Pierluigi Paganini
November 17, 2015
It wants to do so by using an automatic protection system based on an immune-biological model that combines with Real Time Big Data analysis.
“The body knows how to deal in real time with damage to critical systems. He is broadcasting warnings such as fever or other signs that activate the immune system. We found that combining biological model for analyzing the BIG DATA, identifies sophisticated DDoS attacks in real-time,” said Israel Gross, co-founder, and L7 Defense CMO.
Alongside Gross, the partners are Dr. Doron Chema (CEO) Bio-Information by Training, whom also developed the System model and Mr. Mark Ginsburg, a senior algorithmic developer who served in Elite Cyber Unit (IDF).
“DDoS attacks on the application layer are very challenging today. A major reason for this is the use of tools that successfully simulate human behavior and are tailor made for the specific target”, says Gross. “The trick in application layer DDoS is to attack a large number of vulnerabilities while exhausted the target servers’ resources in a short time period”.
Gross explains that today defense systems against DDoS attacks are mainly based on forwarding the traffic to human analysts for a test. “In reality, the average time to discovery and blockage of complex DDoS attacks is more than an hour,” says Gross. “We strive for detection and blocking in no more than a few seconds automatically, regardless of the number of attacking vectors. This protection model is patented”.
DDoS attacks began in the 90s when the original method is to “strangle” the network traffic. Over the years, this type of attack has become easier to identify and block. At the same time, a new trend was born in recent years – targeted attacks on system servers.
These attacks are called, “application layer DDoS” operate relatively modest volume of traffic, and very efficient due to their adaptation to the target. For example, in an e-commerce site, each search request could have a potential of serving as an attacking vector. One can carry out DDoS attack by using Bots, sending multiple search requests to products simultaneously. The result of the load focused on a search engine which usually supported by heavy mechanisms may bring down the entire site or at least a significant slowdown.
L7 Company’s system is software based, located within the boundaries of enterprise systems (DMZ) and can be installed in a public cloud (AMAZON, AZURE, etc.) and / or the customer’s server farm. The system is compact and can be installed as a single server, serving as a protective reverse proxy system.
The system operates at all times (ALWAYS ON), with no prior knowledge or accumulated memory (such as the use of a central signatures bank). From the moment of identifying an attack in real time, the system produces an unequivocal identification of each attack vector and stops them immediately.
“Demonstrations show that the system is dealing effectively with the detection and blocking of 4-5 vectors simultaneously without prior knowledge. It is not limited to blocking even more complex attacks,” says Gross.
“Recall that currently identifying and stopping more than one vector is a real challenge to the SOC personnel in various organizations and usually lasts a few hours by a team of dedicated experts.
“Our system is adapted to the current situation where organizations are attacked frequently and over days or even weeks. It does not require manual operation by teams of experts that the level their availability decrease and the level of cost increases accordingly”.
In July this year, the company raised 750 thousand dollars from Incubate (Elbit Systems Technology Venture) and Israeli office of the Chief Scientist (OCS). “Elbit is a strategic partner and it opens doors for us,” says Gross.
Defense L7 company began operating officially in last July and has been awarded first prize in start-up companies competition in Germany (Tech Ecosystems). “Winning the competition will expose us to the German market,” concludes Gros.
Written by Ami Rojkes Dombe
(Security Affairs – DDoS, hacking)
