Defense.Net launches DDoS SWAT

Published September 25, 2013


Nathan Misner
Sr. Director of Global Communications
F5 Networks
(206) 272-7494

Holly Lancaster
WE Communications
(415) 547-7054

Service Integrates New Technology to Protect Against “Concentration Risk” when Facing the New Generation of Large DDoS Attacks

BELMONT, CALIF. – Defense.Net, the only company designed to mitigate the increasing scale and sophistication of modern Distributed Denial of Service (DDoS) attacks, today announced the launch of Defense.Net DDoS SWAT, a new service that operates in conjunction with an organization’s already deployed DDoS mitigation infrastructure to ensure operational continuity during the largest and most complex attacks.  It is aimed at the “Concentration Risk” that major organizations face with their primary DDoS mitigation solutions.

As most enterprises and financial institutions have deployed cloud-based DDoS mitigation services from one of two primary providers, regulators, auditors and the enterprises themselves fear a simultaneous attack could overwhelm the finite resources of either of these two providers.  This could cause a DDoS mitigation provider to go down and take their customers with them.  Due to this Concentration Risk, these organizations want a highly scalable secondary provider that can step in and protect them from DDoS attacks should their primary provider be unable to deliver protection.

“As an overflow service, Defense.Net DDoS SWAT has to do a lot more than match the capabilities and capacities of the primary provider,” said Chris Risley, CEO of Defense.Net.  “We’re only asked to step in when the primary provider is not succeeding.  By definition, we’re stepping into a bad situation.    That’s why we’re provisioning 10 times the bandwidth per customer of the leading primary providers.  We’ve built highly redundant and scalable data center infrastructures and we’ve staffed the organization with some of the most experienced DDoS fighters in the industry.  With new technology developed by Barrett Lyon, who created of the DDoS mitigation industry more than 10 years ago, Defense.Net DDoS SWAT backs up an organization’s primary DDoS defense to ensure that these large scale attacks no longer disrupt critical infrastructure.”

Similar to police SWAT (Special Weapons and Tactics) teams, Defense.Net DDoS SWAT provides backup support on top of an existing DDoS mitigation service.  Targeted to large enterprises, it is designed for the increasingly frequent large-scale attacks that have overwhelmed traditional DDoS mitigation services and have even exceeded the size of the Internet pipe before any traffic can even reach an organization’s mitigation equipment.  Defense.Net DDoS SWAT provides a massive amount of bandwidth of up to ten times the capacity per customer of existing DDoS mitigation services, combined with new technologies custom built to respond to today’s modern attacks.  When overlaid on top of a primary DDoS mitigation solution, it provides an added level of protection to ensure operational continuity.

“When there is normal criminal activity, the police can generally handle the situation, but in particularly dangerous or threatening scenarios, the response is escalated to the SWAT team for a more aggressive response,” said Barrett Lyon, founder and CTO of Defense.Net.  “Think of traditional DDoS mitigation solutions as the police and Defense.Net DDoS SWAT as the police SWAT team that is always there and can be called in when the police needs additional assistance.”

Defense.Net DDoS SWAT is based on four new technologies developed by Barrett Lyon.  These include:

  • Defense.Net Traffic Spectrum™:  a new technique for breaking multi-layer attacks into their components for more thorough mitigation via the only systems specifically designed to mitigate each attack vector:  White List, Black List, SYN Traffic (including SYN Flood attacks), Connection Accumulation Traffic, Layer 7 Traffic,  DNS Traffic (including DNS Reflection attacks), etc.  Legacy DDoS has a “one box does all” approach that cannot get to the level of detail or scalability required for the new generation of DDoS attacks.
  •  Defense.Net IP Reflection™:  a patent-pending artifact-free technology that delivers clean traffic back to the organization under attack.  The returned traffic has the appearance of traffic coming from the original visitor which ensures normal delivery and eliminates false fraud alerts.  This unique asymmetric approach requires only inbound traffic be diverted and thus needs only a fraction of the bandwidth (less than one-eighth) of legacy symmetric DDoS mitigation technology.  This asymmetric approach also reduces the latency generated by symmetric technology used by legacy DDoS mitigation.
  • Defense.Net SYN Assure™:  a new technique for mitigating SYN Flood attacks that detects suspect SYN requests and conducts further analysis before blocking.  Prevents the common problem with legacy DDoS technology that blocks legitimate traffic.
  • Defense.Net AttackView™:   the only interactive portal to provide customers with detailed information on an attack in real-time, as well as post-attack analysis.  Includes data not typically provided by leading DDoS mitigation services, including attack origin, diagnostics of the attack traffic, specific mitigations performed, the result of each mitigation vector on attack traffic, and how each attack responds and morphs based on the specific mitigations performed.

