Gardaí Anti-DDoS

Main article: Firewall

2024

Add pSignal 2.0 protocol

The updated version of Garda Anti-DDoS allows you to comprehensively counter DDoS attacks at the carrier and client levels, and increases the effectiveness of blocking attacks at the application level. Garda Technology reported this on November 27, 2024.

Garda Anti-DDoS updates increase the reliability of protection against volume attacks through the pSignal 2.0 cloud signaling protocol. With its help, an operator protection complex is automatically connected to repel an attack, and to strengthen protection, one client complex can communicate with several operators.

Now the quality of countering "carpet" attacks has become higher. "Garda Anti-DDoS" combines information about small but massive requests for the entire address space of the protected object, which makes it easier to use all available suppression tools.

By updating the log analysis function of web servers, application-level attack detection has been improved. Thanks to a combination of several methods of operation, the complex detects sources of malicious activity with high accuracy and forms rules for filtering on cleaning modules.

Detecting attacks in encrypted traffic has become easier by adding support for TLS fingerprints of a new type - JA4. And this method of suppressing attacks - the "Filter of short TCP sessions" - can reduce the unproductive load on the customer's systems by blocking multiple connections in which data is not transmitted.

To reduce the burden on users, we have implemented machine learning-based detection. Perhaps this is the most convenient type of detection of attacks, when the complex independently selects, analyzes traffic and outputs the result, - added Vadim Soldatenkov, head of the Garda Anti-DDoS product group, - In addition, we have expanded the complex management tools and improved the web interface for better information when working with SSL certificates.

Optimizes the ability to automatically suppress attacks

The updated version of Garda Anti-DDoS has expanded the ability to automatically suppress attacks, increased access control, and increased traffic filtering accuracy. The system is self-learning without affecting protected services and improves the effectiveness of incident investigation. The developer announced this on June 24, 2024.

The developers have improved methods of suppressing attacks on network border routers, configuring rules for filtering attacking traffic without blocking legitimate traffic. So, five rules can be added to the "BGP FlowSpec" method instead of one, and in the "Blackhole routing" method it became possible to manually specify prefixes for blocking. Both methods allow the system to independently block traffic to resources under attack.

The rules for detecting the Zombie method, which is designed to limit traffic exceeding specified thresholds, have been expanded. Now malicious traffic is detected not only by metadata (headers, IP addresses and ports), but also by the content of packets using a regular expression. These changes increase the accuracy of detecting "zombies" and the speed of response to DDoS attacks.

Garda Anti-DDoS users have access to the option of configuring up to five rules with regular expressions and filtering TCPUDP traffic/by package content. Such filtering has higher accuracy, since different traffic is processed by different regular expressions.

The system access control in the new version is adapted to the specific needs and requirements of security policies - groups of users can now be restricted access from IP addresses that are not included in the list of allowed from the "white list."

Increased flexibility of the system's powerful analytical tool to investigate incidents. Now the Storage module allows you to generate retrospective reports taking into account the new attributes of the BGP protocol: ASN, AS Path and BGP Community. The performance of the system is improved by adding a sampling option - it speeds up the processing of requests in the Vault while maintaining sufficient accuracy of the results.

Automatic training of the system is implemented with simultaneous display of statistics of operation of cleaning methods without actual rejection of traffic. Thus, putting the attack suppression job into training mode does not affect the protected services.

This version of the system takes into account the wishes of customers and new vectors in the field of protection against DDoS attacks, - said Vadim Soldatenkov, head of the Garda Anti-DDoS products department. - In the near future, we plan to focus on developing our own cloud protection protocol, improving work with the GeoIP database, introducing a new carpet attack detector and switching to a certified domestic OS.

2023: Ability automatically detects attacks on corporate networks

The developers have expanded the capabilities of the Garda Anti-DDoS complex for corporate users. The system for detecting and countering denial-of-service (DoS/DDoS) network attacks on a data network is applicable both in small companies with a linear network infrastructure, and enterprises with an extensive network infrastructure, and in carriers. This was Garda Technology reported on September 20, 2023.

According to the analytical center of the Garda group of companies, Russia is in the top 10 in terms of the number of registered attacks in the second quarter of 2023. In this regard, corporate information systems require an integrated approach to protecting against cyber attacks.

The updated version of Garda Anti-DDoS is a variant of the complex for working on the border of the organization's protected network, when the inclusion of "channel breaking" provides complete and constant control over the exchange of traffic with the outside world. The ability to integrate with the Garda Anti-DDoS solution installed at the upstream carrier level allows you to manage protection more flexibly, balance the load and respond to individual attacks within a few seconds.

Automation of detection and suppression of DDoS attacks in the system is implemented by profiling behavior based on information about passing traffic and using ready-made security profiles depending on the type of protected resources.

The system supports the ability to store traffic metadata for retrospective analysis and opening HTTPS, which allows you to reliably counter attacks in encrypted traffic.

Garda Anti-DDoS has a set of protection algorithms in its arsenal, filtering traffic over the full (physical) channel width. The system is able to protect not only corporate services (WEB, DNS, SIP), but also firewalls, balancers and other devices of the enterprise subject to DDoS attacks.