DDoS Mitigation & Protection
DDoS attacks are designed to knock networks or servers off-line. Traditional perimeter security systems like firewalls are impotent in the face of the vast array of DDoS attacks now commonplace on the public networks. Any company that may be financially or commercially penalised if they lost Internet connectivity to their offices, or servers, may need a DDoS mitigation or DDoS Protection solution.
DDoS Mitigation: A Vendor Neutral Approach
As a market leading anti-ddos specialist, activereach offers a vendor neutral approach to DDoS mitigation. Our best-in-class solutions allow businesses of all sizes to detect and mitigate the full spectrum of today’s complex DDoS attacks. We offer a range of scalable technology solutions, from cloud based prevention for SMEs to the most critical always-on enterprise-level mitigation.
- World-class DDoS mitigation and SSL protection
- Real-time attack management, monitoring & reporting
- Scalable and cost-effective deployment models, designed to suit you
- Consultancy, configuration and support for complex mitigation installations
- Single point-of-contact for multi-vendor solutions
DDoS mitigation & protection can be deployed as a device on a customer’s premises or in their data centres (“perimeter”), as a cloud service (“cloud”), or as a hybrid of the two (“hybrid”).
DDoS Mitigation Professional Services
Telcos and service providers, hosting and data centre providers as well as IaaS/SaaS companies & others, often do not have the necessary expertise in DDoS mitigation devices in-house to adequately protect medium to large scale multi-tenant networks or servers for their customers. activereach’s dedicated DDoS Mitigation Engineers can provide, configure and support complex DDoS mitigation deployments across a range of vendors (a10, Radware, Akamai, Corero etc.), allowing service providers to focus on their core business.
DDoS Monitoring & Reporting
Keeping a constant watchful eye on any potential attacks on your company network is an impossibly vast task. Luckily, as well as an extensive range of mitigation and protection services, we also have a monitoring platform that can offer intensely effective monitoring capabilities that will alert you in any event of an attack within a 15 minute SLA.
Much like the mitigation services, monitoring is split into the two main headings of Cloud and Perimeter based solutions.
Cloud Based Monitoring
- Flow Based
This monitoring service involves monitoring your routers directly. Our dedicated security operations centre will analyse traffic transiting from your routers and detect anomalies, perform impact assessment, and notify you of any conditions which could cause any form of harm or threat. This form of monitoring reinforces our on-demand DDoS mitigation service by providing a pro-active, rapid response via 24x7x365 monitoring of all of your network traffic. It can also provide monitoring of the health of your routers.
- Application Based
This form of monitoring includes the installation of an appliance that allows greater insight and intelligent analysation of your traffic. Whereas the flow based service operates on Levels 3 & 4, this service helps in particular with lower bandwidth Layer 7 DoS attacks than can be incredibly tricky to detect. The detection mechanism is deployed on your premises, enabling us and you to receive proactive reporting of any application layer abuse before it causes any outages. The appliance will detect and alert our dedicated security centre, reinforcing the mitigation service and reducing the time to mitigate by installing the appropriate filters before the mitigation service kicks in. The service is completely non-intrusive and confidential.
- Flow and Application based monitoring are included automatically in our always-on DDoS Protection service.
Perimeter Based Monitoring
- Reputation Based
Reputation based monitoring provides dynamic protection by identifying constantly changing IP addresses and blocking traffic automatically from known bad sources in real time. The reputation of IP addresses are constantly changing and it is impossible to maintain up to date information manually as botnets and hijacks fluctuate across the world. This product eradicates that problem. In addition, this product also provides a specific security policy that allows you to prevent access from IP addresses based on their national origin.
This service compliments the perimeter based mitigation solution by ensuring that the equipment and engine are always completely up to date, running in the highest state of maintenance and operating at the absolute peak performance possible. As well as automatic procedures and updates in place, this product also includes the services of our Security Operations Centre, which means our most experienced security engineers will be keeping a watchful eye on your kit.
- SecureWatch Plus
The Plus package contains everything from the above solution, but also includes: a personally assigned Security Services Engineer, with in depth knowledge of your business and network, will coordinate all support and mitigation; automatic hardware replacement in the event of any failure; weekly security incident reports; monthly policy analysis and optimisation recommendations based on historic activity both on and off your network; a full optimisation audit occurring twice a year with detailed reports of suggested configuration and policy changes; 24x7x365 security and fault monitoring from the Security Operations Centre.
DDoS Mitigation Service Delivery & Validation
As part of introducing a DDoS mitigation solution to your business, it is important to ensure that the normal expected levels of service are still maintained and delivered as normal. For this part of the service, activereach recommends the following best practices for service testing and validation purposes:
- Verify that all applications are performing properly while the DDoS mitigation service is active.
- Ensure that all routing and DNS is working.
- Test small levels of traffic without scrubbing and without any DDoS protection to validate that your on-premise monitoring systems are functioning correctly. This action will also help you identify the stress points on your network.
- Test the mitigation service with a low level (say 10% of your incoming bandwidth) of controlled attack traffic, ensuring validation of the alerting, activation and mitigation features of the service.
- Conduct baseline testing and calibrate systems to remediate any network vulnerabilities.
- Test the mitigation service with a higher level (say 75-150% of your incoming bandwidth) of controlled attack traffic, ensuring activation and mitigation features of the service.
- Schedule validation tests on a regular basis (monthly or quarterly) using our DDoS testing service to validate that the service configuration is still working correctly and eliminate the risk of network element failures due to DDoS. If network issues arise during testing, your mitigation service provider may need to make modifications based on recent changes to your network, such as modified firewall rules, firmware updates and router reconfiguration. Remember that the validation tests are also there to ensure your personnel communication is working correctly.
It is extremely important during any testing or validation process to communicate effectively with all stakeholders, key personnel and/or service providers. This is to ensure that everybody is clear as to the plan details and strategy.
Based on the test results, activereach also recommends developing a mitigation playbook as part of an incident response plan. This helps ensure that everyone in the organisation knows what to do and what to expect if an attack strikes.