The FortiDDoS family of purpose-built appliances provide real-time visibility into the networks in addition to detection and prevention of Distributed Denial of Service (DDoS) attacks. FortiDDoS helps you protect your internet-facing infrastructure from threats and service disruptions by surgically removing network and application-layer DDoS attacks. You can defend your critical on-premise and cloud infrastructure from attacks while relying on sophisticated filtering technologies to allow legitimate traffic to continue to flow. These scalable, high-performance appliances deliver proven DDoS defense, and are completely interoperable with your existing security technologies and network infrastructure.
- Using 100% behavior-based detection and ASIC DDoS processors, FortiDDoS detects every DDoS threat, including sophisticated low-volume application layer attacks.
- Hardware-based DDoS detection and mitigation engine delivers a latency rate of less than 50 microseconds.
- IP Reputation scoring system and continuous attack reevaluation methods identify to block only threatening traffic and reduce risks of false postitive detections.
- FortiDDoS provides granular visibility and control of your network. It automatically detects and mitigates attack traffic.
- Inline, transparent threat mitigation provides easy to deploy and manage DDoS prevention against targeted attacks, worm outbreaks, DDoS and Botnet attacks, source tracking, and Inbound and Outbound attacks.
- Segregation and virtualization of the FortiDDoS appliance allows separate security policies on each segment for multi-tenant environments.
- Bandwidth management maintains policies that enable Service Providers to limit each customer or user to their predefined bandwidth.
- Purpose-built FortiASIC-TP2 processors deliver proven, high performance protection.
- Header and state anomaly prevention provides “clean pipe” to improve network utilization.
- Stealth activity prevention helps finding spoofers and worm outbreaks.
- Centralized alerts, role-based management and self-service portals provide flexible management and integration.
|Product name||Total Network Interfaces||Total Storage Capacity||Throughput|
|FortiDDoS-2000B||2 LAN Interfaces (Copper/RJ-45), 16 WAN interfaces (2 non-working) (SFP/SFP+), 4 WAN Interfaces (LC) with optical bypass||1x 480GB SSD||24.0 Gbps|
|FortiDDoS-1000B||2 LAN Interfaces (Copper/RJ-45), 16 WAN Interfaces (SFP/SFP+)||1x 480GB SSD||12.0 Gbps|
|FortiDDoS-800B||8 LAN Interfaces (Copper/SFP), 8 WAN Interfaces (Copper/SFP)||480GB SSD||8.0 Gbps|
|FortiDDoS-400B||4 LAN Interfaces (Copper/SFP), 8 WAN Interfaces (copper/SFP)||480GB SSD||4.0 Gbps|
|FortiDDoS-200B||4 LAN Interfaces (Copper/SFP), 4 WAN Interfaces (Copper/SFP)||480GB SSD||2.0 Gbps|
A Different and Better Approach to DDoS Attack Mitigation
Only Fortinet uses a 100% ASIC approach to its DDoS products without the overhead and risks of a CPU or CPU/ASIC hybrid system. The FortiASIC-TP2 transaction processors provide both detection and mitigation of DDoS attacks. The FortiASIC-TP2 processor handles all Layer 3, 4 and 7 traffic types, speeding detection and mitigation performance resulting in the lowest latency in the industry.
FortiDDoS uses a 100% heuristic/behavior-based method to identify threats compared to competitors that rely primarily on signature-based matching. Instead of using pre-defined signatures to identify attack patterns, FortiDDoS builds a baseline of normal activity and then monitors traffic against it. Should an attack begin, FortiDDoS sees this as an anomaly and then immediately takes action to mitigate it. You’re protected from known attacks and from the unknown “zero-day” attacks as FortiDDoS doesn’t need to wait for a signature file to be updated.
The Ever-Changing DDoS Attack
Distributed Denial of Service (DDoS) attacks continue to remain the top threat to IT security and have evolved in almost every way to do what they do best: shut down your vital online services. Never has a problem been so dynamic and broad-based without being tied to one particular technology. There is almost an unlimited array of tools that Hacktivists and Cyberterrorists can use to prevent access to your network. Sophisticated DDoS attacks target Layer 7 application services where they are much smaller in size making it nearly impossible for traditional ISP-based mitigation methods to detect them.
To combat these attacks, you need a solution that is equally dynamic and broad-based. Fortinet’s FortiDDoS Attack Mitigation appliances use behavior-based attack detection methods and 100% ASIC-based processors to deliver the most advanced and fastest DDoS attack mitigation on the market today
Key Features & Benefits
|100% Behavioral-based Detection||FortiDDoS doesn’t rely on signature files that need to be updated with the latest threats so you’re protected from both known and unknown “zero-day” attacks.|
|100% Hardware-based DDoS Protection||The FortiASIC-TP2 transaction processor provides bi-directional detection and mitigation of Layer 3, 4 and 7 DDoS attacks for industry-leading performance.|
|Continuous Attack Evaluation||Minimizes the risk of “false positive” detection by reevaluating the attack to ensure that “good” traffic isn’t disrupted.|
|Congestion Resistant||With up to 24 Gbps of full duplex thoughput, FortiDDoS won’t easily be overwhelmed by high-volume DDoS attacks.|
|Automated Learning Process||With minimal configuration, FortiDDoS will automatically build normal traffic and resources behavior profiles saving you time and IT management resources.|
|Multiple Attack Protection||By understanding behaviors FortiDDoS can detect any DDoS attack from basic Bulk Volumetric to sophisticated Layer 7 SSL-based attacks without the need to decrypt traffic.|
|Comprehensive Reporting Capabilities||Real-time and historic reports provide granular visibility for network and protocol layers.|