In a move to make the network more secure, Cisco has agreed to a deal with Arbor Networks to license DDoS (distributed denial of service) mitigation capabilities for its CRS Router. Cisco licensed Peakflow SP Threat Management System from Arbor Networks.
Arbor's Peakflow platform combines network-wide anomaly detection and traffic engineering with carrier-class threat mitigation that automatically detects and surgically removes attack traffic, while maintaining other traffic. With the ability to mitigate only the attack traffic, customer-facing services remain available while providers actively mitigate attacks.
"More than 12 years ago, Cisco was an original investor in Arbor," said Arbor Networks President Colin Doherty. "Cisco NetFlow has always been a key data source for Arbor solutions. Cisco Clean Pipes 2.0 is another example of the close relationship that leverages each company's technology to bring about a better combined solution for DDoS protection."
Defining the Solution
With the Arbor license, Cisco is rolling out the Carrier Grade Service Engine (CGSE) DDos Mitigation software. Cisco describes it as single-slot module supported on its carrier-class routing system, the Cisco CRS-1.
By embedding Arbor's DDoS mitigation technology within the CRS router, Cisco said, service providers can stop DDoS attacks at the backbone or peering/transit edge of the network. That eliminates the need to reroute attack traffic to dedicated scrubbing centers. According to Cisco, this approach helps protect core bandwidth and infrastructure while easing logistics and operational expenses associated with DDoS attack protection.
The combined solution also helps protect the network backbone and services offered by the service provider against attacks originating from both the outside and the inside of the service provider network. Cisco said service providers can also leverage the solution to offer revenue-generating managed DDoS mitigation services to enterprise customers.
Our Dependence on the Network
Zeus Kerravala, principal analyst at ZK Research, said launching CGSE was a smart move for Cisco not only because of the increased threats but also because of increased reliance on the network.
"If you roll back the clock five or six years, we weren't nearly as reliant on the network as we are today," he told us. "With the advent of cloud computing and mobile computing, we are relying on network-centric compute models. We store content in the network and we access applications in the network."
With all this in mind, he said, it's critical to ensure cloud and mobile applications work the way consumers expect them to work -- securely.
"With increased reliance on the network come increased threats," Kerravala said. "I think they are trying to simplify how operators can deploy security technology so people aren't taking a chance."