Distributed denial of service solutions provider Black Lotus announced on Monday that it has made its patent-pending Human Behavior Analysis tool available to web hosting and other service providers, as a new tool for providing DDoS protection.

In an interview with the WHIR, Black Lotus president and CEO Jeffrey Lyon says the tool is different from the existing DDoS protection technology. Rather than using attack signatures or established patterns to filter traffic, it looks at individual Layer 7 connections and examines its behavior to determine if it’s a real human being sitting behind the keyboard.

Lyon says the HBA technology is the result of several years of development at Black Lotus, starting in 2009.

“In 2009 we saw the first really difficult to detect and mitigate layer 7 attacks. We were using RioRey appliances and, say you had an attack that was 200 megs in size, and the appliance cut that down by 190 megs – by most measures, any DDoS mitigation provider would say that’s a successful mitigation,” he says. “The problem was the traffic that wasn’t mitigated was a low and slow Layer 7 flood. Say there were 200,00 bots, but only about 30 of those bots were hitting the website at any given time. We were sitting there watching these connections come to a customer’s website, filtering them out by hand, and as soon as we had blocked those 30 connections, 30 more would appear. And that kept happening, over and over, over the course of hours. So we developed a really rudimentary script to detect when that was happening, and block out the bad connections. We kept making that script more intelligent and, fast forward two years later, that’s what we now call Human Behavior Analysis.”

The now-patent-pending technology has been a part of Black Lotus’s approach to DDoS protection while it was being developed, but was kept under wraps by the company, says Lyon. Now that it is protected by the patent application, Black Lotus is talking about the tool publicly.

Lyon says applying the HBA technology to Layer 7 attacks addresses malicious traffic that can get past more traditional means of mitigating DDoS attacks, calling it “the missing piece of the puzzle,” to be used in concert with traditional tools.

“What we’re doing with human behavior analysis is, we’ve already filtered out everything we know is bad,” says Lyon. “Now we’re looking at everything we thought was good, and seeing if we can pick out the bad actors. We look at a time slice of a log file of a layer 7 connection to the web server, and we start to analyze which of those connections are good and which are malicious. The ones that are good, we confirm those. The ones that are malicious, we keep looking at them, and if they keep engaging in behavior that looks like it would not be consistent with human behavior, then we’ll place a ban on that particular IP address.”

For partners of the company, Human Behavior Analysis will be part of the basic value proposition. Earlier this year, Black Lotus launched its reseller program, the Availability Assurance Partner Program – (AP)2 for short – targeting web hosting providers specifically as ideal partners for distributing its DDoS protection solutions. Black Lotus says the revenue-share model with no minimum commitment replaces a model in which hosting providers would have to purchase the Black Lotus services and figure out how to bundle them into their services.

In May, Black Lotus acquired hosting provider and managed DDoS protection service provider ServerOrigin.

When the patent process is concluded, Lyon says the company may start offering other security providers access to the technology.

“We’re going to wait for the final patent to actually start putting it in the hands of other providers,” he says. “Right now, it’s our major selling point. We come out and say, our basic value proposition is we can provide an enterprise grade DDoS mitigation solution, similar to a Verisign or a Prolexic,, at a much lower price point. Also, we can look at these Layer 7 connections much more intelligently, and make more accurate decisions as to whether or not to filter that connection.”

About Eranet

     Eranet International Limited(Eranet.com) was incorporated in Hong Kong in 2005, directly under Todaynic.com, Inc. which was established in 2000. As one of the first ICANN (The Internet Corporation for Assigned Names and Numbers), Verisign,HKDNR, and CNNIC (The China Internet Network Information Center) accredited registrars, Eranet is also a leading provider ofservices in domain name registration,web hosting and Email.

Now in Eranet

four domain have lowest price:

.asia   only USD 1.9

.com    only USD 11.99/year

.net    only USD 11.99/year

.hk     only USD 22.63/year

choose any one of listed domain, Hosting will be 15% off.

To register your own domain name, check out :

http://www.eranet.com

http://partner.eranet.com