Corero Network Security (AIM: CNS; OTCQX: DDOSF) announced a new capability of SmartWall ONE that stops encrypted application layer (L7) DDoS attacks in real time, without adding latency or requiring additional infrastructure. The company aims to address one of the most critical gaps in modern defense: when “everything goes over TLS,” many attacks hide in secure channels and evade traditional controls.
What the new feature offers
- AI-assisted detection + real-time intelligence feeds to identify and cut encrypted L7 DDoS attacks on the fly.
- No false positives that degrade the experience: focus on accuracy, performance, and privacy (without decrypting or intrusive inspection, according to Corero).
- No redesigns: inline protection designed to deploy where SmartWall is already in place, avoiding re-engineering or extra hardware/scrubbing costs.
Who it’s for and why it matters
- Operators and service providers: ability to offer premium L3–L7 DDoS services, even with encrypted traffic, without added complexity and with new revenue opportunities by differentiating protection levels.
- Businesses: real-time shielding of public-facing applications while maintaining privacy, compliance, and uptime. The inline architecture is designed to stop encrypted L7 attacks and complement or extend what a WAF does.
Technical context (and the promise)
With encryption now default on the web, many defenses either introduce latency (by decrypting) or lose visibility (if they don’t). Corero claims that its inline approach uses telemetry and behavioral signals enriched by AI/intel to identify malicious patterns without breaking TLS, which reduces the risk of overblocking and preserves performance.
What to watch
- Signal transparency: how accuracy is maintained in complex L7 attacks without decrypting.
- Interoperability with WAF/CDN and privacy/regulation policies.
- Operational metrics: actual impact on latency, false positive rates, and TTK/TTM (time to kill/mitigate) in production environments.
Conclusion: for providers and large organizations facing hidden L7 peaks within TLS, the message is clear: more protection with less overhead. If Corero’s inline detection lives up to its promise of blocking within minutes (or seconds) without touching the encryption, it could set a new standard for maintaining availability in a predominantly encrypted Internet.
via: corero