Description and purpose
DDoS mitigations are specialized hardware and software tools designed to protect the organization's web servers from distributed denial of service attacks. This type of attack is aimed at disrupting the availability (full or partial) of various public services, including websites, databases and application servers, in which legitimate users are no longer able to gain access. The principle of the attack is to generate a large amount of parasitic traffic, for the processing of which many computing resources will be allocated. As a result of an attack, organizations can incur large financial losses due to the fact that their customers cannot use the company's services. In a general sense, DDoS protection can be organized in two ways:
On-premise DDoS protection tools are usually located at the edge of the network, in order to timely detect and filter malicious or parasitic traffic. Usually they are separate hardware, or located in a virtual machine. These tools require constant updating, as DDoS attack scenarios are constantly changing. The price for specialized equipment, as a rule, depends on the declared traffic processing speed and bandwidth. Considering the high cost of protection tools, the optimal complex may not cope with the processing of a very large DDoS attack.
To improve the effectiveness of protection, hybrid solutions can be used that, in addition to being built into the organization's infrastructure, are able to connect to a traffic cleaning center located in the cloud. This method also protects against attacks on the Internet channel, but in the event of an attack, it will take time to redirect traffic to the cleaning center.
There are also fully cloud-based solutions that can pass traffic through the cloud to the protected object in on-demand (on-demand) and always-on (always-on) mode. This method allows you to defend against attacks of any complexity, and as additional protection, cloud services offer other functions, for example, a web application protection system (WAF).
In addition to these features, DDoS protection tools provide reports on the results of attacks that have been carried out on an organization's resources. This allows analysis and, if necessary, modification of the infrastructure, as well as the assessment of the adequacy of the protection used.
List of remedies
DDoS-Guard Protection
Service for protection against ddos attacks, as well as a system for filtering and encrypting traffic
Manufacturer: DDoS-Guard
DDoS-GUARD is a service provider for DDoS protection and content delivery since 2011. Has its own geo-distributed filtering network, the channel capacity of which is more than 1.5 Tbps. Traffic cleaning centers are located in Russia, Germany, the Netherlands, Japan. Uses proprietary hardware and software systems.
We offer various protection options based on different technologies: proxying (remote protection), transferring a client's resource to a secure hosting or a dedicated server with protection, VPS, organizing IP transit (for corporate clients). Integration of the DDoS-GUARD network and the client can be carried out through a virtual, logical or physical channel. In addition, we offer SSL certificates that customers can install on their own directly through their personal account on the website.
Key features
DDoS-GUARD is a licensed telecom operator using a geo-distributed filtering network. Client traffic is cleared of parasitic packets at stations located in different parts of the world, which allows processing traffic as close to its sources as possible and minimizing delays. The company uses proprietary equipment for filtration. DDoS-GUARD solutions are licensed by FSTEC and included in the state software register of Russia.
DDoS-GUARD is one of the leaders in the fight against DDoS attacks and is extremely careful about security issues.
The company offers several options for connecting protection. You can use the services of remote protection using proxying (without changing hosting), and if, in addition to protecting against DDoS attacks, you need reliable fault-tolerant hosting, you can choose the option of moving the resource to the DDoS-GUARD site.
Advantages:
Constant monitoring of all incoming and outgoing traffic of the protected resource 24/7, and not only during attacks.
The ability to repel attacks at a speed of 1.5 TB / s and 120 million PPS.
Flexible pricing policy.
Transparent pricing, no hidden charges for attacking traffic.
The ability to organize protection in just 10 minutes.
An informative personal account with access to traffic statistics. Test period.
Prompt and professional technical support.
For informational support of users, the site provides a unique knowledge base and detailed instructions for connecting the service.
Disadvantages:
There is no notification of the client about the beginning of an attack on his resource.
It is not possible to generate a report or view the history of events in your personal account (you can only view it in real time).
You cannot customize the range of statistics on histograms.
There is no information on the methods of attacks being carried out.
StormWall
StormWall - a service for protecting websites from DDoS attacks Manufacturer: STORM SYSTEMS
The StormWall service is one of the leaders in the DDoS protection market. The headquarters of STORM SYSTEMS LLC is located in Moscow, but the company has points of presence in the largest data centers not only in Russia (Moscow), but also in the USA (Washington), Europe (Frankfurt), which allows efficient processing of traffic closer to the location of the client's resources.
