Stopping DDoS attacks—or mitigating them—is a multifaceted process. We begin in prevention protocols: these include manual and automatic software updates and security patches for routers and other network hardware, firewalls, servers, PCs, or other workstations and all connected devices. 

A content delivery network (CDN) distributes your content and boosts performance in part by minimizing the distance between your websites visitors and the content. CDNs store cached versions of content in multiple locations (points of presence or PoPs); each PoP may contain many caching servers that deliver content to nearby visitors. CDNs subsequently mitigate the impact of a DDoS attack by avoiding a single point of congestion, when the attacker is trying to focus on a single target.

Security Information and Event Management (SIEM) or Security Analytics systems provided by the Host Company are used to recognize and establish normal traffic patterns and ultimately develop rules for the filters by allowing users to study aspects like payload, signatures, origin IP addresses, cookies, HTTP headers, and Javascript footprints. Built-in analytics give you deeper insights into your traffic patterns, threats observed (and blocked) and logs can also be integrated with third-party SIEMs. CDNs can then be configured with these scrubbing filters to prevent huge amounts of fake traffic from causing more than a momentary blip.

Our unmetered, always-on DDoS protection for your web assets (HTTP/HTTPs) works in tandem with a cloud web application firewall (WAF), Bot Management, and other L3/4 security services to protect assets from cyber threats of all kinds. Connected to servers in data centers that span 200 cities across 100 countries runs the full stack of DDoS mitigation services. 

In addition, our selected hosting provider furnishes a reverse proxy service that provides DDoS protection for any application (not just the web), such as FTP, SSH, VoIP, gaming, or any application running over a TCP/UDP protocol. This service comes with built-in load balancing and traffic acceleration for L4 traffic.

Our selected host provider’s enhanced server security provides BGP-based DDoS protection for network infrastructure, either in always-on or on-demand deployment modes. Data centers announce customer subnets to ingest network traffic and mitigate threats close to the source of attack. Centralized and decentralized mitigation systems work in concert to identify and mitigate most DDoS attacks in under 10 seconds (3 seconds on average). Preconfigured static rules are deployed in less than 1 second. In addition, the network capacity of 42 Tbps is well equipped to defend against the largest threat.

Our chosen DDoS mitigation solutions follow reliable, tried-and-true industry standards following the strategies of publicly traded Industry pioneers.