Application-layer DDoS detection

New capability enables organisations to obtain multi-faceted protection against distributed denial-of-service attacks.

  • Friday, 7th June 2013 Posted 11 years ago in by Phil Alsop

Lancope, Inc. announces new application-layer detection for distributed denial-of-service (DDoS) attacks as part of its StealthWatch® System 6.4. Combined with existing functionality for identifying volumetric DDoS attacks, the new capability enhances enterprise protection from this increasingly concerning type of online threat.


“The use of DDoS attacks has increased over the past several years. While the size and duration of volumetric attacks continue to grow, attackers are increasingly using application-layer and encrypted attacks,” said Kerry Armistead, vice president of product management for Lancope. “Today’s organisations must be prepared to thwart attacks on as many fronts as possible. StealthWatch 6.4 includes both application and volumetric DDoS detection to offer customers a multi-pronged approach for identifying and halting DDoS attacks before they disrupt critical operations.”


DDoS is currently playing a key role in hacktivism, and is also frequently used as a cover for more insidious attacks, distracting victims with service outages in order to steal money or confidential data. In fact, 76 percent of surveyed IT organisations that use StealthWatch for security forensics were influenced to acquire the system because of its DDoS detection capabilities.


StealthWatch 6.4 extends Lancope’s DDoS detection into the application layer with the ability to identify and alarm on slow connection floods for HTTP and HTTPS. StealthWatch also enables organisations to detect the source of volumetric DDoS attacks by alarming on unusually large traffic volumes, providing a comprehensive strategy for protecting corporate and government resources from these rising attacks.


To effectively prevent large-scale DDoS attacks, organisations require not only mitigation solutions, but also network visibility tools that can make sense of the fog that rises during a denial-of-service attack. StealthWatch provides organisations with:
• Layered DDoS protection
• A simplified DDoS workflow
• Small-volume, application-layer DDoS detection
• Highly scalable DDoS identification
• On-premise DDoS detection to augment carrier detection and provide local visibility and control
• Dashboards, analytics and reporting for early warning
• Forensic data for post-mortem analysis


By collecting and analysing NetFlow, IPFIX and other types of flow data from existing infrastructure, StealthWatch delivers in-depth network visibility and security intelligence to hundreds of governments, enterprises and service providers around the world. Providing continuous security monitoring across the entire network, StealthWatch can quickly uncover DDoS attacks for expedited incident response, preventing costly service outages. In addition to DDoS attacks, StealthWatch also enables organisations to defend their infrastructure against additional types of threats including sophisticated malware, APTs and insider threats.