STORM SYSTEMS LLC is an official member of the RIPE organization, has the status of a local Internet registrar (LIR) and has peer-to-peer traffic exchange agreements with major Internet providers. A significant part of the protection technologies are their own developments, which gives the StormWall service for protecting sites from DDoS attacks with very interesting functionality, which we will discuss below.
Key features
Variti
Variti is a service that protects against DDoS attacks, fraud, parsing, by filtering bots by individual requests and without blocking by IP addresses.
Manufacturer: Variti
Variti is a service that protects resources from malicious bots without losing live clients. Helps to rescue from DDoS attacks, fraud and parsing, protects APIs and conducts security audits. The proprietary traffic filtering technology allows blocking not entire IP addresses, but individual bot requests, which makes sites more accessible and safe for users, while not affecting their indexing by search engines.
Variti services are used by e-commerce, finance, hosting and media companies. The service operates on its own cloud infrastructure, does not load client servers in any way and does not require changes in the product code.
Key features
The main services are:
Garda Perimeter
Perimeter - an agro-industrial complex for reliable protection of networks of medium and large Internet providers and data centers from DDoS attacks of any type
Manufacturer: Garda Technologies
Hardware and software complex (APC) Perimeter is used for high-quality protection against DDoS attacks of any type of data centers, large companies and Internet providers. It cleans traffic from malicious content around the clock, ensuring a comfortable user experience.
The damage caused by DDos attacks can be very serious. Companies in the public and financial sectors, Internet providers, and online stores are especially vulnerable. The lost revenue from downtime due to attacks can be significant. APK Perimeter analyzes traffic in real time, detects various events and detects the activity of intruders, and then blocks it using heuristic methods. Thanks to sophisticated algorithms, the number of false positives has been significantly reduced. As a result of the work of the software complex, companies receive detailed information about traffic routing and are able to optimize it.
Key features
Kaspersky DDoS Prevention
Kaspersky DDoS Prevention is a solution designed to protect the client's Internet services from distributed denial of service attacks of all kinds Manufacturer: Kaspersky Lab
The DDoS protection system Kaspersky DDoS Prevention redirects traffic from clients' web resources to its servers, where traffic is classified, anomalies are detected, and various attacks are detected and blocked.
Thanks to the operation of Kaspersky DDoS Prevention, the impact of DDoS attacks on clients' online resources is reduced and the continuous availability of campaign resources is ensured. Traffic on the servers of Kaspersky Lab is analyzed continuously, during the analysis, notifications about the beginning or suspicion of attacks are displayed, then the traffic is sent for cleaning, after which it is redirected to the company's resources.
The fight against DDoS attacks is carried out due to their rapid detection at an early stage by translation analytics and DDoS threat monitoring systems. Organizations can use several methods of connecting to the Kaspersky DDoS Prevention system, which makes it possible to perform it in the most convenient way. Also, to improve the efficiency of countering Internet threats, Kaspersky Lab provides 24/7 service support. Thanks to the well-coordinated work of specialists, it becomes possible to detect the beginning of an attack at an early stage, configure the filtering mode and receive timely information about the operational situation and characteristics of attacks.
Key features
invGUARD
The invGuard network attack protection system analyzes and cleans traffic directly on the network, without transmitting traffic outside. Manufacturer: Inoventica Technologies
InvGuard system is a scalable platform for protecting data transmission networks from network attacks - DDoS with the possibility of detailed analysis of network traffic at speeds up to 10 Tbit / s, located in multi-service converged networks of telecom operators or corporate customers, provides unique opportunities for visualizing the network structure and main traffic flows, monitors key parameters of the network and performs high-speed traffic cleaning from malicious influences.
Identification and blocking of malicious influences occurs without affecting the legitimate consumer traffic on the network. For this, methods are used such as: blacklists, changing access rules, changing traffic routes and applying specialized filtering rules, with the ability to customize for each monitored object: IP-address, network block, interface, traffic profiles for each monitored object, etc. Analyzer (invGUARD AS) defines an attack suppression method and, if necessary, redirects traffic in automatic or manual modes to invGuard CS - Purifier.
