Cisco Secure DDoS Protection: Global Scrubbing Centers Data Sheet
Available Languages
Bias-Free Language
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
DDoS scrubbing centers — High availability and resiliencey
Cisco partners with Radware to provide a global network of scrubbing centers that provide cloud-based DDoS mitigation and scalability. Our scrubbing centers deliver best-in-class infrastructure security and integrity,true multitenant service, resilience, and scalability. An overview of our scrubbing centers’ high availability and resilient architecture follows.
Systems
All scrubbing centers are designed in a fully resilient mesh topology and are based on N+1 redundancy of all networking (routers, switches, and load balancers) and mitigation elements. They are equipped with dual redundant power supplies on all applicable equipment to assist with maximum uptime. This topology allows for steady and uninterrupted operation of the scrubbing centers during maintenance and/ or element failures.
Connectivity
Our scrubbing centers are connected to the internet through multiple Tier 1 (upstream) providers and links.
This configuration enables high capacity, flexibility in customer diversion methods, and high availability
at all times
Figure 1. Global Scrubbing Centers
Management and security
Everyday operation of the scrubbing centers is controlled by management and monitoring systems,allowing for continuous monitoring of all components, subcomponents, and internal/external and front-end/back-end applications to assist the infrastructure and service integrity.
The management network is dedicated and separated from the mitigation network. All management servers are installed on dedicated physical or virtual servers, protected by leading firewall and network security systems.
Scaling and disaster recovery
Our high-capacity global DDoS scrubbing center network is designed and built from multiple scrubbing centers located in data centers around the world.
Our scrubbing centers are backed up automatically, and individual centers can be replaced by one of the other centers for scaling or disaster relief. All scrubbing centers are interconnected with a VPN, and control can be transferred from one scrubbing center to another using the control center software.
Choosing the right DDoS solution
| On-demand |
Always-on |
Hybrid |
| ● No added latency when not under attack |
● Always-available, |
● Best overall DDoS solution |
| ● Traffic diverted only when an attack is detected |
● Immediate protection with minimal added latency |
● Combines on-premises protection with cloud-based scrubbing capacity |
| ● Lowest cost, simplified, cloud-only deployment |
● Best suited for applications hosted in the cloud and for organizations that are frequently attacked |
● Real-time protection and minimal latency when not under attack |
| ● Best suited for latencysensitive applications and organizations that are infrequently attacked
|
|
● Recommended for data center protection |
Massive capacity. Scalable global DDoS protection.
|
|
Our cloud security services are fully compliant with the following security standards:
● US SSAE16 SOC-2 Type II
● PCI DSS v3.2 (Payment Card Industry Data Security Standard)
● HIPAA (Health Insurance Portability and Accountability Act of 1996)
● ISO 9001:2008 (Quality Management System)
● ISO 27002:2013 (Information Security Management Systems)
● ISO 27017:2015 (Information Security for Cloud Services)
● ISO 27018:2014 (Information Security Protection of Personally Identifiable
Information [PII] in Public Clouds)
● ISO 27032:2012 (Security Techniques — Guidelines for Cybersecurity)
● ISO 28000:2007 (Specification for Security Management Systems for the Supply Chain).
In addition, our data centers worldwide are certified to meet the following quality standards:
● US SSAE16 SOC-1 Type II
● US SSAE16 SOC-2 Type II
● ISO 9001:2008 (Quality Management System)
● ISO 14001:2004 (Environment Management System)
● ISO 22301:2012 (Business Continuity Management Systems)
● ISO 50001:2011 (Energy Management Systems)
● OHSAS 18001:2007 (Occupational Health & Safety).
All scrubbing centers are hosted by industry-leading data centers with high standards and procedures. Radware data centers have at least 99.999% availability SLAs on power. Every mission-critical device has at least one backup power feed fed by UPS along with a generator backup. Physical access to the data center buildings, data floors, and individual areas is monitored 24x7. Standardized procedures ensure that only selected staff members have access to equipment whenever required.
Cisco partners with Radware to deliver industry-leading DDoS solutions to customers worldwide.