easy-accordion-free domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/mother99/jacksonholdingcompany.com/wp-includes/functions.php on line 6114zoho-flow domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/mother99/jacksonholdingcompany.com/wp-includes/functions.php on line 6114wordpress-seo domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/mother99/jacksonholdingcompany.com/wp-includes/functions.php on line 6114An unprecedented increase in distributed-denial-of-service (DDoS) attacks in recent years has resulted in lost revenue and productivity, increased ransomware costs, and impacted service-level\u2026 Read more on Cisco Blogs<\/a><\/p>\n \u200b<\/p>\n An unprecedented increase in distributed-denial-of-service (DDoS) attacks in recent years has resulted in lost revenue and productivity, increased ransomware costs, and impacted service-level agreements (SLAs) for network operators.<\/p>\n According to Zayo Group\u2019s annual DDoS Insights Report<\/a>, attacks are accelerating rapidly, with a 314% increase in overall attacks from the first half of 2022 to the first half of 2023\u2014surging by 1,300% in some industries. The report also notes \u201cthere are approximately 23,000 DDoS attacks every day globally\u201d and \u201cDDoS attacks can be costly to any business, but unprotected businesses experience an average cost of $200K per attack.\u201d At the same time, increasing bandwidth requirements and millions of new internet-connected devices has further driven the need to address DDoS attacks more efficiently.<\/p>\n To address the growing problem of DDoS attacks, in 2022 we launched<\/a> the industry\u2019s first true on-box DDoS solution, Cisco Secure DDoS Edge Protection<\/a>, with IOS XR 7.7.1 on our Cisco Network Convergence System 540 Series routers (NCS 540 Series). The first phase of the solution addressed threats from mobile endpoints such as IoT devices and mobile phones, helping customers detect and mitigate DDoS attacks on cell-site routers without the need for a centralized DDoS detection agent or a scrubbing center.<\/p>\n We are now extending this DDoS solution beyond mobility to all IP traffic types, starting with IOS XR 7.11.1 on our Cisco Network Convergence System 5500 (NCS 5500) and 5700 (NCS 5700) Series routers. This expanded solution will enable additional use cases for peering edge, broadband, aggregation, and core network deployments.<\/p>\n A traditional DDoS solution includes a centralized DDoS detection agent (physical or virtual form factor) deployed outside of the router. It also has a DDoS mitigation engine that typically pushes a Border Gateway Protocol (BGP) FlowSpec rule to divert the traffic to a scrubbing center, or to push a Remotely Triggered Black Hole (RTBH) rule.<\/p>\n <\/a>Figure 1. Traditional DDoS deployment architecture<\/p>\n This type of architecture involves edge routers that face the attack traffic to export the NetFlow data or mirrored flows (after sampling) outside of the routers to a centralized location to detect the attacks. The mitigation involves network operators deploying large-scale scrubbing centers on-premises, or by subscribing to a cloud scrubbing provider. As a result, customers can incur substantial operational costs that grow as the scale and frequency of DDoS attacks increase.<\/p>\n With Cisco Secure DDoS Edge Protection, the external detection agent is no longer needed (see Figure 2). Since IOS XR supports an application hosting infrastructure to run docker containers on the routers, the centralized detection agent is now moved to the router. Because the agent runs as a docker container, the integration eliminates the need to export data outside of the router for attack detection.<\/p>\n <\/a>Figure 2. New solution to an old problem<\/p>\n Providing the mitigation functionality within the container eliminates the need for dedicated scrubbing centers and reduces the scrubbing capacity needed in a network. The mitigation does not involve pushing a BGP FlowSpec rule; instead, a simple API callback to the edge router efficiently blocks the attack traffic.<\/p>\n The solution further simplifies the network with a single off-box controller to:<\/p>\n Orchestrate the containers across thousands of routers. The controller can run on any general-purpose compute platform and the entire solution can also be deployed in air-gapped networks. The solution is now supported on all variants of the NCS 5500 and NCS 5700 platforms, along with extending the support of non-mobile use cases on NCS 540 Series platforms.<\/p>\n As the threat landscape grows and evolves, the advanced capabilities of Cisco Secure DDoS Edge Protection can enable a range of positive outcomes for our customers, including:<\/p>\n Reduction in TCO\u2014<\/strong>With reduced or no external scrubbing centers required, network operators can save on equipment and operational costs. \u00a0\u00a0Cisco efficiently protects the network edge against growing DDoS attacks across mobility, broadband, peering, and core use cases with innovative integrated solution.\u00a0\u00a0Read More<\/a>\u00a0Cisco Blogs\u00a0<\/p>","protected":false},"excerpt":{"rendered":" <\/p>\n An unprecedented increase in distributed-denial-of-service (DDoS) attacks in recent years has resulted in lost revenue and productivity, increased ransomware costs, and impacted service-level\u2026 Read more on Cisco Blogs<\/a><\/p>\n \u200b<\/p>\n An unprecedented increase in distributed-denial-of-service (DDoS) attacks in recent years has resulted in lost revenue and productivity, increased ransomware costs, and impacted service-level agreements (SLAs) for network operators.<\/p>\n According to Zayo Group\u2019s annual DDoS Insights Report<\/a>, attacks are accelerating rapidly, with a 314% increase in overall attacks from the first half of 2022 to the first half of 2023\u2014surging by 1,300% in some industries. The report also notes \u201cthere are approximately 23,000 DDoS attacks every day globally\u201d and \u201cDDoS attacks can be costly to any business, but unprotected businesses experience an average cost of $200K per attack.\u201d At the same time, increasing bandwidth requirements and millions of new internet-connected devices has further driven the need to address DDoS attacks more efficiently.