Radware Ltd.
Distributed denial of service (DDoS) defense techniques for applications hosted in cloud computing platforms

Abstract:

A defense platform for protecting a cloud-hosted application against distributed denial-of-services (DDoS) attacks, wherein the defense platform is deployed out-of-path of incoming traffic of the cloud-hosted application hosted in a plurality of cloud computing platforms, comprising: a detector; a mitigator; and a controller communicatively connected to the detector and the mitigator; wherein the detector is configured to: receive telemetries related to behavior of the cloud-hosted application from sources deployed in the plurality of cloud computing platforms; and detect, based on the telemetries, a potential DDoS attack; wherein, the controller, upon detection of a potential DDoS attack, is configured to: divert traffic directed to the cloud-hosted application to the mitigator; cause the mitigator to perform at least one mitigation action to remove malicious traffic from the diverted traffic; and cause injection of clean traffic to at least one of the plurality of cloud computing platforms hosting the cloud-hosted application.