Corero: The First Line of Defense Against DDoS Attacks

corero-logoBased on a true story. The facts are real, and so is the solution.

Los Angeles Dedicated (, a high-grade dedicated server hosting company, provides services to cloud hosts, gamers, resellers, and VPS and shared hosts. Keeping their clients’ servers online is critical. But after a series of DDoS attacks in excess of 10Gbps, LA Dedicated’s software-based measures put in-place to mitigate attacks were unable to cope with the attacks, resulting in downtime, and severe overages on bandwidth. Robby Hicks, CEO and President of LA Dedicated, knew something had to be done immediately to maintain their SLA.

What would happen if your network is suddenly compromised by a major DDoS attack –what will that do to your bottom line? How will your customers react? What will it do for your reputation?

Do you outsource to a cloud based DDoS protection service?

You have a data center, manage servers, or work for an organization that requires premium DDoS protection services. A quick Google search yields results that favor cloud based DDoS protection services, but is a cloud based solution best for your organization?

Here’s what happens with a cloud based DDoS protection service, also known as an out-of-band solution. Traffic is routed to an off-site scrubbing center, filtered by manual inspection from human technicians, and then routed back to your network. What’s the problem? Latency. If your customers are gamers, every second counts. If your customers are application service providers, resellers, or hosters, downtime hurts.

So if latency and downtime don’t fit your SLA, what’s the alternative?

In-Line DDoS protection using advanced mitigation appliances.

Instead of cloud based DDoS protection services, consider an in-line mitigation appliance. LA Dedicated did. In fact, Hicks was considering reviewing and testing multiple appliances from multiple vendors to find the right solution. Hicks instead found Corero (, a leader in advanced in-line mitigation appliances, and made a business-changing decision.

First let’s define in-line. In-line means running an appliance inside your network, installed along with all your servers. There are some obvious technical differences, but the overall impact on speed and performance of your DDoS protection solution is significantly different than an out-of-band solution, i.e. Cloud DDoS protection services.

Impressed with Corero’s offerings, Hicks made the call. “I got on the phone with Corero and they sent me an appliance within 24 hours to evaluate. I had the appliance up and running within four hours upon arrival. With the new solution in place, I didn’t bother with the other products I was evaluating at the time. The Corero appliance just worked and immediately stopped all the attacks, even the 10Gbps attacks. We haven’t had any issues since and our customers are happy.”

Not only was LA Dedicated able to stop 10Gbps+ attacks, they recouped their investment and implemented basic and premium DDoS protection services, which enabled the hosting company to increase revenue.

“I developed a custom platform using Corero’s SmartWall Threat Defense System (TDS), which allowed us to monetize the solution and offer different levels of protection for our customers, and even offer a base level protection for all of our customers at no extra cost to them,” says Hicks. “This is a big selling point for our services because we use only premium bandwidth so there is no latency or connection quality sacrifice when enabling DDoS protection.”

The SmartWall Threat Defense System (TDS).

What’s unique about the Corero SmartWall TDS is that it responds in real-time, and without human intervention from technicians. However, SmartWall TDS can be deployed in-line or out-of-band, making it easier for customers to deploy in their existing infrastructure and then move to a full in-line deployment when ready.

“With an in-line deployment of the Corero SmartWall TDS, our Do No Harm approach allows good user traffic to flow uninterrupted at all times,” explains Dave Larson, CTO at Corero. “The automatic and adaptive nature of the technology does not tolerate false positives and customers no longer have to worry about downtime in the event of a DDoS attack or even latency for that matter. The SmartWall TDS inspects traffic at line rate, identifying attack traffic within the first few suspicious packets, and blocks the attacks in real-time.”

Corero customers need to understand that it’s not just a single appliance they need to install in their network as the SmartWall TDS requires a separate, standalone server. The standalone server uses Splunk ( to index known threats, while providing data for further analysis of Corero’s proprietary SecureWatch Analytics application. The SmartWall TDS includes SecureWatch Analytics, giving hosters visibility and sophisticated reporting capabilities.