The purifier uses innovative algorithms for cleaning traffic, including TCP authorization, shaping, blocking "hung" sessions, detection of zombies and other types of anomalous effects. Protection can be either automatic or manually activated by the system operator, or it can be complex in the case of protection against complex attacks.
Key features
Detection of anomalies and cyber threats
DoS ("denial of service") and DDoS (distributed DoS) attacks are the main types of malicious activity in global networks (including the Internet), which aim to bring the "victim" to a state where it is not will be able to serve legitimate users or correctly perform the functions assigned to it.
invGuard AS - The analyzer is used to identify these types of attacks in network traffic and detects anomalies and malicious influences based on special algorithms and heuristic methods.
Suppressing attacks and cleaning traffic
Identification and blocking of malicious influences occurs without affecting legitimate traffic to consumers in the network for this, methods are used: black lists, changing access rules, changing traffic routes and applying filters. The analyzer determines the way to suppress the attack and, if necessary, redirects traffic to invGuard CS - Purifier.
The purifier uses innovative algorithms for cleaning traffic, including TCP authorization, shaping, blocking "hung" sessions, zombie detection and others.
Protection can be automatic or activated by the system operator, or it can be complex in the case of protection against complex attacks.
Fortinet FortiDDoS
FortiDDoS is a modern means of protecting corporate data centers from DDoS attacks Manufacturer: Fortinet
Attackers are constantly developing new variants of Distributed Denial of Service (DDoS) attacks and using various technologies. Successfully countering such attacks requires an adaptable multi-layered security solution. FortiDDoS provides protection against both known and zero-day attacks while keeping latency low. The solution is easy to deploy and easy to administer. It includes comprehensive analysis and reporting tools.
Key features
Qrator
Qrator is a service that provides comprehensive protection against DDoS attacks, its work is organized in such a way that the company's infrastructure can hold back the defense from the constant onslaught of cyber attacks.
Manufacturer: Qrator Labs
Qrator is a service that provides comprehensive protection against DDoS attacks, its work is organized in such a way that, when used, the company's infrastructure can hold back the defense from the constant onslaught of cyber attacks. This is ensured by connecting filtering nodes to the largest Internet providers in Russia, Western and Eastern Europe, as well as the USA and Southeast Asia.
As a rule, when a site is found to be undergoing a DDoS attack, the responsible persons ask the hosting provider to take appropriate action. However, if the attack is of a serious scale, then such a move will not help solve the problem, because when designing conventional hosting networks, there is no special emphasis on developing a decent security system and on the ability to withstand heavy loads.
Qrator, in turn, is designed to solve this problem, it is designed for a large number of concurrent DDoS attacks. Thus, the Qrator Labs network can withstand heavy loads, and its security system will not fail even in the most difficult cases. Also, it is worth noting that when one site connected to this service is attacked, others do not lose their performance.
Key features
Kona site defender
Kona Site Defender is a solution developed by Akamai Technologies that protects websites and APIs from sophisticated attacks using a multi-layered toolbox.
Manufacturer: Akamai Technologies
Kona Site Defender is a solution developed by Akamai Technologies that protects websites and APIs from sophisticated attacks using a multi-layered toolbox. DDoS protection technologies are always active, so traffic does not need to be redirected until the consequences of an already carried out attack are eliminated. In addition, Kona Site Defender's visibility covers 15-30% of the world's web traffic, providing threat intelligence, allowing a team of experts to continually develop rules to prevent emerging attacks. Also, a team of Kona Site Defender experts are ready to work with customers to integrate additional components for maximum security.
Kona Site Defender protects against all types of DDoS attacks against web applications and direct-to-origin attacks, and, as an add-on, includes a fast DNS solution to mitigate DDoS attacks on your DNS infrastructure.
Kona Site Defender is deployed on Akamai's smart platform, which consists of more than 230,000 servers in over 3,500 locations in 131 countries. Attacks are blocked far from the web server and client web applications - at the edge of the Akamai network.
Key features
CloudFlare DDoS Protection
CloudFlare DDoS Protection is a service that provides services to protect websites from DDoS attacks. The solution filters traffic through its hubs before it is directed to the customer's site.
