DefensePro provides world-class DDoS protection including distributed denial of service (DDoS) attack mitigation and SSL-based DDoS attacks to fully protect applications and networks against known and emerging network security threats such denial of service attacks, DDoS attacks, Internet pipe saturation, attacks on login pages, attacks behind CDNs, and SSL-based flood attacks with: DDoS Protection With Dedicated Hardware That Protects Without Impacting Legitimate Traffic DefensePro uses a dedicated hardware platform based on Radware's OnDemand Switch supporting network throughputs up to 160Gbps. It embeds two unique and dedicated hardware components: a DoS Mitigation Engine (DME) to prevent high volume denial of service attacks and DDoS attacks, flood attacks, without impacting legitimate traffic, and a StringMatch Engine (SME) to accelerate signature detection. Centralized Attack DDoS Prevention Management, Monitoring and Reporting APSolute Vision is a DDoS prevention solution that offers a centralized attack management, monitoring and reporting solution across multiple DefensePro devices and locations. It provides the user real-time DDoS protection with identification, prioritization and response to policy breaches, cyber-attacks and insider threats. Complete Set of Security DDoS Attack Defense Mechanisms DDoS attack defense mechanisms include Intrusion Prevention System (IPS), Network Behavioral Analysis (NBA), anti-DDoS/Denial-of-Service (DoS) Protection, Reputation Engine and SSL Attack Protection. These DDoS attack defense mechanisms employ multiple detection & mitigation modules including adaptive behavioral analysis and challenge response technologies in addition to signature detection. The Accuracy of Inline, and the Scalability of Out of Path DefensePro DDoS protection and DDoS prevention devices can be deployed inline or out-of-path (OOP) in a scrubbing center to provide the highest mitigation accuracy within the shortest time. Read more about DefensePro's deployment models. Based on standard signature detection technology to prevent the known application vulnerabilities, DefensePro DDoS protection consists of patent protected behavioral based real-time signatures technology that detects and mitigates emerging network attacks in real time such as zero-minute attacks, DoS/DDoS attacks and application misuse attacks ― all without the need for human intervention and without blocking legitimate user traffic making it one of the top DDoS prevention solution.s DefensePro DDoS protection is a core part of Radware's next generation Attack Mitigation System (AMS) a set of patented technologies designed for the most advanced internet-borne cyber-attacks. AMS extends the "network" of attack detection and mitigation capabilities beyond the data center for: Cloud- hosted business services and applications Tools, servers and applications need protection within a virtualized environment Mobile work force increasingly depend on remote access to internal business applications and SaaS Advanced detection and mitigation techniques need to be ported to tomorrows open network fabrics

AppWall is an ICSA Labs certified and PCI compliant WAF that combines positive and negative security models to provide complete protection against web application attacks, web application attacks behind CDNs, API manipulations, advanced HTTP attacks (slowloris, dynamic floods), brute force attacks on login pages and more. A core and integrated part of Radware's Attack Mitigation Solution – a complete application and network security suite. AppWall is a web application firewall (WAF) that provides patent-protected technology to create and maintain security policies in real-time for widest security coverage with the lowest false positives and minimal operational effort. Radware’s Web application security technology features a variety of deployment modes – as a stand-alone or integrated on an ADC, on-premise and in the cloud, inline or out-of-band. What Makes AppWall a Better Web Application Firewall (WAF)? Protection from Zero-Day Web Attacks Using both negative (signature based) and positive security models - AppWall is a web application firewall (WAF) that features not only the lowest false positives and minimal operational effort, but also robust protection against known and unknown (Zero-day) threats. Reduced TCO with Lowest False Positives Unique Auto Policy Generation technology designed to secure a web application as automatically as possible with little or limited user interaction. AppWall is a web application firewall (WAF) that analyzes the protected Web application and derives the potential threats in it. It then generates individual, granular protection rules and sets a policy in blocking mode - thus eliminating the need for human intervention and saving on maintenance and labor resources. Continuous Security Delivery First web application firewall (WAF) to provide a real-time security patching solution for Web applications in continuous application deployment environments via a tight integration with Dynamic Application Security Testing (DAST) solutions. Device Fingerprinting for Bot Protection AppWall is an IP agnostic web-application security solution. It disregards IP source address context to protect from dynamic IP attacks. The power of the fingerprint is in the consolidated information extracted from dozens of browser attributes collected on the client side, facilitating accurate bot classification. Unique Out-of-Path Deployment with Full Mitigation AppWall is the only web application firewall (WAF) that can be deployed out-of-path while still providing full mitigation. As part of Radware's integrated Attack Mitigation Solution, AppWall can communicate attack footprint and blocking policies to Radware’s perimeter attack-mitigation device, DefensePro, so the attack is blocked at the perimeter and the rest of the network is protected. Full Coverage of OWASP Top-10 Out-of-the-box Including injections, cross-site scripting (XSS), cross-site request forgery (CSRF), broken authentication and session management and security misconfiguration. Data Leak Prevention Identifying and blocking sensitive information transmission such as credit card numbers (CCN) and social security numbers (SSN). Integrated Application Security & Application Delivery AppWall is an integral part of Radware's Application Delivery Controller (ADC) solution suite, which allows customers to augment their web application security protection with local and global traffic redirection, application acceleration, bandwidth management, and other application-aware services, while benefitting from a single hardware platform. Easy Migration From Test Environments to Production An AppWall VA can be deployed with the application in the production environment or – if deployed in a lab – policy is easily migrated to the AppWall appliance in production. This approach simplifies the integration and shortens the deployment time of new applications and services in the virtualized and cloud data centers. ICSA Labs Certified WAF Recognized for both the appliance and VM versions, ICSA Labs certifies AppWall for its depth and breadth of vulnerability protection, effectiveness, ease of implementation and low operation overhead. Comprehensive PCI Compliance Solution AppWall enables organizations to fully comply with PCI DSS section 6.6 requirements and includes the most advanced security graphical reports to convey visibility into the application security and detected attacks.

