Perimeter DDoS Mitigation & Protection Devices
Perimeter (also known as “on Premise”) DDoS mitigation is exactly what the name suggests – it takes place at the perimeter of your company network, acting very much like a first line of defence against DDoS attackers.
Perimeter DDoS mitigation devices are installed in your data centre or office, immediately behind the circuits that connect the site to the Internet. They are most effective when deployed at the very edge of a network to protect all other internal devices, including firewalls, from attacks.
Perimeter or on premise DDoS mitigation devices can be very effective at managing the threat of application-based DDoS attacks, typically more so than cloud-based DDoS mitigation. DDoS mitigation devices are crucial in early identification of probing attacks and overall visibility of malicious attack patterns aimed at servers or network infrastructure. They can also be very helpful in ensuring that DDoS attacks that use encryption to bypass cloud-based mitigation, can be stopped on customer premises. Decryption is handled on the customer premises, which may be relevant for PCI compliance.
Perimeter DDoS Mitigation – How it Works
activereach offers a range of Perimeter DDoS mitigation & protection devices from a range of vendors to suit all requirements; from carrier-grade defences for hosting providers and telcos, to smaller devices more suitable for SMEs with individual servers to protect.
Surely my company already has protection at the perimeter of our network?
A very common misconception is that a firewall does exactly that function already. A firewall sits at the edge of your network and protects against incoming intruders, right? Unfortunately this couldn’t be further from the truth as far as DDoS attacks are concerned. Firewalls were first devised to provide stateful packet protection, and while they do this very well, they were not built to withstand and protect against the vast array and variety of DDoS attacks that exist in the modern computing age. DDoS attackers can easily craft their malicious traffic to navigate through these devices, and even the most advanced firewalls will not offer you protection against this form of dedicated attack. Perimeter DDoS mitigation performs this function in front of the firewall.
Another misconception is that protection is already provided from the other side of the fence by an ISP, before the traffic even gets to the perimeter of the network. This is known as an ISP Clean-Pipe service – you come under attack, the ISP routes the malicious traffic to a black hole. Again, the DDoS attackers are well aware of this relatively primitive form of defence, and will spoof the IP address of genuine traffic, ultimately causing legitimate traffic to be black holed as well. While the original DDoS attack has been prevented, genuine customer traffic has also been blocked, and as far as your clients and partners are concerned, there is a serious outage. Perimeter DDoS mitigation is specifically designed and easily capable of preventing this.
Installation can be extremely simple. In essence it involves the introduction of a hardware device within your network, and the movement of a few cables. The device has no externally visible IP addresses, and no additional configuration of your network devices already in place is required, when run in transparent mode.
Management of the device can either be handled by yourselves with access to the extensive management tools, or by our managed services team who provide 24x7x365 security expertise.
Once deployed, it is highly recommended that customers routinely test their DDoS mitigation system. We provide DDoS Testing Services to ensure optimal performance of both the mitigation devices, the people and processes involved.
- Protect your servers or sites from DDoS attacks designed to keep them off-line
- Gain early warning of attackers probing your DDoS defences
- activereach offers vendor neutral advice on which device may be right for your network
- Manage the devices yourselves, or have our experts manage them for you
- Full installation and configuration services
- Complete hardware, software and service support options 24x7x365
- Once installed, mitigation can be routinely DDoS tested by activereach to ensure effectiveness