Manufacturer: CloudFlare
CloudFlare DDoS Protection is a service that provides services to protect websites from DDoS attacks. The solution filters traffic through its centers before it is directed to the customer's site, allows you to protect his data thanks to the reliable CloudFlare infrastructure and a very competent team of specialists.
CloudFlare DDoS Protection's layered approach to security combines multiple DDoS mitigation capabilities into a single service. It prevents crashes caused by malicious traffic while allowing legitimate traffic to pass through, keeping websites, applications and APIs highly available and performant.
Business continuity and uninterrupted customer service are paramount in today's digital world, and automation is key to preventing attacks quickly and efficiently. Cloudflare's DDoS protection is based on proprietary and fully automated mitigation systems - Gatebot and DosD.
Ease of use and management is a key principle of the developed Cloudflare DDoS protection. DDoS attacks are blocked at the edge to keep your servers running and accessible whether deployed on-premises, in the cloud, or in a hybrid environment.
Anycast Cloudflare's global network spans 200 cities and operates within 100 milliseconds with 99% of the internet connected population in developed countries. Each point deployed in these cities manages the entire Cloudflare security stack. This modern design approach provides faster threat prevention than the slower legacy method that relies on traffic redirection to limited cleanup centers.
Key features
Imperva incapsula
Guaranteed to repel any attack on a web application in less than 10 seconds
Manufacturer: Imperva
Sucuri Website Security Platform
Sucuri Website Security Platform is a service that protects websites from any kind of threat.
Manufacturer: Sucuri
Sucuri Website Security Platform is a service that protects websites from any kind of threat. Its work is based on redirecting traffic through the Sucuri servers, where, in fact, every incoming request to the site is checked and blocked in case of obvious suspicions. This approach does not reduce the speed of the site, since when the detected malicious request is blocked, everyone else will calmly proceed further. Moreover, the site's uptime is increased by the fact that requests go to a third-party Sucuri server and reduce the load on the site's server.
Also Sucuri Website Security Platform optimizes your website and makes it work faster. This is done by copying the pages to the branded CDN Anycast site, and then when the request is made, the user is presented with the copy that is on the nearest Sucuri server.
If the hacker still managed to break through the protection, then the Sucuri Website Security Platform will find the vulnerability of the site through which the attack was made and eliminate it for free.
Key features
F5 Big-IP
Manufacturer: F5 Networks
F5 Big-IP is a range of technology solutions that act as application controllers for financial institutions and businesses. They are hardware, software, or are provided as virtual services.
The F5 Big-IP platform allows the inclusion of multiple functional hardware modules. It should be noted that each device has its own combination of such modules, each of which is responsible for a separate network function.
F5 Big-IP runs on a proprietary system - TMOS, which allows controllers to more quickly adapt to specific situations in cloud environments and data centers.
The main advantages of the F5 Big-IP include:
DDoS mitigations are specialized hardware and software tools designed to protect the organization's web servers from distributed denial of service attacks. This type of attack is aimed at disrupting the availability (full or partial) of various public services, including websites, databases and application servers, in which legitimate users are no longer able to gain access. The principle of the attack is to generate a large amount of parasitic traffic, for the processing of which many computing resources will be allocated. As a result of an attack, organizations can incur large financial losses due to the fact that their customers cannot use the company's services. In a general sense, DDoS protection can be organized in two ways:
- using the services of external companies on the SaaS model (Security as a Service). Such a solution will avoid deep immersion in the technical component of the issue of protection against DDoS attacks, and will also reduce the cost of information security.
- by introducing proprietary means of protection against Denial of Service attacks, as well as by applying organizational and technical measures aimed at increasing the bandwidth of communication channels and using load balancing mechanisms.
On-premise DDoS protection tools are usually located at the edge of the network, in order to timely detect and filter malicious or parasitic traffic. Usually they are separate hardware, or located in a virtual machine. These tools require constant updating, as DDoS attack scenarios are constantly changing. The price for specialized equipment, as a rule, depends on the declared traffic processing speed and bandwidth. Considering the high cost of protection tools, the optimal complex may not cope with the processing of a very large DDoS attack.
