Security IT managers today fear Distributed Denial of Service (DDoS) attacks more than anything else. Without warning, hundreds or thousands of “zombie” computers can flood a “victim” Web site with requests for connections, quickly saturating a network firewall and choking off legitimate traffic. These threats are designed to consume as much processing power as possible—quick saturation of the CPU is the goal. Under such pressure the firewall can easily fail, leaving a network fully exposed. Or the organization can lose Internet connectivity—and thousands of hours of productivity—until the firewall can be restored.

In response to this threat, security appliance vendors utilize powerful processors that run sophisticated software. Many of these firewalls and VPN servers are strong enough to stave off some of the most vigorous attacks. But not all. That’s because the typical architecture of a firewall/VPN server is synchronous—performing one function at a time. According to Corrent, synchronous architecture will fail when confronted with a flooding DDoS attack due to the fact that each connection must be processed in order.

Corrent came up with a distributed architecture that enables asynchronous processing at the firewall. Suspicious traffic is quickly diverted while the good communication flows freely. With multiple processors working on different tasks simultaneously,
even the most malicious DDoS attacks cannot choke the firewall.