Riverhead Networks Announces "Centralized Protection" for Helping ISPs Protect Customers From DDoS Attacks Deployment Innovation for MPLS Networks Allows Service Providers to Cost-Effectively Deliver DDoS Protection Services

CUPERTINO, CA -- (MARKET WIRE) -- 09/22/2003 -- Riverhead Networks™, a leading provider of distributed denial-of-service (DDoS) and worm solutions that ensure business continuity for ISPs, data centers and large enterprises, today announced a new "centralized protection" architecture that supports more scalable, flexible and cost-effective deployment options for service providers who want to protect their Multiprotocol Label Switching (MPLS)-based networks -- and their customers -- from DDoS attacks.

"Our service provider customers are eager to deploy DDoS detection and mitigation solutions to protect their own infrastructures, and to extend those services to their customers," said Yuval Rachmilevitz, president and CEO of Riverhead Networks. "The challenge is finding a way to cost-effectively deploy such solutions in highly distributed environments supporting scores of online businesses spread over the provider's service area. Riverhead's centralized protection capabilities, enabled by our 'long diversion' technology, are a direct response to customer demands for scalable options for deploying DDoS protection in large environments."

How it Works

In a typical service provider environment, DDoS detection and mitigation devices such as the Riverhead Detector™ and Riverhead Guard™ would be deployed at all edge points within the infrastructure where protection is needed. The centralized protection feature allows ISPs to consolidate a smaller number of Guards in a central location and share them among multiple, geographically dispersed customers.

The key to centralized protection is a concept called "long diversion." When an attack is detected by a Riverhead Detector™ or other third-party device, all traffic destined for the targeted device, regardless of its location, is rerouted, or long diverted, from all peering points to the centralized Guard. The Guard analyzes incoming traffic on a per-flow basis, applying a series of patented technologies included in Riverhead's unique Multi-Verification Process™ (MVP) architecture to identify and remove malicious packets before returning legitimate transactions to the network, ensuring uninterrupted operations. By maintaining business continuity, the Riverhead solution offers superior DDoS protection than other common techniques such as "sinkholing," which sends all traffic addressed to a targeted device -- both good and bad -- to a dedicated server for analysis, never to be seen again.

Centralized protection also greatly simplifies installation, administration and maintenance, enabling DDoS protection services to be easily provisioned for individual users on demand. In addition, the deployment allows service providers to scale DDoS protection services easily and efficiently, without requiring any unnecessary upfront investments.

Competitive Advantage

For service providers looking for ways to deliver services in an efficient and cost-effective manner, Riverhead's centralized protection feature represents a considerable competitive advantage.

"Distributed denial-of-service attacks are problematic for service providers and enterprises alike," said Eric Hemmendinger, research director for security and privacy at Aberdeen Group. "But the sprawl of service provider environments can make DDoS protection too expensive to deploy globally unless there is a way to centralize the DDoS mitigation solution. Riverhead's approach to DDoS prevention -- which provides for centralized protection -- offers a cost-effective approach that can be a foundation for revenue-enhancing services."


The Riverhead Guard with centralized protection is available and shipping now.

About Riverhead Networks

Riverhead's solutions defend networks against crippling DDoS and worm attacks, securing Internet availability. By identifying and filtering out malicious traffic, the company's security systems ensure business continuity for ISPs, hosting centers and large enterprises, maintaining network and server availability for legitimate users.

Riverhead's patent-pending Multi-Verification Process™ (MVP) architecture automatically blocks attack packets and forwards real customer transactions, without relying on other network devices. "Dynamic diversion" enables Riverhead to redirect only traffic flowing towards a targeted resource through the Riverhead Guard to block malicious packets, maximizing scalability and reliability benefits.

Riverhead Networks is funded by Sequoia Capital, Cisco Systems, Gemini Israel Funds, Intel Capital and Koor Venture Capital. For more information about Riverhead, visit www.riverhead.com.

Riverhead Networks, Riverhead Detector, Riverhead Guard and Multi-Verification Process are trademarks of Riverhead Networks Inc. All other brand and product names are trademarks or registered trademarks of their respective holders.