To improve the effectiveness of protection, hybrid solutions can be used that, in addition to being built into the organization's infrastructure, are able to connect to a traffic cleaning center located in the cloud. This method also protects against attacks on the Internet channel, but in the event of an attack, it will take time to redirect traffic to the cleaning center.
There are also fully cloud-based solutions that can pass traffic through the cloud to the protected object in on-demand (on-demand) and always-on (always-on) mode. This method allows you to defend against attacks of any complexity, and as additional protection, cloud services offer other functions, for example, a web application protection system (WAF).
In addition to these features, DDoS protection tools provide reports on the results of attacks that have been carried out on an organization's resources. This allows analysis and, if necessary, modification of the infrastructure, as well as the assessment of the adequacy of the protection used.
List of remedies
DDoS-Guard Protection
Service for protection against ddos attacks, as well as a system for filtering and encrypting traffic
Manufacturer: DDoS-Guard
DDoS-GUARD is a service provider for DDoS protection and content delivery since 2011. Has its own geo-distributed filtering network, the channel capacity of which is more than 1.5 Tbps. Traffic cleaning centers are located in Russia, Germany, the Netherlands, Japan. Uses proprietary hardware and software systems.
We offer various protection options based on different technologies: proxying (remote protection), transferring a client's resource to a secure hosting or a dedicated server with protection, VPS, organizing IP transit (for corporate clients). Integration of the DDoS-GUARD network and the client can be carried out through a virtual, logical or physical channel. In addition, we offer SSL certificates that customers can install on their own directly through their personal account on the website.
Key features
DDoS-GUARD is a licensed telecom operator using a geo-distributed filtering network. Client traffic is cleared of parasitic packets at stations located in different parts of the world, which allows processing traffic as close to its sources as possible and minimizing delays. The company uses proprietary equipment for filtration. DDoS-GUARD solutions are licensed by FSTEC and included in the state software register of Russia.
DDoS-GUARD is one of the leaders in the fight against DDoS attacks and is extremely careful about security issues.
The company offers several options for connecting protection. You can use the services of remote protection using proxying (without changing hosting), and if, in addition to protecting against DDoS attacks, you need reliable fault-tolerant hosting, you can choose the option of moving the resource to the DDoS-GUARD site.
Advantages:
Constant monitoring of all incoming and outgoing traffic of the protected resource 24/7, and not only during attacks.
The ability to repel attacks at a speed of 1.5 TB / s and 120 million PPS.
Flexible pricing policy.
Transparent pricing, no hidden charges for attacking traffic.
The ability to organize protection in just 10 minutes.
An informative personal account with access to traffic statistics. Test period.
Prompt and professional technical support.
For informational support of users, the site provides a unique knowledge base and detailed instructions for connecting the service.
Disadvantages:
There is no notification of the client about the beginning of an attack on his resource.
It is not possible to generate a report or view the history of events in your personal account (you can only view it in real time).
You cannot customize the range of statistics on histograms.
There is no information on the methods of attacks being carried out.
StormWall
StormWall - a service for protecting websites from DDoS attacks Manufacturer: STORM SYSTEMS
The StormWall service is one of the leaders in the DDoS protection market. The headquarters of STORM SYSTEMS LLC is located in Moscow, but the company has points of presence in the largest data centers not only in Russia (Moscow), but also in the USA (Washington), Europe (Frankfurt), which allows efficient processing of traffic closer to the location of the client's resources.
STORM SYSTEMS LLC is an official member of the RIPE organization, has the status of a local Internet registrar (LIR) and has peer-to-peer traffic exchange agreements with major Internet providers. A significant part of the protection technologies are their own developments, which gives the StormWall service for protecting sites from DDoS attacks with very interesting functionality, which we will discuss below.
Key features
- Filtering all types of attacks
- Points of presence in Russia, USA and Europe
- StormWall technical support 24 hours a day
- Filtering transparency for users
- Site protection
- IP address protection (TCP / UDP)
- Network Security (BGP)
Variti
Variti is a service that protects against DDoS attacks, fraud, parsing, by filtering bots by individual requests and without blocking by IP addresses.
