SecOps Threat Reporting
Starting with Cyber Controller version 10.7.0.0, Behavioral WebDDoS events was enriched with more valuable data enabling the security operator to make smarter decisions and mitigate attacks more effectively.
WebDDoS Detection Event Information
The new Attack Details modal is available by clicking the Attack Information button in the Detection Events – Real Time Monitoring page.
The Web DDoS Behavioral event is reported per policy and contains all the involved fingerprints as part of the reported event.
The Anomalous Fingerprint table provides an overview of key parameters for managing TLS fingerprints, including fingerprint name, category, and assigned actions such as blocking or permitting traffic. By default, non-citizen fingerprints are blocked, while citizen fingerprints are permitted. The table also includes client profile information and traffic data. For further details, please refer to the user guide. These event details are supported for DefensePro 10.7 or later.
New Forensics Report for Fingerprints
Users can now extract the event fingerprint details in the forensics reports.
DefensePro Cluster Manager Multi-Version Support – CyberController Plus
Starting with Cyber Controller version 10.7.0.0, users can now utilize multi-version templates, simplifying security configuration management for DefensePro clusters (mitigation groups). This feature allows security teams to manage clusters running mixed software versions more efficiently. By using the multi-version templates block, you can also leverage newer security features, even when the mitigation group consists of devices with different versions.
Another new capability is the ability to convert ongoing protection templates to a newer version, allowing ongoing security protection without the need to disable or enable the protected object:
Event Unification – Cyber Controller X and Cyber Controller Plus
Starting with Cyber Controller version 10.7.0.0, the SecOps Real-Time Monitoring Detection Events table now includes all DefensePro detection events, including global events such as packet anomalies and blocklists, as well as occurred action events. This provides the security operations team with a single, unified table to view all detection events.
Detection Events Enhancements (Cyber Controller Plus)
· The detection events table is now filtered by time, rather than by active events.
· All DefensePro detection events are displayed, including packet anomalies, blocklists, and occurred action events.
· A new Ignored column indicates whether the event is processed by the Cyber Controller Plus workflow.
· A status column has been added to all detection events.
Forensics and Alerts Unification (Cyber Controller X and Cyber Controller Plus)
As part of the unification, Radware consolidated the DefensePro and DefenseFlow products in Forensics and Alerts into a new unified Domain named DDoS Protection. The new DDoS Protection domain contains all detection events including DefensePro and External and Internal Detector events, providing the security operator a single forensics setting to match all detection events. Users can create alerts or forensics to match all external and internal events easily by using a simple criteria condition to match all external and internal detector events.
SecOps User Experience Enhancements – Cyber Controller X and Cyber Controller Plus
In Cyber Controller version 10.7.0.0, Radware has introduced several enhancements to improve the efficiency and usability of the platform for security operations (SecOps) teams. These updates focus on optimizing event search and filtering, visual display options, and data accessibility, making it easier for security operators to manage, monitor, and respond to critical events. The following are the key capabilities introduced in this release:
Search Filtering
The search bar now supports multiple parameter matching within the same criteria. This new capability allows security operators to filter events based on one or more parameters. For example, you can now filter the detection events table to display only Behavioral-DoS and SynFlood events.
Dark Mode | Invert Mode
Starting with Cyber Controller 10.7.0.0, you can change the system theme color, affecting all screens. This makes it easier for SOC teams to work in darker rooms, reducing eye strain and improving focus during extended monitoring sessions.
Events Table Full Width
The security operator user can now view the Detection Events table at full screen width, letting the user to view more columns without the need to use the scroll bar.
ERT Active Attackers Feed Update every 15 Minutes
Starting with this version, the ERT Active Attackers Feed is updated every 15 minutes. This enables you to schedule the ERT Active Attackers Feed update with the same frequency.
New Alteon Platform – Alteon D-Line 8600
The Alteon Application Switch 8600S includes high-end performance application delivery appliances, providing superior SSL performance with support for the latest encryption standards (ECC). High-performance coupled with a wide range of connectivity options, high performing and reliable storage (SSD), advanced capabilities, and OnDemand scalability make this series suitable for carriers, mobile operators, and large enterprises.
Support for XFF in ADC Analytics Traffic Log Events
Starting with this version, the source address displays the client real IP address “rdwraltClientIp” if it exists. It also is used for the geolocation.