Hi-Speed Border Filtering
Connections have been established with multiple core Internet Service Providers by GetShield. These connections enable GetShield to provide multi-gigabit attack protection. Continuous evaluation and close monitoring is carried out on each peer to deliver the fastest response times to applications that may be critical and are latency-sensitive.
Wire Speed Access Control Lists are used for filtering bandwidth flood. Tracking lists of bogon IPs and infected hosts are also kept by GetShield and these are also filtered at this layer.
Deep Packet Inspection
Protocols, such as TCP three-way handshake, are verified at this level. Any attack attempts that do not conform to protocol standard including SYN DDoS flood and other similar DDoS attacks are also filtered out.
Challenge response algorithms including TCP SYN cookies and TCP SYN authentication are used to distinguish between spoofed and legitimate traffic. This can prevent spoofed attacks.
Statistical Analysis and Anomaly Recognition are enforced by GetShield to filter zero day attacks. Statistical Analysis can identify an unusual number of packets or high traffic from zombie clients and filter these threats.
Anomaly recognition will identify any changes in the normal baselines for protocol and source network flows. This can point to malicious activity which is then filtered.
Flexible Content Filtering
Application traffic is continuously monitored for unusual patterns and behavior by the GetShield Prevent Mitigation System. It can counter evasive intent rapidly by adapting flexible content filters. This deters morphing HTTP flood attacks through use of it’s proprietary pattern recognition and analysis system.
Application Level Filtering
Comprehensive application-layer intelligence is provided by GetShield deep packet inspection engine. This allows GetShield to efficiently select and deter application traffic violations by identifying which applications are currently running in the client’s network.
Larger sized clients or zombies that use valid established connections to overwhelm system resources is becoming an increasing problem. HTTP attacks such as these can be prevented by GetShield anti-zombie system by using a challenge response authentication process which will differentiate between legitimate browsers and zombie programs.
HTTP attacks can further be prevented through enforcement of intelligent HTTP Malformed filtering which ensures the validity of HTTP transactions. It can also limit the number of connections or requests to specific objects.
Exploitation of system and bandwidth resources against baseline statistics can be prevented by applying a rate-limit to the system.