“As the critical infrastructure of our nation grows more dependent on the Internet and always on connectivity, large scale DDoS attacks are becoming more damaging,” said Lyon.  “At the same time, a growing number of actors, even nation-states are using DDoS as modern weapons of warfare.  In addition to paralyzing their IT infrastructure, one of the greatest challenges organizations currently face with DDoS mitigation services are the damaging side effects they create, such as false positives, fragmentation, session interruption and fraud alerts.”

After installation and configuration, Defense.Net DDoS SWAT operates 24×7 on a standby basis on top of existing DDoS solutions, providing an always-on insurance against attack.  It fully integrates with on-premises or hosted defenses and is designed to operate in tandem with the equipment of all leading security hardware providers.

In addition to the new technology in Defense.Net DDoS SWAT, the service also includes the Defense.Net “Zero Day Team.”  This team includes the best and brightest DDoS mitigation experts and network operators in the world, including veterans of Prolexic, Verisign, BitGravity, Juniper, and Apple’s security team.  Defense.Net founder and CTO Barrett Lyon’s understanding of DDoS stretches back to his teenage years in the 1990’s when he operated IRC chat servers – the focal point for the creation of today’s DDoS techniques.  As the DDoS threat spread to businesses, he went on to pioneer defenses for a variety of companies, including online wagering and one of the largest insurance companies. This led to his pursuit of hackers operating as part of the Russian mob, as chronicled in the best-selling book, Fatal System Error by Joseph Menn.  After founding Prolexic Technologies, Lyon founded two successful companies focused on streaming digital content on the web.

About F5

F5 (NASDAQ: FFIV) makes apps go faster, smarter, and safer for the world’s largest businesses, service providers, governments, and consumer brands. F5 delivers cloud and security solutions that enable organizations to embrace the application infrastructure they choose without sacrificing speed and control. For more information, go to You can also follow @f5networks on Twitter or visit us on LinkedIn and Facebook for more information about F5, its partners, and technologies.

F5 is a trademark or service mark of F5 Networks, Inc., in the U.S. and other countries. All other product and company names herein may be trademarks of their respective owners.

About Defense.Net

Founded by Barrett Lyon, who created the Distributed Denial of Service (DDoS) attack mitigation industry more than 10 years ago, Defense.Net has combined the top minds in the DDoS space with breakthrough new technologies designed to effectively address today’s and tomorrow’s DDoS mitigation challenges.  It is the only company to defend businesses and organizations against this new generation of massive and sophisticated DDoS attacks while delivering the highest levels of Internet application performance – two areas where legacy DDoS mitigation services have not been able to match the modern strategies of today’s cyberattackers.  With increasing threats from the escalating scale and complexity of DDoS attacks and a growing number of antagonists willing to use them, Defense.Net protects organizations from modern attacks by providing end-users with a seamless experience as if no attack were occurring.  The company has raised more than $9.5M in debt and equity financing with investors that include visionary security and Internet investor Bessemer Venture Partners (BVP).

Addendum: F5 Networks acquired Defense.Net in May 2014

# # #

This press release may contain forward looking statements relating to future events or future financial performance that involve risks and uncertainties. Such statements can be identified by terminology such as "may," "will," "should," "expects," "plans," "anticipates," "believes," "estimates," "predicts," "potential," or "continue," or the negative of such terms or comparable terms. These statements are only predictions and actual results could differ materially from those anticipated in these statements based upon a number of factors including those identified in the company's filings with the SEC.