SECURITY DDoS Hybrid Defender

Comprehensive DDoS threat coverage in a simple, dedicated appliance with native, cloud-based scrubbing services.

More sophisticated attacks demand more sophisticated protection.

Today’s DDoS attacks are rapidly becoming more severe, more sophisticated, and more complex. Now, an attack will likely blend different attack vectors that are run simultaneously, designed to find the weakest link in your infrastructure—whether it’s your network devices, your applications, or your network bandwidth—and then exploit it.

Problem is, different types of attacks are best handled different ways. And, because you can’t be sure what type of attack will be leveled at your business, you have to protect against all of them or leave your apps and data vulnerable.

Read the overview >

Under Attack?

We can help.

Call (866) 329-4253
or +1 (206) 272-7969
Learn more >

4 truths about today’s DDoS attacks.


Many DDoS attacks aim to render a service unavailable by overwhelming it using multiple sources. All connections look ok.


It’s only getting easier  to launch an attack (people can get paid for participating in an attack, IoT devices can become attack bots, etc.)


Attacks are more sophisticated and targeted: For example, multi-vector attacks leveraging Transport Layer Security (TLS) connections and malware planted in IoT and other devices to create botnets.


It’s essential to defend against multiple attack types that target the weakest link, whether that’s your network, WAN bandwidth, or applications.

How traditional solutions fall short.

Multiple vulnerability vectors have spawned multiple point solutions.

Network layer (or flood) attacks are best handled at the edge of the network, protecting the assets that are behind the firewall. But the usual defense of black holing or rate limiting can cripple the connections of legitimate users.

Application layer attacks, which are more sophisticated and targeted, require SSL decryption in front of app servers inside the network. Typical solutions are blind to SSL traffic and dependent on their placement in the network.

WAN bandwidth saturation shuts down your connection to the Internet. So any on-premises defense is useless against it.

Simply put, traditional point DDoS solutions are only partially effective because they focus solely on one type of attack.

A new depth of defense.

DDoS Hybrid Defender is the only multi-layered defense that protects against blended network attacks and sophisticated application attacks, while enabling full SSL decryption, anti-bot capabilities, and advanced detection methods—all in one appliance.

It also delivers the highest performance with line rate capabilities and without impacting legitimate traffic.

Point by point—DDoS Hybrid Defender vs. the competition.

In contrast with competing products, DDoS Hybrid Defender provides comprehensive protection for both the data center and the application. Here are a few reasons why it’s more effective than the competition:

Sophisticated attacks require a lot of processing. Other solutions don’t have the performance to simultaneously decrypt SSL, process traffic, and mitigate attacks in-line.

DDoS Hybrid Defender delivers a true multi-layered defense from a single box with a dual-mode appliance that supports both out-of-band processing and inline mitigation.

Identifies good vs. bad traffic using behavioral-based attack detection with the ability to sustain DDoS under very high connect rates and volume.

Enables a faster response to volumetric and blended attacks with a true, dedicated solution that stops attacks on your data center immediately and integrates with Silverline cloud services for sub-second off-loading. It also features unique layer 7 application coverage that even stops threats hidden behind DDoS attacks without impacting legitimate traffic.


Protection against multi-vector attacks

Detect and protect against simultaneous attacks from layer 3 through layer 7.

Cloud-based volumetric attack protection

Integrated on-premises device with Silverline cloud-scrubbing service, protecting against WAN bandwidth saturation attacks.


Protection against even the largest DDoS attacks at line rate.

Variety of attack detection mechanisms

Sub-second attack detection, threshold based—packets per second (PPS), transactions per second (TPS), requests per second—and behavioral and signatures-based attack detection.

Traffic baselining and auto configuration

Baseline the traffic to automatically size the configuration.

Variety of attack mitigation mechanisms

SHUN, RTBH, BGP steer, and Silverline cloud-based services.

Variety of deployment mechanisms

Deployment options include inline (layer 2 and layer 3), out-of-band, TAP, and bump-in-wire.

Threat intelligence

Immediate protection—at line rate—against known bad actors and sharing that intelligence between on-premises deployments and the cloud.

Simplified configuration and management

Manage all DDoS settings from a single screen and only see the information important to you. Simplify configuration workflows for DDoS profiles, IP intelligence, virtual servers, and log profile setup.

Visibility into attacks via analytics and reporting

Get current attack details like impact on throughput, CPU, and memory. Event logs provide both historical and recent attack data and mitigation details. Customized reports let you pinpoint the data you’re most interested in.