DDoS and Security

The AX Series adds another security layer for load balanced servers and applications. Adding to a defense in-depth strategy, key protections are architected into the AX Series hardware and software.

The AX Series implements a series of specialized programmable ASICs to offload attack detection and prevention functions from other devices. With hardware accelerated defenses, data centers are protected from Distributed Denial of Service (DDoS) and protocol anomaly attacks without sacrificing performance.

• Hardened System Architecture: Secures the AX Series with a purpose-built operating system that is dedicated to application acceleration functions, out-of-band management, secure management interfaces, and more.
  
  
• High-Performance Secure Email: Support for STARTTLS to enable secure email traffic to and from SMTP servers by encrypting mail traffic to and from clients.
  
  
• DDoS and Anomaly Protection: Provides high-performance detection and prevention against denial-of-service and protocol attacks that can cripple servers and take down applications. Since the AX Series is placed between the routers and data center resources, it is ideally positioned to detect and stop attacks directed at any data center server or application. Through specialized ASICs, the AX Series can continue to inspect, stop and redirect all application traffic at network speeds.
  
  
• Customizable Security Policies: Using the AX Series' intuitive Web management interface or industry standard CLI, data center administrators can quickly develop sophisticated security policies and leverage the AX Series ASIC-accelerated architecture to look deep into traffic flows for threats in order to secure applications and servers. Methods include both standard and extended Access Control Lists (ACLs) and the flexible aFleX scripting feature.
  
  
• Policy-Based SLB (PBSLB): AX Series devices allow you to "black list" or "white list" individual clients or client subnets. Based on actions you specify on the AX device, the AX will allow (white list) or drop (black list) traffic from specific client hosts or subnets in the list. With the capacity for 8 million host entries and up to 32,000 subnet entries, PBSLB greatly augments anti-spam capabilities.
  
  
• Line-Rate Performance: Provides line-rate performance for attack scanning, detection and prevention functions by leveraging ACOS's traffic optimization and ASIC-accelerated hardware architectures.

A10 Networks partners with Imperva's SecureSphere Web Application Firewall for a best-of-breed server load balancer and Web application firewall solution. Read about the joint solution in the AX Series and Secure Sphere Solution Brief.