SINGAPORE - When hackers launch Denial-of-Service (DoS) or Distributed-Denial-of-Service (DDoS) attacks over the Internet, VHB Technologies, Inc. halts the onslaught at the wide area network (WAN) level before it clogs local customers' networks, preventing service disruption.
"Current approaches of constructing a defense system at the customer's site are absolutely useless if the hacker has already flooded the customer's Internet link," said Garry L. Hemphill, VHB's CEO, chairman of the board, and cofounder.
"Once the Internet WAN link is clogged, it doesn't matter what kind of security software or hardware has been installed locally, because Internet service already has been disrupted. The hackers have won."
Such was the case last month at Microsoft Corp. as reported by the press. According to Hemphill, an analysis of those DoS attacks showed hackers were able to flood Microsoft's front door routers at the company's DNS location, causing loss of Internet service to Microsoft's customers.
VHB has the answer for Internet Service Providers (ISPs) like Microsoft. It is a content intelligent appliance called the VHB-2000(TM) that can be installed on the Internet backbone because it is capable of filtering data, voice, and video at extremely high speeds.
Unlike current security and data management solutions, which dramatically slow down high-performance networks, the VHB-2000(TM) protects high-speed infrastructures without compromising performance.
Once installed on the Internet backbone, the VHB-2000(TM) simply reroutes DoS or DDoS attacks away from any lower-speed links to enterprises or individual users downstream.
After the VHB-2000(TM) detects the anomalies, the appliance instantly shunts it to an auxiliary network or a secure database, known as a "honey-pot," where the data can be examined in more detail to determine the source of the attempted intrusion.
Meanwhile, service continues to all local area networks or Web sites connected to the affected Internet pipeline. "End-users or an ISP's customers most likely will never even know their Internet connection was under attack," said Dave Steinman, VHB's director of ISP and federal sales.
The VHB-2000(TM) uses the company's patent-pending VIPRE(TM) NPU technology (architected to run at 2.5 Gbps) that extracts detailed network traffic information from all seven layers of the OSI stack, allowing for very deep (512 bytes) content searches. Existing solutions, such as ASIC-based Layer 3, 4, or 7 content-aware devices, are not capable of this level of deep content intelligence.
"While there is no single technology that will win the war against hackers, the VHB-2000(TM) is a significant step forward," Hemphill said. "The ability to conduct deep packet searches at very high speeds, gives the appliance capabilities beyond current security technology. The VHB-2000(TM) can detect and avert new attack patterns as they appear."
Prospective customers include service providers, carriers, telecom equipment suppliers, large companies with Intranets, and the federal government.