Managed DDoS Mitigation Service
Challenge
Distributed denial of service is one of the fastest growing threats facing businesses connected to the internet today. Botnets consisting of thousands of infected zombie hosts allow an attacker to target an organisation and execute an organised and amplified onslaught of requests that appear legitimate. This assault paralyses its victims and inevitably results in significant losses in consumer confidence, productivity and revenue. Botnet numbers have risen dramatically over the past few years, due to the opportunity for hackers to profit from the attacks, and consequently costs businesses billions of dollars annually.
Solution
earthwave provides a comprehensive service to recognise malicious traffic and block it without affecting legitimate data flow. Using advanced anomaly detection the MDS learns normal traffic and routing behaviour and then correlates these patterns with topology data. The solution is deployed in the customer datacentre with mitigation appliances in the ISP to target and block attacks before they reach you. Mitigation response strategies can be customer-driven or analysed by earthwave’s specialist team using proven investigation and incident response methodologies. A client security portal provides a graphical user interface (GUI) for configuration and mitigation as well as comprehensive reporting.
Using sophisticated traffic anomaly detectors this service proactively identifies threats, improves overall network performance and mitigates DDoS attacks before reaching your network. The detector analyses NetFlow statistics from perimeter or core routers & switches and performs flow level attack analysis to identify targeted attacks. In addition to this a profile based anomaly baseline allows differences in network behavior to be detected, even if the underlying attack has never been seen before. This information is relayed back upstream to the mitigation device for remediation. A remediation process can be initiated automatically, by certified earthwave security specialists or by the customer using an intuitive web-based GUI.
The mitigator sends out an iBGP announcement (with no-advertise and no-export) to carrier routers telling them that the next hop to the victim’s destination is the Mitigator’s loopback interface. This process is achieved using route map, which manipulates the next hop attribute in the BGP announcement. The announcement would use a longer prefix than the original victim announcement, and therefore would get priority over the original BGP announcement. Using multi-verification, SYN-cookies and BGP advertisements, targeted attacks will be filtered at the carrier without affecting legitimate traffic flow and saving your organisation huge bandwidth costs.
