DDoS vendor accuses resellers of mis-selling firewalls

Firewalls not built to stop high-volume, high-bandwidth DDoS attacks, warns Corero

Corero Network Security has hit out at rival vendors and their channel partners for positioning firewalls as being sufficient to snuff out DDoS attacks.

Talking to CRN, Corero chief technology officer Dave Larson claimed the mis-selling of firewalls and IPS was partly to blame for the escalation in DDoS attacks on enterprises in recent years.

Even newer-generation firewalls can provide only a "marginal benefit" in fighting off such attacks, Larson (pictured) claimed.

"One of the reasons DDoS attacks are becoming so prevalent is because they are an easy way to evade a firewall," he said.

"Firewalls have evolved but this problem is of a scale that wasn't contemplated when the firewall architecture was built. They prevent attacks that are very low bandwidth. DDoS attacks are generally several orders of magnitude larger in size and of a very high volume - it's a fire hose versus a drop - and firewalls weren't built to handle the problem."

According to Infonetics Research, the market for DDoS prevention solutions grew by 26 per cent to $348m (£222m) last year.

In Q2, the number of DDoS attacks grew by 22 per cent year on year, according to research from DDoS mitigation vendor Prolexic, with the average attack bandwidth rising 72 per cent.

"Some channel partners are - unintentionally - creating a false sense of security by claiming they can protect against DDoS attacks with products that are not capable of doing what a targeted DDoS solution can do," Larson (pictured) continued.

"We believe there is a requirement for a targeted DDoS first line of defence because the nature of the attack is of a very high volume and bandwidth, meaning you need a solution that is as close to the internet as possible."