Radware’s Cloud WAF Service provides enterprise-grade, continuously adaptive web application security protection. Based on Radware’s ICSA Labs certified, market-leading web application firewall, it provides full coverage of OWASP Top-10 threats and automatically adapts protections to evolving threats and protected assets. The service implements both negative and positive security models by utilizing its unique ability to automatically adapt to the continuously changing threat landscape and defendable on-line assets.

Built with state-of-the-art machine learning technologies, Radware’s Cloud WAF Service automatically detects application domains, analyzes potential vulnerabilities, and assigns optimal protection policies. The service continuously monitors and analyzes application usage patterns, and generates granular baselines for legitimate traffic. This allows rapid detection and mitigation of zero-day attacks, and the continuous fine-tuning of security policies due to changing application usage patterns. Radware’s Device Fingerprinting technology allows the automatic IP-agnostic tracking of malicious sources trying to obscure themselves behind dynamic IP changes. Web assets are always kept protected, even while applications constantly change and threats rapidly evolve, assuring web security is future-proof.

Activated through a simple DNS change, with no additional hardware or software installed, Radware’s Cloud WAF Service is easily deployed to rapidly provide web security coverage in a short time-to-deploy. The service’s portal provides unmatched ease-of-use and detailed visibility into real-time attack alerts and statistics to support future planning. Real-time attack alerts provide you the information about the attacks, assests at risk, and how Cloud WAF Service is responding. Radware’s Emergency Response Team, a team of web security experts, provides additional support of attack mitigation, forensic analysis and future planning.

Radware’s Threat Intelligence Subscriptions complement application and network security with constant updates of possible risks and vulnerabilities. By crowdsourcing, correlating and validating real-life attack data from multiple sources, Radware’s Threat Intelligence Subscriptions immunize your Attack Mitigation System. It provides real-time intelligence for preemptive protection and enables multi-layered protection against known and unknown vectors and actors as well as ongoing and emergency filters.

ERT Active Attackers Feed

Radware ERT Active Attackers Feed provides preemptive protection against DDoS attacks, scanners, anonymous proxies, IoT botnets and web application attacks by identifying and blocking known IP addresses that were recently involved in attacks in real time. It aggregates and correlates information from multiple sources making its data highly accurate.

• Radware’s global threat detection and deception infrastructure
• Cloud security customer network
• ERT threat research group
• Leading security vendors as part of the Cyber Threat Alliance

What Makes Radware's Threat Intelligence Better?

Real-Time Protection Radware’s feed proactively blocks IP’s that were actively involved in DDoS attacks within the last 24 hours and constantly updates with possible risks and vulnerabilities Minimum False-Positives By cross-validating data among multiple intelligence sources, Radware’s Active Attackers feed delivers maximum security and minimum false-positives Emergency and Custom Updates Protection against known DDoS attack tools and application exploits; immediate response to critical vulnerabilities and environment-specific customer features Cyber Threat Alliance Member Radware’s ERT Active Attackers Feed is enriched with threat intelligence collected by a variety of industry leading information security vendors Extensive DDoS Protection Feed Detect, monitor and block emerging attacks. Real time protection from scanners, floods, DDoS, DNS attacks, botnets, IoT botnets and web attacks