<\/p>\n To address the growing problem of DDoS attacks, in 2022 we launched<\/a> the industry\u2019s first true on-box DDoS solution, Cisco Secure DDoS Edge Protection<\/a>, with IOS XR 7.7.1 on our Cisco Network Convergence System 540 Series routers (NCS 540 Series). The first phase of the solution addressed threats from mobile endpoints such as IoT devices and mobile phones, helping customers detect and mitigate DDoS attacks on cell-site routers without the need for a centralized DDoS detection agent or a scrubbing center.<\/p>\n We are now extending this DDoS solution beyond mobility to all IP traffic types, starting with IOS XR 7.11.1 on our Cisco Network Convergence System 5500 (NCS 5500) and 5700 (NCS 5700) Series routers. This expanded solution will enable additional use cases for peering edge, broadband, aggregation, and core network deployments.<\/p>\n A traditional DDoS solution includes a centralized DDoS detection agent (physical or virtual form factor) deployed outside of the router. It also has a DDoS mitigation engine that typically pushes a Border Gateway Protocol (BGP) FlowSpec rule to divert the traffic to a scrubbing center, or to push a Remotely Triggered Black Hole (RTBH) rule.<\/p>\n <\/a>Figure 1. Traditional DDoS deployment architecture<\/p>\n This type of architecture involves edge routers that face the attack traffic to export the NetFlow data or mirrored flows (after sampling) outside of the routers to a centralized location to detect the attacks. The mitigation involves network operators deploying large-scale scrubbing centers on-premises, or by subscribing to a cloud scrubbing provider. As a result, customers can incur substantial operational costs that grow as the scale and frequency of DDoS attacks increase.<\/p>\n With Cisco Secure DDoS Edge Protection, the external detection agent is no longer needed (see Figure 2). Since IOS XR supports an application hosting infrastructure to run docker containers on the routers, the centralized detection agent is now moved to the router. Because the agent runs as a docker container, the integration eliminates the need to export data outside of the router for attack detection.<\/p>\n <\/a>Figure 2. New solution to an old problem<\/p>\n Providing the mitigation functionality within the container eliminates the need for dedicated scrubbing centers and reduces the scrubbing capacity needed in a network. The mitigation does not involve pushing a BGP FlowSpec rule; instead, a simple API callback to the edge router efficiently blocks the attack traffic.<\/p>\n The solution further simplifies the network with a single off-box controller to:<\/p>\n Orchestrate the containers across thousands of routers. The controller can run on any general-purpose compute platform and the entire solution can also be deployed in air-gapped networks. The solution is now supported on all variants of the NCS 5500 and NCS 5700 platforms, along with extending the support of non-mobile use cases on NCS 540 Series platforms.<\/p>\n As the threat landscape grows and evolves, the advanced capabilities of Cisco Secure DDoS Edge Protection can enable a range of positive outcomes for our customers, including:<\/p>\n Reduction in TCO\u2014<\/strong>With reduced or no external scrubbing centers required, network operators can save on equipment and operational costs.Challenges with traditional DDoS solutions<\/h2>\n
\nHandle the entire lifecycle management of the containers.
\nProvide a dashboard to operators on traffic stats, active attacks, history of attacks, etc.
\nPush the mitigation rules automatically or manually by the operators (only if manual option is selected) to the routers through the container.<\/p>\nImproving protection as security threats grow<\/h2>\n
\nSustainability goals alignment\u2014<\/strong>The reduced need to power and cool scrubbing centers can in turn help reduce energy consumption for operators.
\nCustomer satisfaction\u2014<\/strong>With faster attack detection integrated on the routers, the overall latency with combined detection and mitigation is drastically reduced. Improved response time helps network operators meet tighter SLAs with their customers, even under active attack situations.
\nDefense in depth\u2014<\/strong>With the edge routers acting as the first line of defense, the overall architecture aligns perfectly with the defense-in-depth philosophy on security architectures. The solution results in additional ROI from the existing routers already deployed in the network.
\nInvestment protection\u2014<\/strong>The solution can coexist with existing DDoS deployments, which provides investment protection for existing deployments. Customers can gradually phase out the traditional solutions over time.
\nFewer dependencies\u2014<\/strong>With the API-based mitigation to block the attacks, there is no longer a dependency on BGP FlowSpec for mitigation.<\/p>\nFind out more about Cisco Secure DDoS Edge Protection<\/a><\/strong><\/h2>\n
Challenges with traditional DDoS solutions<\/h2>\n
\nHandle the entire lifecycle management of the containers.
\nProvide a dashboard to operators on traffic stats, active attacks, history of attacks, etc.
\nPush the mitigation rules automatically or manually by the operators (only if manual option is selected) to the routers through the container.<\/p>\nImproving protection as security threats grow<\/h2>\n
\nSustainability goals alignment\u2014<\/strong>The reduced need to power and cool scrubbing centers can in turn help reduce energy consumption for operators.
\nCustomer satisfaction\u2014<\/strong>With faster attack detection integrated on the routers, the overall latency with combined detection and mitigation is drastically reduced. Improved response time helps network operators meet tighter SLAs with their customers, even under active attack situations.
\nDefense in depth\u2014<\/strong>With the edge routers acting as the first line of defense, the overall architecture aligns perfectly with the defense-in-depth philosophy on security architectures. The solution results in additional ROI from the existing routers already deployed in the network.
\nInvestment protection\u2014<\/strong>The solution can coexist with existing DDoS deployments, which provides investment protection for existing deployments. Customers can gradually phase out the traditional solutions over time.
\nFewer dependencies\u2014<\/strong>With the API-based mitigation to block the attacks, there is no longer a dependency on BGP FlowSpec for mitigation.<\/p>\nFind out more about Cisco Secure DDoS Edge Protection<\/a><\/strong><\/h2>\n