Fortinet FortiDDoS 2000F
A Different and Better Approach to DDoS Attack Mitigation
Click here to jump to more pricing!
Overview:
Distributed Denial of Service (DDoS) attacks remain a top threat to IT security and have evolved in almost every way to do what they do best: shut down access to your vital online services.
Unlike intrusion and malware attacks, DDoS attackers have learned that they don’t need to attack only end-point servers to shut you down. They attack any IP address that routes to your network: unused IP addresses, Inter-router-link public IP addresses, or Firewall/Proxy/WiFi Gateway public IP addresses.
Cloud-based CDN and DNS-based cloud mitigation cannot protect you from these attacks. What is the impact to your business if your users cannot reach cloud services because your firewall or demarc router public IP is being DDoSed?
Sophisticated multi-vector and multi-layer DDoS attacks use direct and reflected packets where the spoofed, randomized source IP addresses are impossible to ACL. These attacks are increasingly common as Mirai-style code has morphed into many variants and has been commercialized by providers of “stresser” sites. Anyone can call down large attacks for a few dollars.
DDoS is not an everyday occurrence for security teams and they cannot be expected to understand the thousands of attack variants that target your network
To combat these attacks, you need a solution that dynamically protects a large attack surface.
A Different and Better Approach to DDoS Attack Mitigation
FortiDDoS massively parallel machine-learning architecture delivers the fastest and most accurate DDoS attack mitigation available.
In place of pre-defined or subscription-based signatures to identify some attack patterns, FortiDDoS uses autonomous machine learning to build an adaptive baseline of normal activity from hundreds-of-thousands of parameters and then monitors traffic patterns against those baselines. Should an attack begin, FortiDDoS sees the deviation and immediately takes action to mitigate it, often from the first packet.
FortiDDoS monitors, responds, and reports on the mitigations it has performed, not attacks where your team or the vendor ERT/NoC must intervene.
Highlights:
- 100% packet inspection for Layer 3, 4, and 7 DDoS attack identification and mitigation, simultaneously monitoring hundreds of thousands of parameters — a massivelyparallel computing architecture
- 100% Machine Learning DDoS detection
- Completely invisible to attackers with no IP and no MAC addresses in the data path. FortiDDoS is not a routing or terminating Layer 3 device.
- Continuous threat evaluation to minimize false positive detections
- Advanced DNS and NTP DDoS mitigation on selected models
- MSSP Portal for customer resale on selected models
- Hybrid On-premise/Cloud mitigation available with Open Signaling
100% Machine Learning Detection | FortiDDoS doesn’t rely on signature files that need to be updated with the latest threats so you’re protected from both known and unknown “zero-day” attacks. No “threat-protection” subscriptions required. Saves OPEX. |
Massively Parallel Architecture | Parallel architecture provides 100% packet inspection with bidirectional detection and mitigation of Layer 3, 4, and 7 DDoS attacks even at the smallest packets sizes. Get the performance you pay for. |
Continuous Attack Evaluation | Minimizes the risk of “false positive” detection by reevaluating the attack to ensure that “good” traffic isn’t disrupted. Less management time needed. |
Advanced DNS Protection | FortiDDoS provides 100% inspection of all DNS Query and Response traffic up to 12 million QPS, for protection from a broad range of DNS-based volumetric, application and anomaly attacks. DNS Reflection floods are stopped from the FIRST packet. |
Advanced NTP Protection | FortiDDoS provides 100% inspection of all NTP Query and Response traffic up to 6 million QPS. NTP Reflection floods are stopped from the FIRST packet. |
Continuous Learning | With continuous background learning and minimal configuration, FortiDDoS will automatically build normal traffic and resources behavior profiles saving you time and IT management resources. |
Autonomous Mitigation | No operator intervention required for any type or size of attack. |
Hybrid On-premise/Cloud Support | Open, documented API allows integration with third-party cloud DDoS mitigation providers for flexible deployment options and protection from large-scale DDoS attacks. |
Fortinet Security Fabric Integration | Single-pane visibility of attack mitigation and network performance reduces management and improves response time (on selected models). |
RESTful API | FortiDDoS can be integrated into almost any environment through its RESTful API. |
Central Manager | FortiDDoS-CM (for B-/E-Series) is available for users with multiple geographically dispersed FortiDDoS units. One management screen for all devices with single sign-on. |
Pricing Notes:
- FortiCare Premium Support
FortiCare Premium Ticket Handling, Advanced Hardware Replacement (NBD), Firmware and General Upgrades - FortiCare Premium plus FortiGuard Bundle Contract
Advanced Hardware Replacement (NBD), Firmware and General Upgrades, Premium Support, FortiDB Security Service (DBS) - Prices are for one year of Premium RMA support. Usual discounts can be applied.
- Annual contracts only. No multi-year SKUs are available for these services.
- Contact Fortinet Renewals team for upgrade quotations for existing FortiCare contracts.
- Pricing and product availability subject to change without notice.