Previous Page Next Page

Cisco Guard DDoS Mitigation

Cisco Guard DDoS Mitigation is the industry's standard solution for defeating the most complex and sophisticated DDoS attacks. Cisco Guard DDoS Mitigation works in combination with the Cisco Traffic Anomaly Detector device.

The Cisco Guard Mitigation delivers multigigabit performance to protect the service provider and large-scale enterprise environments from DDoS attacks by performing granular per-flow-level analysis and identification, and it provides blocking capabilities to stop DDoS attack traffic in real-time while allowing legitimate traffic to flow seamlessly. The guard is capable of filtering attacks from hundreds of thousands of zombies simultaneously.

Cisco Guard DDoS Mitigation products are available in two options:

One of the most important advantages of Cisco Guard is that it is not an inline solution. It can therefore be deployed off the critical path at any point in the network, yet achieve the in-the-traffic flow between the data stream type of scenario by using its dynamic diversion capability. This also ensures that the failure of a Cisco Guard device does not impact the traffic flow.

As shown in Figure 22-4, the Cisco Guard device receives diverted suspect traffic from the Cisco Traffic Anomaly Detector for data scrubbing and cleaning services, using its advanced statistical profiling techniques and antispoofing technologies. During the traffic-cleaning process, the Cisco Guard identifies and drops the attack packets and forwards the legitimate packets to their targeted network destinations.

The Cisco Guard is based on a unique Multi-Verification Process (MVP) architecture developed by Cisco. The diverted traffic is subjected to the MVP architecture that employs the most advanced anomaly recognition, protocol analysis, source verification, and antispoofing technologies.

Cisco Guard provides robust protection against all types of attacks with the integrated dynamic filters and active verification technologies, driven by a sophisticated profile-based anomaly recognition engine. In addition, the protocol analysis and rate limiting features ensure that only valid traffic gets through without overwhelming other downstream devices.

Figure 22-5 illustrates the innovative MVP architecture that delivers multiple interactive layers of defense, which are designed to identify and block the specific packets and flows responsible for the attack.

Figure 22-5. Multiverification Process (MVP) Architecture

The information in Figure 22-5 is compiled from the Cisco Networkers session presentation BRKSEC-2030 on "Deploying Network IPS."


The Cisco Guard Mitigation device is capable of processing attack traffic at multigigabit line rates, and the recognition engine identifies a broad range of DDoS attacks, including

The Guard DDoS Mitigation performs the following tasks:

To provide the best possible implementation scenario, the Cisco Guard can be deployed in a distributed upstream configuration at the backbone level, close to the network edge or ISP connection.

Cisco Guard is typically deployed off the critical path at any point in the network, from enterprise access points to peering points off an ISP backbone.

Combined with the Cisco Traffic Anomaly Detector, the Cisco Guard Mitigation provides the industry's most comprehensive DDoS defense system.

Previous Page Next Page