Manufacturer: Variti
Variti is a service that protects resources from malicious bots without losing live clients. Helps to rescue from DDoS attacks, fraud and parsing, protects APIs and conducts security audits. The proprietary traffic filtering technology allows blocking not entire IP addresses, but individual bot requests, which makes sites more accessible and safe for users, while not affecting their indexing by search engines.
Variti services are used by e-commerce, finance, hosting and media companies. The service operates on its own cloud infrastructure, does not load client servers in any way and does not require changes in the product code.
Key features
The main services are:
- DDoS protection (against high and low frequency attacks)
- Protection against bots (advertising fraud, brute force attacks, parsing)
- API protection (from auto-registrations, hacking, data theft)
- Security audit (load and stress testing, penetration testing)
- L7 attack protection from the first request, no blocking IP addresses
- Lack of CAPTCHA to detect bots HTTPS protection without exposing SSL and transferring logs
- Protecting mobile API without changes to the application code
- Web socket support
Garda Perimeter
Perimeter - an agro-industrial complex for reliable protection of networks of medium and large Internet providers and data centers from DDoS attacks of any type
Manufacturer: Garda Technologies
Hardware and software complex (APC) Perimeter is used for high-quality protection against DDoS attacks of any type of data centers, large companies and Internet providers. It cleans traffic from malicious content around the clock, ensuring a comfortable user experience.
The damage caused by DDos attacks can be very serious. Companies in the public and financial sectors, Internet providers, and online stores are especially vulnerable. The lost revenue from downtime due to attacks can be significant. APK Perimeter analyzes traffic in real time, detects various events and detects the activity of intruders, and then blocks it using heuristic methods. Thanks to sophisticated algorithms, the number of false positives has been significantly reduced. As a result of the work of the software complex, companies receive detailed information about traffic routing and are able to optimize it.
Key features
- Monitoring network traffic
- Detection and suppression of attacks and traffic anomalies
- The ability to analyze "raw" traffic
- Optimization, planning and control of the network structure
Kaspersky DDoS Prevention
Kaspersky DDoS Prevention is a solution designed to protect the client's Internet services from distributed denial of service attacks of all kinds Manufacturer: Kaspersky Lab
The DDoS protection system Kaspersky DDoS Prevention redirects traffic from clients' web resources to its servers, where traffic is classified, anomalies are detected, and various attacks are detected and blocked.
Thanks to the operation of Kaspersky DDoS Prevention, the impact of DDoS attacks on clients' online resources is reduced and the continuous availability of campaign resources is ensured. Traffic on the servers of Kaspersky Lab is analyzed continuously, during the analysis, notifications about the beginning or suspicion of attacks are displayed, then the traffic is sent for cleaning, after which it is redirected to the company's resources.
The fight against DDoS attacks is carried out due to their rapid detection at an early stage by translation analytics and DDoS threat monitoring systems. Organizations can use several methods of connecting to the Kaspersky DDoS Prevention system, which makes it possible to perform it in the most convenient way. Also, to improve the efficiency of countering Internet threats, Kaspersky Lab provides 24/7 service support. Thanks to the well-coordinated work of specialists, it becomes possible to detect the beginning of an attack at an early stage, configure the filtering mode and receive timely information about the operational situation and characteristics of attacks.
Key features
- A large number of methods for analyzing and suppressing attacks, including those based on patented technologies.
- A clear, non-overloaded interface.
- The availability of various ways to connect the service. Public and well crafted SLA. Technical support specialists are available 24x7.
- FSTEC of Russia certificate, the only one for solutions of this class.
- Present in the register of domestic software.
invGUARD
The invGuard network attack protection system analyzes and cleans traffic directly on the network, without transmitting traffic outside. Manufacturer: Inoventica Technologies
InvGuard system is a scalable platform for protecting data transmission networks from network attacks - DDoS with the possibility of detailed analysis of network traffic at speeds up to 10 Tbit / s, located in multi-service converged networks of telecom operators or corporate customers, provides unique opportunities for visualizing the network structure and main traffic flows, monitors key parameters of the network and performs high-speed traffic cleaning from malicious influences.