“While leveraging Splunk for big data analytics and advanced visualization capabilities, SecureWatch Analytics provides full visibility about the DDoS attack landscape within the provider’s environment, allowing them to automatically block traffic going to their clients or to selectively implement protections based on their customer’s service level agreement to limit the impact of an attack,” says Larson. “SecureWatch Analytics is included in the purchase of any SmartWall TDS configuration. This powerful web-based security analytics portal delivers comprehensive and easy-to-read security dashboards based on tailored DDoS security feeds.”

In addition, providers using Splunk as their primary logging and reporting platform can easily access the DDoS Analytics App from Splunk to directly integrate this data into their existing Splunk environment.

The start-up costs to implement TDS are minimal. The SmartWall TDS system is designed to be inserted transparently into an existing hosting provider network topology. In most instances, no additional equipment beyond the purchase of the SmartWall and its associated Network Bypass system (the standalone server running Splunk) is required.

Defining the return on investment (ROI) for a Corero TDS deployment

Service providers often want to know how quickly they will recoup their investment in DDoS protection. There are many variables to consider in defining an ROI model for a hosting provider when it comes to protecting SLAs, uptime requirements, and service availability. In today’s Internet connected world, it is difficult to put a price tag on availability as it is the foundation of a business. How much would it cost a hosting provider if they went down for an extended period of time – or even for a few minutes?  What happens to SLAs when customers are affected by an outage? You must protect your availability at all costs in order to maintain your revenue stream.

Instead of return on investment, Corero uses Return on Availability (ROA) to describe how customers increase revenue by offering premium services based on server and network availability. “We have many customers that offer premium service packages to their customers to include DDoS protection – a new revenue stream for their business,” says Larson. “We’ve seen instances where a SmartWall TDS customer expects to recover their investment within two to three months. DDoS protected services are becoming a differentiator for hosting providers. Customers that rely on hosted services are demanding protection against this sophisticated attack vector, and they are willing to pay a premium to ensure availability in the event of a DDoS attack.”

LA Dedicated is a perfect example of implementing the Corero SmartWall TDS to stop 10Gbps+ DDoS attacks, while being able to build and offer basic and premium services to increase their revenue.

Hicks explains how his company is recouping their investment in the Corero SmartWall TDS. “I’m still in the process of recouping our investment, but it’s hard to measure the downtime we would have faced if our network wasn’t protected, so I think it’s paid for itself in that aspect already.”

The Corero SmartWall device is a plug-n-play solution, which is exactly what customers like LA Dedicated want in a DDoS protection solution. “I don’t have time to go in and monitor and tweak this stuff every day. And with Corero’s support, they have helped me maintain our implementation. They respond very well to my feedback, and they have implemented many of my suggestions.”

Hicks says there have been a few incidents of new types of attacks. The Corero support team responded quickly and had new rules to filter those types of attacks by the next day.

one four sixteen with text WEB

Should you try Corero’s in-line DDoS mitigation appliance or move to the cloud?

Your decision ultimately comes down to two things: 1) faster response time to detect and mitigate attacks without the need for human intervention and in-line protection (Corero) or 2) slower response time due to human intervention and remote mitigation (cloud, software-based). If you are serious about protecting your customers’ servers and keeping their systems online, Corero is the solution you can use to quickly recoup your investment.

When you choose Corero, you also choose a solution that was built from the ground up to be deployed in-line, and offers a DDoS protection solution that rivals competitors. According to Larson, “The Corero solution differs from our competitors in that it was designed from the beginning to be deployed in-line and therefore is designed to forward traffic at line rate under all circumstances. Additionally, our commitment to robust visualization and deep analytics is unrivaled.”

A solution that can protect a network from the full spectrum of DDoS attacks, without latency, and adds an incremental stream of revenue, and can be delivered within 24 hours and up and running in about four hours, has to be a solution worth considering.

About Dave Young

Dave Young is a professional writer, technical writer, and founder of Young Copy, a leading promotional and technical writing services firm. Visit to learn how you can boost your company’s revenues.