The 6cure Threat Protection (6cure TP) solution is used to eliminate malicious traffic aimed at critical services in real time, with a simple philosophy: preserving the performance and integrity of legitimate flows. 6cure TP is unique in France and Europe, and uses a patented algorithm logic to identify and filter DDoS attacks, even the most complex ones, up to application level, guaranteeing the normal flow of authorised requests to protected services.
Differentiated protection for each service
DDoS attacks can simultaneously target a whole range of services, including infrastructure services and equipment (e.g. routers and DNS), the network capacity (bandwidth) and/or application resources (web, e-commerce and online games, voice, video and messenger services).
The detection, analysis and filtering architecture of the 6cure TP solution is used to activate several levels of protection for each service requiring specific protection, in a parallelised way, enabling it to handle very-high-power attacks (n x 10 Gbps) by applying distinct protection policies.
Identification and Elimination of Malicious Flows
6cure TP uses a set of algorithms that enable it to immediately identify and isolate malicious flows targeting a service, and to preserve legitimate flows. These patented algorithms notably include detecting protocol anomalies, behavioural anomalies and application session anomalies (individual session dynamics and kinetics and intersession coordination). Its ability to learn use profiles means that the solution continuously adapts and does not require repeated updates of rules or signatures, which optimises its use. Malicious flow elimination is based on a "smart filtering" logic, which, unlike other security solutions based on a blocking logic, enables it to protect information systems, preserving legitimate use and overall service continuity.
6cure TP can easily be placed at the most strategic points of your service and network infrastructures, to offer you the best level of protection. This solution can be deployed in "Inline" mode, "Off-ramp" mode or "Cloud" mode.
Deployed in "Inline" mode as a front end to services, the solution guarantees permanent protection that has all the redundancy and failure management functions. The protective cases are stackable, creating a cluster that increases the handling capacity for services that are in great demand. 6cure TP can also operate in "bypass detection" mode, simulating protection, and only being activated upon a command or a pre-set decision criteria. This type of deployment is particularly well suited to protecting centralised infrastructures (e.g. DNS servers), web portals, or multiple-service data centres.
Deployed in "Off-ramp" mode at the core of your infrastructures, 6cure TP preserves all the protection capacities, receiving your production flows only on-demand. It is therefore able to interact with routing equipment to attract traffic and clean it before reinjecting legitimate packets towards the target of the attacks.
Deployed in "Cloud" mode within a network and service infrastructure, 6cure TP goes to the centre of flow processing, and is able to attract malicious flows before reinjecting legitimate flows only towards their initial destination, therefore providing customised protection. Of course it is possible to place a single instance to protect a whole network infrastructure, and design this system in a "cluster" mode as indicated above. The cluster with this architecture becomes a real cleaning center for attacks targeting the infrastructure's customers. This deployment mode is particularly suited to ISPs and large companies wanting to have effective protection for their infrastructures so as to offer and guarantee very-high-quality services to their users and end customers.
Solutions to Suit your Needs
The 6cure TP solution was designed so as to adapt to flow rates going from a few Mb/s to several tens of Gb/s, as the same basic algorithms can be optimised on different hardware platforms, based on the required level of performance. So, 6cure technologies offer a wide range of solutions, to parties from SMEs, who can benefit from an effective level of protection at a reasonable price, to internet players, ISPs, etc., offering them operator-class solutions via the high-performance versions of 6cure TP, which are among the most competitive solutions on the market.
The increasing intelligence of the algorithms embedded in the 6cure TP solution, which use as many as 8 filtering layers that can be activated in parallel, enables DDoS attacks to be eliminated, from the most basic attacks (e.g. SYN floods), to the most sophisticated, which are notably developing at application level. These types of attacks now use perfectly formed requests, are considered to be legitimate by servers and some security devices such as IPS, and easily go though any access controls (ACL) they encounter. 6cure TP therefore uses other analysis criteria to detect and neutralise these new attacks.
The flow analysis logic proposed by 6cure TP means we can offer you a range of complementary protection means, going beyond the context of DDoS, to guarantee your immunity against wrongful uses of your resources.
Attack Analysis and Visualization
Beyond its filtering functions, 6cure TP offers users a whole analysis portfolio, giving them access to detailed service usage statistics, identifying malicious sources and the main targets of attacks. The "botnet tracking" function is used to locate "zombie" machines employed by attackers. What is more, the embedded-flow storage capacity provides all proof and evidence for any legal proceedings. All this information can be consulted in real time via the solution management console's web interface and through specific alerts that can be usefully collected by SIEM type functions. The 6cure TP solution also provides incident reports or dashboards that are available in different formats.