What are DDoS attacks?
DDoS, Distributed Denial of Service, means denial of access to a service. The attack is carried out by a network of infected computers, so-called botnet, which floods the victim’s server with countless requests. As a result the server is blocked and stops supporting client machines.
Who may attack
Anyone with internet access. This type of attack may be ordered as a service, with anonymity guarantee in the package. For as little as couple of tens of dollars one may effectively disrupt operations of even the largest institution in any part of the world.
Why is protection a good investment?
The attack blocks access to the targeted server and consequently, to all the services the server supports. Companies just cannot afford it – particularly those that operate in segments like commerce, electronic banking or self-service portal providers. Even slight delays in providing their services would make them suffer material, financial losses, reputational damage and loss of customer trust.
Additionally, all cybersecurity experts agree on one thing – such attacks will continue to develop at a staggering pace. The numbers of such attacks will exceed defense capacity of commonly used IT systems. This problem may be addressed by deploying Exatel’s DDoS protection service, which represents a quick, but most importantly, effective solution to this issue.
How does Exatel’s DDoS protection work?
A characteristic feature of DDoS attacks is the consumption of the entire bandwidth available to the client. Therefore operator-class solutions are the only effective protection.
We provide continuous analyses of the network traffic. Once a non-standard event is identified and classified as harmful, we ensure an instant response. After the customer’s approval, an operator in the Exatel Security Operations Center activates mechanisms within our infrastructure to restore internet access services.
We operate a secure data center with physical infrastructure, which is why we are able to effectively filter out malware traffic within the network. This is how we enable regular operations of a service under attack.
Our attack defense system consists of two physical components:
- “cleaning” device (TMS),
- probe (CP).
After the probe detects an attack – the malicious network traffic is diverted, using BGP, to the TMS unit, where it is cleaned (separated). The cleaned traffic is “re-injected”, for instance, using a GRE tunnel into the customer’s CPE.
Exatel’s anti-DDoS solution
Scope of the service
- configuration, activation and maintenance of the service
- protection of the public network contact point against attacks with volumes of up to 10 Gbps and 4 Mpps – with upgrade possibilities. We do it using the infrastructure located in our data center and built on the platform of Arbor Networks – world leader of DDoS protection
- active 24/7/365 monitoring of security of customer’s IT resources and Exatel Security Operations Center’s response to attacks
- online reports
- full support provided by experts throughout the entire cooperation cycle, including the pre-sales stage. The support includes an analysis of the existing infrastructure, customer’s needs and preparation of a functional solution
- Service Level Agreement (SLA)
- one contact point – 24/7/365 Customer Service Line
Benefits of the service
- we ensure comprehensive protection against various high-intensity DDoS attacks on a 24/7/365 basis
- we customize configuration to customer requirements
- Exatel Security Operations Center specialists pro-actively monitor threats and support the customer when an attack occurs
- the customer has online access to reports on threats and IP traffic – at no extra charge
- this is a high-availability service and the infrastructure is fully redundant
- daily updates of signatures ensures the protection is always up to date
- we guarantee short times of response to requests and events
- we offer an attractive pricing model – the rate does not depend on the number of attack or bandwidth of the protected line
- no capital investments are necessary on the customer’s part
- no fees for redirection of malicious network traffic