Radware, a provider of cyber security and application delivery solutions, has officially introduced a new cloud web DDoS protection solution.

The solution is designed to minimise the growing gap between standard DDoS mitigation and an emerging generation of more aggressive, layer 7 (L7), HTTPS Flood attacks - also known as Web DDoS Tsunami attacks.

Radware's advanced solution is designed to combat these encrypted, high-volume, multi-vector threats that evade standard web application firewalls (WAF) and network-based DDoS tools, essentially rendering them ineffective.

Gabi Malka, Radware's Chief Operating Officer, comments, "The dramatic rise in web DDoS tsunami attacks poses an immediate cyber threat. Organisations worldwide regardless of industry have fallen victim to these attacks, leaving them confounded as to why their existing defence solutions are faltering.

"Just because organisations have standard WAFs or network-based DDoS mitigation in place, they should not take for granted that they are adequately protected."

The sharp increase in web DDoS tsunamis has raised the bar for effective L7 DDoS detection and mitigation. As part of their latest campaigns, hackers are combining network and application layer attacks and using new tools to create these giant request-per-second (RPS) web DDoS attacks, Randware states.

To elude detection, these L7 DDoS attacks appear as legitimate traffic and leverage multiple evasion techniques, such as randomising HTTP headers, cookies, spoofing IPs, and more.

Malka continues, "Standard solutions that take a rate-limiting approach are not built to handle this emerging generation of Web DDoS Tsunami attacks.

"To defend against these attacks, organisations need layer 7, behavioural-based security solutions that can adapt in real time, scale by a magnitude higher than any on-prem solution, and surgically block the attacks without blocking legitimate traffic."

He says, standard WAF and network-based DDoS protection solutions are ineffective in detecting and mitigating Web DDoS Tsunamis without impacting legitimate traffic. Detecting these attacks requires decryption and deep inspection into the L7 traffic headers, which network-based DDoS protection solutions are not able to do.

At the same time, on-premise or cloud-based WAF solutions that rely on signature-based protections are ill-equipped to deal with the randomised nature, scale, and sophistication of these attacks.

Anticipating the shift in the threat landscape, Radware developed its new Cloud Web DDoS Protection. Backed by research and development, the solution combines behavioural-based, automated algorithms with the high-scale infrastructure needed to accurately defend organisations against high RPS, Web DDoS Tsunami attacks.

In addition, Radware's cloud web DDoS protection:

• Minimises false positives: Dedicated behavioural-based algorithms quickly and accurately detect and block L7 DDoS attacks without interrupting legitimate traffic.
• Offers wide attack coverage against the most advanced threats and zero-day attacks: The solution protects organisations from a wide range of L7 DDoS threats, including smaller-scale, sophisticated attacks; new L7 attack tools and vectors; and large-scale, sophisticated Web DDoS Tsunami attacks.
• Immediate and adaptive protection: Leveraging proprietary behavioral analysis and real-time signature generation, Radware immediately detects HTTPS floods and continuously adapts the mitigation in real-time to prevent downtime.
• Provides peace-of-mind: The automated and fully managed solution is designed to help organisations block these sophisticated attack campaigns consistently across all their applications and environments.

For organisations under DDoS attack, Radware also offers an emergency onboarding service that helps neutralise security risks and safeguard operations before damage occurs.