Identification and blocking of malicious influences occurs without affecting the legitimate consumer traffic on the network. For this, methods are used such as: blacklists, changing access rules, changing traffic routes and applying specialized filtering rules, with the ability to customize for each monitored object: IP-address, network block, interface, traffic profiles for each monitored object, etc. Analyzer (invGUARD AS) defines an attack suppression method and, if necessary, redirects traffic in automatic or manual modes to invGuard CS - Purifier.
The purifier uses innovative algorithms for cleaning traffic, including TCP authorization, shaping, blocking "hung" sessions, detection of zombies and other types of anomalous effects. Protection can be either automatic or manually activated by the system operator, or it can be complex in the case of protection against complex attacks.
Key features
Detection of anomalies and cyber threats
DoS ("denial of service") and DDoS (distributed DoS) attacks are the main types of malicious activity in global networks (including the Internet), which aim to bring the "victim" to a state where it is not will be able to serve legitimate users or correctly perform the functions assigned to it.
invGuard AS - The analyzer is used to identify these types of attacks in network traffic and detects anomalies and malicious influences based on special algorithms and heuristic methods.
Suppressing attacks and cleaning traffic
Identification and blocking of malicious influences occurs without affecting legitimate traffic to consumers in the network for this, methods are used: black lists, changing access rules, changing traffic routes and applying filters. The analyzer determines the way to suppress the attack and, if necessary, redirects traffic to invGuard CS - Purifier.
The purifier uses innovative algorithms for cleaning traffic, including TCP authorization, shaping, blocking "hung" sessions, zombie detection and others.
Protection can be automatic or activated by the system operator, or it can be complex in the case of protection against complex attacks.
Fortinet FortiDDoS
FortiDDoS is a modern means of protecting corporate data centers from DDoS attacks Manufacturer: Fortinet
Attackers are constantly developing new variants of Distributed Denial of Service (DDoS) attacks and using various technologies. Successfully countering such attacks requires an adaptable multi-layered security solution. FortiDDoS provides protection against both known and zero-day attacks while keeping latency low. The solution is easy to deploy and easy to administer. It includes comprehensive analysis and reporting tools.
Key features
- Layer 3, 4, and 7 DDoS protection with a Security Processor Unit (SPU) supporting application-specific traffic shaping
- No need for signature files with behavior-based DDoS protection technology
- Fewer false positives thanks to continuous threat assessment
- Ability to track hundreds of thousands of parameters simultaneously
- Counteracts any DDoS attacks: bulk, layer 7 attacks, and SSL / HTTPS attacks
- Protecting DNS services from attacks with specialized tools
Qrator
Qrator is a service that provides comprehensive protection against DDoS attacks, its work is organized in such a way that the company's infrastructure can hold back the defense from the constant onslaught of cyber attacks.
Manufacturer: Qrator Labs
Qrator is a service that provides comprehensive protection against DDoS attacks, its work is organized in such a way that, when used, the company's infrastructure can hold back the defense from the constant onslaught of cyber attacks. This is ensured by connecting filtering nodes to the largest Internet providers in Russia, Western and Eastern Europe, as well as the USA and Southeast Asia.
As a rule, when a site is found to be undergoing a DDoS attack, the responsible persons ask the hosting provider to take appropriate action. However, if the attack is of a serious scale, then such a move will not help solve the problem, because when designing conventional hosting networks, there is no special emphasis on developing a decent security system and on the ability to withstand heavy loads.
Qrator, in turn, is designed to solve this problem, it is designed for a large number of concurrent DDoS attacks. Thus, the Qrator Labs network can withstand heavy loads, and its security system will not fail even in the most difficult cases. Also, it is worth noting that when one site connected to this service is attacked, others do not lose their performance.
Key features
- Deterministic processing of IP packets, which does not require the establishment of TCP connections;
- Approximately 1000 Gbps passive bandwidth available;
- Processing and analysis of every incoming TCP connection.
- More than 300 Gbps active bandwidth available;
- Thanks to the best protection technologies, false positives while repelling DDoS attacks are minimized (less than 5%);
- The ability to quickly integrate into the company's infrastructure - the network is trained in less than 2 hours;
- When proxying traffic, additional time is added - from 0 to 100 ms;
- The ability to provide protection for an unlimited number of services.
Kona site defender
Kona Site Defender is a solution developed by Akamai Technologies that protects websites and APIs from sophisticated attacks using a multi-layered toolbox.
