Speed Shield CDN relies on globally deployed cloud security nodes to form a cloud security network, and is equipped with a proprietary attack monitoring alarm center and intelligent dispatch center. Combined with the cloud big data analytics platform, it detects and analyzes request packets in real time. If abnormal requests are found, they are intercepted. According to the attack situation, the protection strategy is dynamically adjusted in real time to effectively ensure the security of the user platform.
Product architecture diagram:
usage scenario
- Game industry
As a high-value, high-profit, and highly competitive industry, the gaming industry has always been a high incidence of DDoS attacks launched by hackers, and it is also a frequent industry that is prone to hundreds of gigabytes of high-traffic attacks. For the gaming industry, ensuring the availability and continuity of business is the prerequisite for retaining players, and DDoS attacks are precisely the greatest threat to availability and continuity.
- Financial industry
The financial industry (securities, funds, stocks, etc.) has always been a "money bag" coveted by hackers, and the competition among its peers is also very fierce. Such business systems have very high requirements for business usability, and if there is a business interruption, such as the system cannot be logged in normally, even for a short time, it may cause investors to panic and cause the most feared run event in the financial world.
- live broadcast industry
With the fire of the live broadcast industry, in view of the hackers always go where the hackers are busy, the live broadcast industry has become a new target for hackers to launch DDoS attacks. The live broadcast industry is fiercely competitive, and its requirements for business continuity are very high. If a DDoS attack causes business interruption, it will cause a large number of users to churn and suffer huge losses.
Product advantage
With the rapid development of "Internet +", cyber security issues have become increasingly prominent, among which Distributed Denial-of-service (DDoS) has become the first choice for hackers to carry out network attacks because of its simplicity, remarkable attack effect, and difficulty in resisting and tracking. At present, DDoS attacks show a trend of increasing attack frequency and increasing peak.
Attack Status
With the proliferation of DDoS attack tools and the development of the underground black industry market, the threshold for DDoS attacks is getting lower and lower, and the development of Internet of Things devices is vigorous (but the security awareness of Internet of Things device manufacturers is generally not high, and their devices often have vulnerabilities, which are easily exploited by hackers as a tool for DDoS attacks), DDoS attacks are becoming more and more frequent. According to the "2016 China Internet cyber security report" released by CNCERT, the number of high-traffic attacks continued to increase throughout the year in 2016, and the number of attacks above 10Gbps increased by 1.1 times in the fourth quarter compared with Quarter 1. The average number of attacks per day reached 133 times, accounting for 29.4% of the average daily attacks.
Risks facing businesses
DDoS attacks will lead to platform service interruption, service interruption caused by user churn, transaction volume decline, the cost of website recovery, brand perception loss, etc., should be calculated into its economic losses, and even some hackers are using DDoS attacks to blackmail websites, which have a great impact on the normal operation of websites, and the losses caused by DDoS attacks are increasing geometrically. In the context of rampant network attacks, Internet companies frequently encounter difficulties and cannot focus on business development and promotion, and the form is extremely severe.
The bottleneck of traditional protection methods
In order to defend against various DDoS attacks, enterprises may choose to purchase anti-D hardware equipment or high-defense computer rooms to improve the system's ability to resist DDoS attacks. Although this method can mitigate attacks to a certain extent, these two methods have the following disadvantages:
- Due to bandwidth limitations and device performance, it is unable to effectively respond to sudden high-traffic attacks
At present, the cost and threshold of hacking attacks in the market are very low, and an industrial chain has been formed. At the same time, hacking methods are unpredictable, and sudden large-scale attacks of hundreds of gigabytes are commonplace. The scalability of traditional anti-D hardware devices is limited by bandwidth and device performance, so when hackers suddenly increase the attack traffic, traditional defense methods often fail, so they cannot fundamentally protect against DDoS attacks.
- The deployment is complex and the operation and maintenance are difficult
Hardware devices are generally deployed in series or by bypass, which requires changes to the network topology of the source station. During the deployment process, there are system and business risks, and it increases the difficulty of operation and maintenance. When there is a problem with the device, it is difficult to solve it in time.
- Data analytics capabilities are limited, there are accidental killings, affecting normal business development
Hardware equipment is limited by data sources and data collection and analysis capabilities, cannot integrate data resources well, and is closed. The defense algorithm is updated slowly, and it is difficult to form a linkage defense. Therefore, the identification ability of application-layer DDoS attacks (especially CC) is weak, which in turn affects the defense effect. High-defense computer rooms are generally protected by single-operator routes, and are generally defended in the backbone network. If the attack affects the exit bandwidth, it will directly block the IP, which is very easy to cause manslaughter and affect the normal operation of the enterprise.
- High cost of security
The price of a single piece of hardware equipment ranges from 5-300,000, with an average life cycle of about 3 years, which greatly increases the cost of security defense. In addition, in the event of an attack, a professional security team is required to monitor equipment, adjust strategies and upgrade maintenance, and enterprises need to set up professional security operation and maintenance positions, which increases labor costs.
Function introduction
Speed Shield high anti-cloud cleaning, relying on the advantages of CDN resources, combined with big data analytics, independently developed protection algorithms, real-time detection and cleaning of various DDoS attacks (such as SYN Flood, UDP Flood, CC, etc.), to ensure that HTTP/HTTPS-based user services can still be stably online in the event of a high-traffic DDoS attack. When a website is attacked by DDOS, it can be intelligently diverted based on DNS resolution to direct attack traffic and user visits to different nodes to ensure that customers in various regions visit the website normally.
protection level
The SpeedShield CD protection system has a large number of protection nodes. At present, the anti-attack capability of a single node can reach 800Gbps, and the cloud protection nodes used by a single customer can reach up to 300. At the same time, according to customer needs, it can support the expansion of protection domain names and protection bandwidth, without the need for customers to modify the source station configuration. The intelligent dispatching center of the SpeedShield CDN system can intelligently dispatch the whole network resources according to the attack situation, and the overall anti-attack capability reaches 20Tbps +.