacker decides to stop the attack.