Fortinet FortiDDoS 3000G
A Different and Better Approach to DDoS Attack Mitigation
Please Note: The image shown is of the FortiDDoS 1500F model. The FortiDDoS 3000G model has a similar appearance.
Click here to jump to more pricing!
Overview:
AI/ML Security and Deep Visibility
Distributed Denial of Service (DDoS) attacks remain a top threat to network security and have evolved in almost every way to do what they do best: shut down access to your vital online services.
Unlike intrusion and malware attacks, DDoS attackers have learned that they don’t need to attack only end-point servers to shut you down. They attack any IP address that routes to your network: unused IP addresses, ISP link subnets, or Firewall/Proxy/WiFi Gateway public IP addresses
CDN and DNS-based cloud mitigation cannot protect you from these attacks. What is the impact to your business if your users cannot reach cloud services because your firewall is DDoSed?
Sophisticated multi-vector and multi-layer DDoS attacks use direct and reflected packets where the spoofed, randomized source IP addresses are impossible to ACL. These attacks are increasingly common as Mirai-style code has morphed into many variants and has been commercialized by providers of “stresser” sites. Anyone can create large, anonymous attacks for a few dollars.
DDoS is not an everyday occurrence for security teams and they cannot be expected to understand the thousands of attack variants that target your network.
To combat these attacks, you need a solution that dynamically and automatically protects a large attack surface.
A Different and Better Approach to DDoS Attack Mitigation
FortiDDoS massively parallel machine-learning architecture delivers the fastest and most accurate DDoS attack mitigation available.
In place of pre-defined or subscription-based signatures to identify some attack patterns, FortiDDoS uses autonomous machine learning to build an adaptive baseline of normal activity from hundreds-of-thousands of parameters and then monitors traffic patterns against those baselines. Should an attack begin, FortiDDoS sees the deviation and immediately takes action to mitigate it, often from the first packet.
FortiDDoS monitors, responds, and reports on the mitigations it has performed, not attacks where your team or the vendor ERT/NoC must intervene.
Highlights:
Fully autonomous operation with no operator nor vendor NoC intervention needed during attacks, based on:
- 100% packet inspection for Layer 3, 4, and 7 DDoS attack identification and mitigation, simultaneously monitoring hundreds of thousands of parameters, customized for different network services
- Sub-one-second mitigation for all attacks
- Continuous threat evaluation to minimize false positive detections
- Advanced DNS and NTP DDoS mitigation plus advanced DTLS, IKE, and QUIC mitigation on F-Series models
- Extensive forensics reporting and vizualizations
| 100% Machine Learning Detection | FortiDDoS doesn't rely on signature files that need to be updated with the latest threats so you're protected from both known and unknown "zero-day" attacks. No "threat-protection" subscriptions required. Saves OPEX. |
| Massively Parallel Architecture | Parallel architecture provides 100% packet inspection with bidirectional detection and mitigation of Layer 3, 4, and 7 DDoS attacks even at the smallest packets sizes. Get the performance you pay for. |
| Continuous Attack Evaluation | Minimizes the risk of "false positive" detection by reevaluating the attack to ensure that "good" traffic isn't disrupted. Less management time needed. |
| Advanced DNS Protection | FortiDDoS provides 100% inspection of all DNS Query and Response traffic up to 12 million QPS, for protection from a broad range of DNS-based volumetric, application, and anomaly attacks, including attacks relayed through public multicast DNS services. DNS Reflection floods are stopped from the FIRST packet. |
| Advanced NTP Protection | FortiDDoS provides 100% inspection of all NTP Query and Response traffic up to 6 million QPS. NTP Reflection floods are stopped from the FIRST packet. |
| Advanced DTLS, QUIC, and IKE Protection | FortiDDoS inspects DTLS, QUIC, and IKE for anomalies, reflections, and over-threshold data rates. |
| Continuous Learning | With continuous background learning and minimal configuration, FortiDDoS will automatically build normal traffic and resources behavior profiles saving you time and IT management resources. |
| Autonomous Mitigation | No operator intervention required for any type or size of attack. |
| Hybrid On-premise/Cloud Support | Open, documented API allows integration with third-party cloud DDoS mitigation providers for flexible deployment options and protection from large-scale DDoS attacks. |
| RESTful API | FortiDDoS can be integrated into almost any environment through its RESTful API. |
Pricing Notes:
- FortiCare Premium Support
FortiCare Premium Ticket Handling, Advanced Hardware Replacement (NBD), Firmware and General Upgrades - FortiCare Premium plus FortiGuard Bundle Contract
Advanced Hardware Replacement (NBD), Firmware and General Upgrades, Premium Support, FortiDB Security Service (DBS) - Prices are for one year of Premium RMA support. Usual discounts can be applied.
- Annual contracts only. No multi-year SKUs are available for these services.
- Contact Fortinet Renewals team for upgrade quotations for existing FortiCare contracts.
- Pricing and product availability subject to change without notice.