FortiDDoS – Comprehensive DDoS

Protection Solution
Fortinet’s Advanced Solution for Protecting Against DDoS Attacks

Dennis Benny
09 November 2024
 DDoS Attack and Impacts
DDoS or Distributed Denial of Service attacks are Network based attacks on the
arms of Cyber Security orchestrated against a Server, Network or Application
system with the intention to bring its functions to a stand still, through huge and
presumably enormous in ows of bandwidth. DDos attack is an aggressive
approach where many systems are launched against one single target.

Impacts
Tra c Overload: All the legitimate servers have a cut-o throttle to the volume of
requests being bombarded and bounced back every second, which due to sudden
increase in requests reaching a particular threshold does not succeed.

Resource Exhaustion: Based on the severity of the attacks, servers may respond to
multiple requests at once and may reach a point of over-engagement causing a
delay or potential shutdown from the attack.
ffi
fl
ff
Service Disruption: When the server struggles to handle the load, there is a
possibility that it may crash or go o ine which may also disrupt services like web
server, databases and other web services.

Business Impact: Statistics demonstrate that today, every business depends on

Internet services as markets are rapidly moving in this direction, thus DoS attacks
proves to be costly.

ffl
What is FortiDDoS?
FortiDDoS is an advanced hardware device developed by Fortinet to prevent
Distributed Denial of Service (DDoS) attacks. FortiDDoS o ers the availability and
protection of the network resources by identifying and eliminating both regular as
well as zero-day DDoS attacks across Layers 3 – 7 in an automated fashion.

Key Features of FortiDDoS

•Automated Detection and Mitigation : FortiDDoS employs behaviour-based
detection to identify and mitigate both known and zero-day DDoS attacks without
requiring manual intervention. This approach ensures continuous service
availability by automatically responding to threats in real-time.

•Comprehensive Layer Protection : The solution provides protection across Layers

3 to 7 of the OSI model, addressing threats at the network, transport, and
application layers. This multi-layered defence is crucial for defending against
various attack vectors.

ff
•High-Performance Hardware: FortiDDoS utilizes custom Application-Speci c
Integrated Circuits (ASICs) to deliver high-speed packet processing with low
latency, ensuring e ective mitigation even during large-scale attacks.

•Scalability and Flexibility: Designed to support high-bandwidth environments,

FortiDDoS o ers scalable throughput options to meet varying organisational
needs, ensuring robust protection as network demands grow.

•Comprehensive Reporting and Analytics: The solution provides detailed reports

and analytics, o ering insights into attack patterns and trends. This information is
valuable for understanding threats and enhancing overall security posture.
ff
ff
ff
fi
 How FortiDDoS Works?
• Behavioral Analysis

• FortiDDoS continuously learns and establishes baselines of normal network tra c patterns. By
monitoring over 230,000 parameters, it can identify anomalies that deviate from these baselines,
enabling the detection of malicious activities in real-time.

• 100% Packet Inspection

• The system inspects every packet, ensuring comprehensive analysis without relying on sampling.
This thorough inspection allows FortiDDoS to detect and mitigate attacks swiftly, often from the
rst packet.

• State-Aware Detection

• FortiDDoS maintains awareness of protocol states, particularly for TCP, DNS, and NTP protocols.
This capability enables it to identify and block out-of-state packets and protocol anomalies,
e ectively mitigating attacks like SYN oods and re ection-based assaults.
fi
ff
fl
fl
ffi
• Autonomous Mitigation

• Upon detecting an attack, FortiDDoS autonomously implements mitigation strategies without

requiring user intervention. This ensures continuous protection and minimizes the risk of service
disruption during an attack.

• Massively Parallel Architecture

• The system's architecture allows for simultaneous processing of multiple attack vectors, ensuring
high performance and low latency even under heavy attack conditions.
Bene ts of Using FortiDDoS
Autonomous Mitigation

FortiDDoS automatically detects and mitigates DDoS attacks without requiring user intervention. This
ensures continuous protection, even during complex or zero-day attacks.

Comprehensive Tra c Analysis

The system monitors over 230,000 parameters in real-time, enabling it to identify and respond to a
wide range of attack vectors, including both known and emerging threats.

High-Performance Inspection

FortiDDoS performs 100% packet inspection at high rates, ensuring rapid detection and mitigation of
attacks without compromising network performance.
fi
ffi
 Scalability and Flexibility

FortiDDoS can be deployed as a physical or virtual appliance, providing exibility to meet diverse
organisational needs. It supports hybrid on-premise and cloud-based DDoS mitigation strategies,
enhancing scalability.

Detailed Reporting and Forensics

The system o ers comprehensive logging and reporting capabilities, providing insights into attack
types, sources, and mitigated tra c volumes. This facilitates informed decision-making and strategic
planning.

Seamless Integration

FortiDDoS integrates with existing security infrastructures, including FortiGate rewalls and other
Fortinet products, ensuring a cohesive and e ective security posture.

Advanced Layer 4 and 7 Protection

The solution o ers state-aware mitigation for protocols such as TCP, DNS, NTP, DTLS, and QUIC,
e ectively defending against common attack types like DNS and NTP re ection oods and SYN-ACK
oods.
fl
ff
ff
ff
ffi
ff
fl
fl
fi
fl
 FortiDDoS vs. Traditional DDoS Solutions
Feature FortiDDoS Traditional DDoS Solutions
Monitors tra c patterns and baselines typical Often rely on signature-based detection
Detection Method
tra c volumes. or prede ned thresholds.
Autonomous, inline mitigation without user May require manual intervention or
Mitigation Approach
intervention. external scrubbing services.
Analyzes over 230,000 parameters in real-time Limited analysis capabilities, focusing on
Tra c Analysis
for comprehensive threat detection. speci c attack signatures.
Performs 100% packet inspection at high Inspection may introduce latency,
Performance Impact
rates, ensuring minimal latency. a ecting network performance.
Provides state-aware mitigation for Layer 4 Typically focuses on Layer 3 and Layer 4
Layer Protection
and Layer 7 protocols. attacks, with limited Layer 7 protection.
Scalability depends on the speci c
Supports hybrid on-premise and cloud-based
Scalability solution; some may require additional
deployment options.
hardware.
Integration capabilities vary; may require
Seamlessly integrates with existing Fortinet
Integration additional con guration or third-party
security infrastructure.
tools.
Reporting features may be basic or
O ers detailed logging and reporting for in-
Reporting & Forensics require additional tools for
depth attack analysis.
comprehensive analysis.
ff
ff
ffi
ffi
fi
fi
ffi
fi
fi
FortiDDoS Deployment Options

On-premises Hardware Appliance

• For organisations with high-security needs and full control over infrastructure.

Cloud-based DDoS Protection (FortiDDoS Cloud)

• For businesses preferring a managed approach with cloud exibility.

Hybrid Model

fl