L7 Defense: Mitigating Applicative DDoS Attacks through Natural Intelligence

Doron Chema, Co-founder & CEO
High volume “Distributed Denial of Service” or DDoS attacks enabled by the new “Internet of Things” (IoT) are on the rise and becoming part of our daily news. As recently as October, 2016, a massive DDoS attack made by Mirai botnet, crippled the Internet on the East Coast of the U.S. These attacks overwhelm Data Center infrastructure, mostly by sending mass of “normal” users’ requests, hence are a violent version of the classical yet unsolved “Applicative DDoS” attack.

Over two years ago, Dr. Doron Chema, Co-Founder of L7 Defense, and his team evaluated the crowded DDoS mitigation market and decided to challenge the “Applicative DDoS” attack problem. Statistics are really stunning here, as above 80 percent of recent DDoS attacks were of less than 1 GBPS, the typical range for Applicative attacks, as current algorithms mostly fail in discovery. Now, IoT-based DDoS attacks present a destructive combination of such applicative attacks enhanced by the power of machines.

L7 developed and launched the Ammune® (Applicative Immune) technology, which successfully mitigates applicative DDoS attacks of all kinds and dynamics and even more surprisingly, in almost unlimited range of traffic volumes, even at the low end range of below 100 requests per second.

Ammune® is a pioneered “Natural Intelligence” cyber security system. “Just like the natural immune system that automatically detects variations in the antigen patterns of newly attacking viruses and bacteria without destroying the host cells, Ammune® identifies DDoS attacks and extracts signatures from the attacking vectors (i.e. request types). It is done with very high precision and accuracy even while facing multiple, highly randomized vectors, while signatures are used for real time attack mitigation by Ammune or other systems,” says Doron. This simple description includes some major scientific and technological breakthroughs made by L7 team, but the process by itself is pretty intuitive.

The system has its own visual dashboard, API and Alerts, that report to the SoC systems and team on the attack details with high Real Time transparency.

Ammune® can identify multiple, highly randomized DDoS attacking vectors’ patterns with high precision and accuracy

The Ammune® “elastic defense shield” mechanism is made of two layers. First, each Ammune® server adapts itself automatically to frequent changes in the protected applicative systems. Second, Ammune® servers are loaded or unloaded automatically in seconds by Ammune® C&C. Customers are charged only for actual usage, while major picks are usually rare.

As it has primarily been tested in a series of intensive data center production environments, fast attacks far below— as well as over—1 GBPS in volume were found as common, but mostly go unnoticed by non-Ammune® mitigation systems. Recently, it was tested against real-world IoT based attacks at extremely complex mitigation conditions (For example: 10 vectors, 50,000 IP's and 100,000 RPS). “Even we were amazed by the accuracy achieved by Ammune®, reaching in some cases to 40 signatures and above, mitigating attacks in seconds,” says Doron.

According to Doron, “IoT-based DDoS attacks become a critical cyber security issue in less than 2 months after appearance. However, it is only the first sign of large scale attack possibilities on infrastructure and autonomous systems. Therefore, a new level of accuracy, automation, and adaptability is expected from defense systems such as presented by L7.”

Although very minor marketing efforts have been made to date, L7 Defense is facing fast growing demand for the Ammune® technology and has escalated the testing stage to prepare for consumer interest.

L7 Defense


Doron Chema, Co-founder & CEO and Yisrael Gross, Co-founder & CMO Marik Ginzburg, Co-founder & Head of Algorithms

A firm that offers a platform for mitigating sophisticated, large scale, DDoS attacks automatically and efficiently in real time

L7 Defense