DDoS Protection

Advanced DDoS Protection and Mitigation.

Infradata is a recognised leader and authority in DDoS protection solutions.

Any organisation that uses the Internet to conduct its core business runs the risk of loss of business, revenue and reputation if its systems are no longer available. DDoS attacks pose an ever-increasing threat to businesses that are reliant on the Internet for service availability. Some types of online business are more likely to suffer from such attacks than others. However, all will recognise that without some sort of DDoS protection service there is a risk that their business and its revenue will be compromised.

‘Distributed Denial of Service’, aka DDoS, attacks are attempts to make a computer or network device unavailable, or at least to disrupt its function or service. They are categorised as ‘distributed’ because the attacks aren’t generated by a single attack host, but distributed over several hosts, usually a so-called botnet.

Botnets consist of a large quantity of Internet-connected, often by malware-infected devices. A small piece of software on the infected computer will ‘call/phone home’ via reaching out to a central computer, operated by an attacker, often called a ‘command & control server’ (c&c server). It then keeps a list of all known infected computers and how to reach them. When an attack begins the c&c server will instruct these infected computers to send specific traffic to one or more hosts. Even if the individual machines have low performance and only limited bandwidth to the internet, the sheer volume of traffic and connections this aggregated number of machines can create - its attack force - can be immense.

There are three main categories of attack.

A state attack bombards the target with massive numbers of connection attempts and may try to keep them active. The target host and infrastructure cannot cope with such a large number of sessions, limits are reached, and it simply stops responding to requests, rendering it useless.

A volumetric attack sends extreme volumes of traffic in an attempt to completely saturate the target’s connections, effectively muscling out further legitimate traffic.

Sometimes other, often legitimate servers on the Internet are co-used for these types of attack. This is becoming an increasingly popular method of attack. In such cases special requests are sent to the target servers. It then uses specific functions to have the legitimate host send massive amounts of traffic back in response to what it believes is the requesting source, but it is in fact the attack destination. These are known as amplification or reflection attacks.

Application attacks identify weaknesses in applications and are used to either retrieve sensitive information, crash applications or abuse them for nefarious purposes such as gaining full access to the host on which the application resides or other hosts within the set-up.

 DDoS Protection

For over ten years, attackers have been intelligently mixing multiple attack-types within one attack on a host, hosts or services. This is to keep the attack victim busy trying to defend against the most obvious attack methods while the real, less obvious attack, slips by and reaches its intended result. Introducing variations in specific attack streams over time is also becoming more common.

The entire attack and combination of methods used forms a so-called kill chain. These different attack types are also referred to as ‘attack vectors’, hence the newly popular term ‘multi-vector attacks’.

The reasons for DDoS attacks vary. Common motivations are political, corporate, criminal, social activism or even payback. The party wanting to attack a specific individual or organisation (the sponsor) is rarely the same as the party that actually conducts the DDoS attack. The sponsor typically pays an unrelated attacker to initiate and manage the attack. 

Talk with an Expert

Speak with a solutions expert or architect. Give us a call or leave a message. Our team is ready for your business.

Implications of DDoS attacks

DDoS attacks are unfortunately a fact of life, with the frequency, size and sophistication of attacks increasing each year. It is not unusual to see packet requests of between 2.4m and 7.5m per second. DDoS attacks can have serious implications for both service providers and enterprises.

From the victim’s perspective a DDoS attack can render their Internet connection or targeted host(s) useless within seconds, effectively disconnecting them from their customers, prospects and partners.

An online company’s business is all about being able to reliably and consistently deliver an increasing array and volume of content types to its users without any degradation to service quality.

DDoS attacks carry many risks

DDoS attacks are a prevalent, expensive threat — and a big risk that organizations take without the right proactive, protective measures in place. DDoS attacks are one of the most feared, and common, security threats that keep businesses and security professionals up at night, and for good reason.

Backbone, upstream and peer connections become congested impacting services and potentially increasing upstream costs.

Network switch and router resources are consumed causing outages.

Customers suffer outages caused by an attack, impacting their relationship with the ISP, possibly breaching SLAs and resulting in service credits being due to the customer.

Negative publicity and impact on brand reputation.

The solution

DDoS Protection for High Performance Networks.

Organisations have multiple ways to defend their business and assets against DDoS attacks. Some of them choose an on-premise solution; some prefer the combination of an on-premise solution and a cloud-based anti-DDoS service, while others opt for the cloud service only. In combined set-ups, the on-premise protection is used for first attack mitigations, often in-line based, where it can ‘call for help’ from the cloud service in the case of a volumetric attack which is usually threshold-based and user-defined.

Nowadays multi-layered on-premise solutions exist as well, whereby more granular, quick in-line mitigation solutions can be deployed. When an attack occurs, the faster in-line solution can then ‘call for help’ from the on-premise solution to assist in mitigating the attack. Compared to commercial cloud solutions this can be more cost-effective and can be combined with cloud solutions if required. 

It is important to realise that a sound solution involves a thorough review of the total set-up. The best anti-DDoS solution may still be ineffective if other weaknesses exist. Also, an effective set-up usually requires a multi-layered approach. This means implementing security best practices and using modern technologies such as Flowspec, intelligent use of external upstreams and the functionalities on offer, proper hardening of systems and services, eventual fallback or back-up setups and strategies, operational processes and more.

Solution variations

Solutions tailored to your industry.

Every customer has specific needs and requirements. This can be on a functional level, and the type of solution required is often specific to the type of organisation. Some deviations seen in practice:

CDN’s

Content Delivery Networks (CDNs) tend to have a detailed view of their traffic and manual programming of the anti-DDoS solution is accepted practice. Protection against volumetric and state  attacks is of high importance and in-line solutions are usually preferred, often with cloud services.

Enterprise Networks

Enterprise networks, depending on their size, tend to vary between either more comprehensive data centre protection or are focused on the full mix of data centre and office. Usually in-line solutions are preferred although some cases provide more efficiency when they are redirect based. Cloud services are relatively popular amongst larger organisations.

Service Provider Networks

Service provider (SP) networks usually require holistic solutions and are redirect based due to high or very high capacity. When hosting critical services within their own data centres or delivering connectivity for customer data centres, some SPs like to expand this with an additional layer of inline solutions in front of these deployments. Also, in some cases DDoS protection is offered as a paid or managed service.

Infradata DDoS Protection

For enterprises confronted with massive distributed denial of service (DDoS) attacks, finding solutions that offer DDoS protection is critical to protecting revenue, productivity, reputation, and user loyalty. Infradata has developed a set of solutions and services to help enterprises, service providers and cloud service providers to design, deploy, operate and fully or partially manage their anti-DDoS solution.

Technology delivery of anti-DDoS solutions using leading vendor technology such as Arbor Networks, F5 and A10 Networks.

Anti-DDoS assessment service.

Security consulting services.

Professional Services, including project management, design, installation, configuration, test and acceptance, migration and documentation.

Operate services ranging from support and maintenance to fully managing the anti-DDoS platform.

Why Infradata

Superior Project Execution

First time right philosophy.

Direct Expert Access

Skilled multi-certified engineers who are context-aware.

Lean and Agile

Achieving quality, speed and customer alignment.

Vendor Agnostic

Designing and delivering best-of-breed solutions.

Holistic Approach to Security

From endpoint to network edge.

Proven Experience

Delivering services and solutions globally.

Ready to talk?

Get in touch with us today.

Give us a call or leave a message. Our team is ready for your business.

Leave message Call now Request Quote