Cloud-Based DDoS Mitigation & Protection

Cloud-based DDoS mitigation takes place completely separately from your existing network, within the Internet cloud, detecting and preventing DDoS attacks before they even reach you.

Cloud-based mitigation either uses the domain name system (DNS) to direct inbound traffic through a scrubbing centre prior to delivery to the server, or for larger deployments routing (eg. BGP) is used to make sure all network traffic, regardless of type, is filtered prior to delivery using a clean pipe.

Cloud-based DDoS mitigation can be very quick to deploy and is very effective at managing the threat of DDoS attacks designed to flood pipes or servers with simple weight of traffic. They can also be used to help mitigate application-layer and more sophisticated attack campaigns which might otherwise involve months of disruption.

Cloud-based DDoS Mitigation: How it Works

activereach offers a range of cloud-based DDoS mitigation services from a range of providers to suit all requirements; from carrier-grade defences for hosting providers and telcos, to services more suitable for SMEs with individual servers to protect.

Migration to a Cloud-based DDoS Mitigation solution is easy and complication free. The installation process is stringently tested to ensure completely seamless integration with your existing set up.

Once deployed, it is highly recommended that customers routinely test their DDoS mitigation system. Once deployed, it is highly recommended that customers routinely test their DDoS mitigation system. We provide DDoS Testing Services to ensure optimal performance of both the mitigation devices, the people and processes involved.

Cloud-based DDoS Mitigation for SMEs

Historically, always-on DDoS mitigation has been beyond the budget of SMEs, even with performance-critical web application servers to protect. activereach’s Cloud-based DDoS Mitigation Solution for SMEs combines high performance always-on DDoS mitigation capabilities with a powerful web-application firewall and performance-enhancing content caching in a single service, at a fraction of the price of traditional carrier-class DDoS mitigation solutions.

activereach Cloud-based DDoS Mitigation for SMEs from activereach
Fig 1: Cloud-based DDoS Mitigation for SMEs from activereach

Cloud-based DDoS Mitigation for Enterprise

Critical infrastructure providers, service providers and larger enterprises demand always-on DDoS mitigation services that can defend their servers and networks against the growing size of amplified volumetric attacks, as well as the rapidly changing nature of application-level attacks. activereach’s Cloud-based DDoS Mitigation for Enterprise offers global flood defences capable of dealing with 400 Gbps+ volumetric attacks.

activereach Cloud-based DDoS Mitigation for Enterprise from activereach
Fig 2: Cloud-based DDoS Mitigation for Enterprise from activereach

This cloud Mitigation service uses over 20 different mitigation and analysis technologies, but the main forms of defence can be broken down into two main key areas:

Proxy Protection Service –
This is a DNS redirection on-demand service for HTTP/HTTPS traffic that provides rapid DDoS protection when your domain or website is under attack. When deployed, traffic from your domain is attracted to the nearest online scrubbing centre where it is either verified and passed through, or silently terminated, depending on the legitimacy of the traffic. Our service acts as an intermediary for all communication during a period of attack. Patterns of traffic are analysed and managed across a common profile of all customers to optimise the service’s performance. A simple DNS name IP address remapping is all that is required to set this solution up.

Routed Protection Service –
This is a routing service that provides complete protection of all forms of IP traffic, not just HTTP/HTTPS. Our service and your routers are connected via a virtual tunnel. BGP is used to communicate network routes from you to us and we then use this information to activate or deactivate the service as needed. When there is an attack and the service is active, your network routes are advertised to us and only us. We then attract all incoming traffic bound for your network towards the nearest global scrubbing centre. Traffic is then cleaned and forwarded over the virtual tunnel. Traffic outbound from your sites is sent out over your normal upstream ISPs, minimising the impact to your normal traffic patterns. Larger volume sites can make us of a dedicated MPLS connection to the service.

Cloud-Based DDoS Mitigation: Features

  • Protect your servers or sites from DDoS attacks designed to keep them off-line
  • No hardware or software required – quick to deploy
  • activereach offers devices from a range of providers with independent advice
  • DNS or routing deployment options suit different sizes of customers
  • Manage the service yourselves, or have our experts manage it for you
  • Complete service support options 24x7x365
  • Once in place, mitigation should be routinely DDoS tested to ensure effectiveness

Please browse our solution pages on DDoS Mitigation, Perimeter DDoS Mitigation and Hybrid DDoS Mitigation to find out more.