| WHY TRADITIONAL SECURITY PRODUCTS FAIL TO STOP DDOS Routers, firewalls and IDS may not be enough to cope with a DDoS attack... |
 |
| VULNERABILITY ASSESSMENT Rather than wait until your company is targeted you can have your systems' vulnerability tested FREE by a Webscreen security expert... |
|
| WHERE TO BUY Find out where to buy total protection for your webserver... |
|
| DOWNLOAD
BROCHURES Download the Webscreen product brochures. |
|
| DOWNLOAD
WHITE PAPER Download our free White Paper: Extending Network Integrity Software to Deliver Guarantee of Service (GoS) for Critical Applications and Services. |
Technology
Webscreen Flood Protection (FP)
The rise in corporate operational dependency on network integrity and the increased reliance on the Internet for delivering customer services means that any degradation in performance or problems with access can severely disrupt operations and damage a company's reputation, ultimately leading to serious impact on the bottom line and threatening customer relationships.
Network performance can be affected by a range of situations from abnormal periods of legitimate activity through to deliberate and malicious attempts to flood the network's resources in a denial of service attack. Webscreen is designed to protect the network from the full range of packet flood situations including SYN, UDP and ICMP floods that can result in a network meltdown.
At the heart of the technology Webscreen's unique CHARM algorithm enables all packets on the network to be categorised and prioritised in terms of mission critical importance, intelligently filtering out all unwanted, suspicious and non-essential traffic to ensure optimum network performance for core service users.
The Webscreen Appliance sits as a bridge in a network, making selective decisions based on CHARM as to whether to pass on a received packet out of the opposite interface. The CHARM process is applied to packets going in both directions. Conventional thinking only expects decisions to be made on inbound packets, but in practice, decisions have to be made in both directions.
Information about a large subset of Internet IP addresses is held within a table known as the INTERNET BEHAVIOUR TABLE. This table tracks behavioural patterns, and understands, for instance, the differences between individuals browsing a website and that of a web-crawler, or between an individual connected via a fast or slow connection.
Each packet is effectively passed through three different modules within the Webscreen Appliance. From this, a CHARM threshold value is generated. If the packet CHARM value is greater than the CHARM threshold, then the packet is permitted access. If the packet CHARM value is less than the threshold, then the packet is dropped.
If a server is under strain malicious or otherwise then its performance will drop, for example, the TCP backlog queues may reach its capacity. This drop in performance causes the CHARM threshold to be raised. Consequentially, more packets will then be dropped, as their CHARM value is insufficient to get past the CHARM SCREENER. Only those IP addresses out on the internet with a good behavioural pattern will receive a sufficiently high CHARM rating. This is also true for outbound traffic