Server load balancing
Load balancer solutions support an organisation's security by optimising the distribution of network traffic between servers, while protecting the IT infrastructure from cyber attacks and cyber threats. With features to protect against DDoS attacks, traffic filtering, protocol inspection and integration with other security solutions, load balancers play an important role in ensuring business continuity and protecting IT assets.
Features and functions of load balancers
Network traffic distribution as protection against congestion
The load balancer evenly distributes network traffic between the available servers, which prevents overloading and protects applications from failures.
Load balancing: The load balancer directs users to less loaded servers or those that are geographically closest.
Example: when a server serving an e-commerce application becomes overloaded by a large number of users, the traffic is redirected to other servers, avoiding any interruption of the service.
Example: when a server serving an e-commerce application becomes overloaded by a large number of users, the traffic is redirected to other servers, avoiding any interruption of the service.
Protection against server failures: the system detects server unavailability and automatically redirects traffic to running instances.
Example: the failure of one of the servers in the cloud environment does not disrupt the application, as users are automatically redirected to other servers.
Example: the failure of one of the servers in the cloud environment does not disrupt the application, as users are automatically redirected to other servers.
2. protection against DDoS attacks
Load balancing solutions provide built-in protection against volumetric attacks (DDoS) that aim to overload an organisation's resources.
Malicious traffic detection and filtering: The load balancer analyses the incoming traffic and rejects packets that show the characteristics of a DDoS attack (e.g. invalid headers, too many requests from one source).
Example: During a DDoS attack, the system identifies redundant requests from one IP address and blocks them, while allowing traffic from legitimate users through.
Example: During a DDoS attack, the system identifies redundant requests from one IP address and blocks them, while allowing traffic from legitimate users through.
Bandwidth distributed between servers: traffic is evenly distributed over the available resources, reducing the effectiveness of volumetric attacks.
Example: The attacker tries to overload the application, but the load balancer distributes the traffic between the servers, protecting the application from overload.
Example: The attacker tries to overload the application, but the load balancer distributes the traffic between the servers, protecting the application from overload.
3 Inspection and filtering of traffic in layers L4-L7
Load balancers operate at network (L4) and application (L7) level, enabling advanced traffic inspection and filtering.
How does it work?
How does it work?
Package analysis: The load balancer checks whether the incoming traffic is compatible with the expected protocols (HTTP, HTTPS, DNS, etc.).
Example: attempts to exploit vulnerabilities in the HTTP protocols are blocked at load balancer level before they reach the application servers.
Example: attempts to exploit vulnerabilities in the HTTP protocols are blocked at load balancer level before they reach the application servers.
Protection against application attacks: the system identifies and blocks attempted attacks such as SQL Injection, Cross-Site Scripting (XSS), exploits in HTTPS protocols.
Example: XSS attacks are detected and neutralised by the load balancer, which rejects malicious requests.
Example: XSS attacks are detected and neutralised by the load balancer, which rejects malicious requests.
4 Termination and inspection of SSL/TLS traffic
Solutions such as A10 Networks allow encrypted traffic to be 'disconnected' (SSL/TLS Termination) so that it can be inspected for threats.
How does it work?
How does it work?
Disconnecting encryption: The load balancer decrypts incoming traffic (SSL/TLS), inspects it and forwards it unencrypted or re-encrypts outgoing traffic.
Example: malicious requests hidden in encrypted HTTPS traffic are detected by the load balancer and blocked.
Example: malicious requests hidden in encrypted HTTPS traffic are detected by the load balancer and blocked.
Improving server performance: The load balancer takes over responsibility for handling encryption, relieving the load on the application servers.
Example: servers are not overloaded with encryption operations when handling a large number of HTTPS requests.
Example: servers are not overloaded with encryption operations when handling a large number of HTTPS requests.
5. support business continuity and disaster resilience
Load balancers monitor the status of servers and applications, allowing rapid response in the event of failure.
How does it work?
How does it work?
Monitoring of server availability: The load balancer regularly checks the availability of servers and application services.
Example: if one server stops responding, traffic is automatically redirected to other available servers.
Example: if one server stops responding, traffic is automatically redirected to other available servers.
Failover: in the event of a failure of the entire data centre, traffic can be redirected to another centre or the cloud.
Example: a sudden failure of the local data centre does not disrupt services, as users are served by servers in the cloud.
Example: a sudden failure of the local data centre does not disrupt services, as users are served by servers in the cloud.
6 Integration with WAF mechanisms and API protection
Modern load balancers can be equipped with Web Application Firewall (WAF) functionality and API protection tools.
How does it work?
How does it work?
API protection: The load balancer monitors requests to the API for anomalies such as redundant requests or attempts to manipulate parameters.
Example: An attempt to call an API function without the corresponding authorisation keys is blocked by the load balancer.
Example: An attempt to call an API function without the corresponding authorisation keys is blocked by the load balancer.
Web Application Firewall: blocks known exploits and application vulnerabilities.
Example: The attacker attempts to inject malicious SQL queries into the web application, but the query is rejected at the load balancer level.
Example: The attacker attempts to inject malicious SQL queries into the web application, but the query is rejected at the load balancer level.
7 Meeting regulatory requirements
Load balancers help organisations meet legal requirements for security, privacy and service availability.
How does it work?
How does it work?
Ensuring availability of services: through load balancing and fault tolerance, organisations can guarantee the continuity of legally required services.
Example: The bank ensures that its online platform remains available even during peak load times, meeting DORA and PSD2 requirements.
Example: The bank ensures that its online platform remains available even during peak load times, meeting DORA and PSD2 requirements.
Data protection: Load balancers support traffic encryption and inspection to help protect customer data.
Example: data sent to the CRM system is encrypted and monitored for attempts to steal information.
Example: data sent to the CRM system is encrypted and monitored for attempts to steal information.
8. promoting protection against advanced threats
Load balancers help detect and neutralise advanced threats such as zero-day attacks and APTs (Advanced Persistent Threats).
How does it work?
How does it work?
Correlation of events: The load balancer works with SIEM and EDR systems to provide data on network traffic and potential threats.
Example: unusual activity by users outside the organisation is detected and reported to the SOC team.
Example: unusual activity by users outside the organisation is detected and reported to the SOC team.
Integration with Threat Intelligence solutions: load balancing class systems use CTI (Cyber Threat Intelligence) databases to block traffic from IP addresses known to be malicious.
Example: an attempt to access the application from an IP address associated with the botnet is automatically blocked.
Example: an attempt to access the application from an IP address associated with the botnet is automatically blocked.
Find out about the server load balancing solution we offer
Click on the button to see the solution.
Explore the offer