Benefits
Distributed Denial of Service (DDoS) attacks attempt to deny legitimate users access to your systems or networks by overwhelming them with bogus requests. They target important resources, like network bandwidth, server sockets, web server threads, and CPU utilization. DDoS Mitigation helps maintain availability for your Managed Hosting services through a unique hardware-based protection system. It combines two powerful alerting technologies to identify an attack (network-level packet scanning and server-level anomaly detection) and then precision elimination of DDoS traffic to mitigate its effects.
Keep your infrastructure resources focused on business workloads by offloading DDoS processing to our mitigation hardware. When our network security team is alerted to an ongoing or imminent DDoS attack, they immediately initiate mitigation measures and contact you. Backed by security specialists. During initial setup, a security engineer works with you to set up your DDoS solution. After that, our system continually tunes your server profiles for peak performance. If you ever have questions or need help, security specialists are available to provide support — 24/7.
Cisco Guard XT
The Cisco solution provides complete protection against all types of DDoS attacks, even those that have never been seen before. Featuring active mitigation capabilities that rapidly detect attacks and separate malicious traffic from legitimate traffic, the Cisco solution delivers a rapid DDoS response that is measured in seconds, not hours. Easily deployed adjacent to critical routers and switches, the Cisco solution offers a scalable option that eliminates any single points of failure and does not impact the performance or reliability of the existing network components. Cisco solution set includes two distinct components — the Cisco Traffic Anomaly Detector (TAD) XT and the Cisco Guard XT — that, working together, deliver complete DDoS protection for virtually any environment.
- Cisco Traffic Anomaly Detector XT — Acting as an early warning system, the Cisco TAD XT provides in-depth analysis of the most complex DDoS attacks. The Cisco TAD XT passively monitors network traffic, looking for any deviation from "normal" or baseline behavior that indicates a DDoS attack. When an attack is identified, the Cisco TAD XT alerts the Cisco Guard XT, providing detailed reports as well as specific alerts to quickly react to the threat. For example, the Cisco TAD XT can observe that the rate of UDP packets from a single source IP is out of range, even if overall thresholds are not exceeded.
- Cisco Guard XT — The Cisco Guard XT is the cornerstone of the Cisco DDoS solution set — a high-performance DDoS attack-mitigation device that is deployed upstream at either the ISP data center or at the perimeter of a large enterprise to protect both the network and data center resources.
Features
Managed DDoS protection services is a fully managed security service to help organizations respond to the threat of DoS and DDoS attacks. The service staff augments adaptive rate controls to perform real-time analysis of ongoing attacks, tune existing rules and create custom rules as required, and adapt to changing attack vectors and multi dimensional threats. DDoS protection services provides organizations with dynamic protection against a broad range of potential DoS and DDoS attack types, regardless of size and complexity, and even as they change over the course of an attack.
With Managed DDoS protection security services it provides organizations with a simple and effective solution to mitigate the growing threat of DoS and DDoS attacks. IAM will have real-time visibility into security events and the ability to drill down into attack alerts to learn what’s being attacked, by whom what defense capabilities triggered the attack, and what specifically in the requests triggered site defenses. Combining a scalable infrastructure with in-depth, 24/7 security operations centers, Managed DDoS protection services are able to defend against the most sophisticated attacks.
Juniper vSRX
The Juniper Networks SRX Series architecture is designed for optimal performance and has been battle tested in some of the largest service provider and enterprise customer environments around the world. Since their inception, the SRX Series firewalls were built from the ground up with true control and data plane separation; the control plane is responsible for the management and system services that operate the device while the forwarding plane is responsible for moving data traffic as efficiently as possible.
Clear separation of control and data planes protects SRX Series firewalls from direct attack and shields critical firewall management services from being affected when an attack is underway. The SRX Series security architecture scales by processing traffic early in the pipeline, preemptively mitigating a cyberattack before affecting legitimate traffic and management services. In the case of a DoS attack, the SRX Series firewalls employ two primary security methods to protect critical services: firewall filters and screens.
Non-Intrusive Protection
Get the robust, multi-layered protection needed to mitigate today's advanced DDoS attacks — without upgrades or changes to your architecture. The system works independently from your production infrastructure. Continuous monitoring compares current traffic to a custom profile of your server's "normal" network and port behavior. Anomalous behaviors immediately trigger an alert to our network security team.
Sophisticated detection technology, capable of handling tens-of-millions of packets per second, examines all incoming packets for patterns of malicious activity. When suspicious traffic is detected, your traffic is routed through a sanitation engine that filters out and diverts malicious traffic. All legitimate traffic continues to its intended destination.