Manufacturer: Akamai Technologies
Kona Site Defender is a solution developed by Akamai Technologies that protects websites and APIs from sophisticated attacks using a multi-layered toolbox. DDoS protection technologies are always active, so traffic does not need to be redirected until the consequences of an already carried out attack are eliminated. In addition, Kona Site Defender's visibility covers 15-30% of the world's web traffic, providing threat intelligence, allowing a team of experts to continually develop rules to prevent emerging attacks. Also, a team of Kona Site Defender experts are ready to work with customers to integrate additional components for maximum security.
Kona Site Defender protects against all types of DDoS attacks against web applications and direct-to-origin attacks, and, as an add-on, includes a fast DNS solution to mitigate DDoS attacks on your DNS infrastructure.
Kona Site Defender is deployed on Akamai's smart platform, which consists of more than 230,000 servers in over 3,500 locations in 131 countries. Attacks are blocked far from the web server and client web applications - at the edge of the Akamai network.
Key features
- Customizable and automated protection in one solution;
- Extended API security;
- Zero-Second DDoS Mitigation SLA;
- Detailed visibility of attacks and reporting;
- IP reputation (optional). Visibility of prior malicious behavior towards other organizations, the optional customer reputation service alerts you to traffic from known malicious clients;
- Managed Security Service (optional). If your organization does not have the resources or expertise to manage WAF, Akamai provides additional cloud-based security services.
CloudFlare DDoS Protection
CloudFlare DDoS Protection is a service that provides services to protect websites from DDoS attacks. The solution filters traffic through its hubs before it is directed to the customer's site.
Manufacturer: CloudFlare
CloudFlare DDoS Protection is a service that provides services to protect websites from DDoS attacks. The solution filters traffic through its centers before it is directed to the customer's site, allows you to protect his data thanks to the reliable CloudFlare infrastructure and a very competent team of specialists.
CloudFlare DDoS Protection's layered approach to security combines multiple DDoS mitigation capabilities into a single service. It prevents crashes caused by malicious traffic while allowing legitimate traffic to pass through, keeping websites, applications and APIs highly available and performant.
Business continuity and uninterrupted customer service are paramount in today's digital world, and automation is key to preventing attacks quickly and efficiently. Cloudflare's DDoS protection is based on proprietary and fully automated mitigation systems - Gatebot and DosD.
Ease of use and management is a key principle of the developed Cloudflare DDoS protection. DDoS attacks are blocked at the edge to keep your servers running and accessible whether deployed on-premises, in the cloud, or in a hybrid environment.
Anycast Cloudflare's global network spans 200 cities and operates within 100 milliseconds with 99% of the internet connected population in developed countries. Each point deployed in these cities manages the entire Cloudflare security stack. This modern design approach provides faster threat prevention than the slower legacy method that relies on traffic redirection to limited cleanup centers.
Key features
- Easy to use and manage - Cloudflare's DDoS protection is built on an intuitive interface that allows users to quickly and easily protect their Internet resources from new and complex DDoS threats with just a few clicks;
- Save money - all Cloudflare plans offer unlimited Prevention of Distributed Denial of Service (DDoS) attacks, regardless of the size of the attack, at no additional cost;
- Unlike other solutions, Cloudflare's DDoS protection does not have a co-location with other highly restricted "cleanup centers" connected. Each of our hubs globally hosts all Cloudflare security services, providing a distributed and automated model to prevent any DDoS attack;
- Threat intelligence technologies - CloudFlare DDoS Protection leverages information from its global network, which protects over 25 million websites and has more than 1 billion unique IP addresses passing through it every day, allowing it to collect data and use it to improve the effectiveness of protection;
- Security Integration - The solution is capable of integrating, training, and seamlessly working with security products;
- Cloudflare Analytics allows you to analyze DDoS events using your Cloudflare dashboard or GraphQL. Additionally, Cloudflare logs can be integrated with leading third-party SIEM systems for more productive security.
Imperva incapsula
Guaranteed to repel any attack on a web application in less than 10 seconds
Manufacturer: Imperva
Sucuri Website Security Platform
Sucuri Website Security Platform is a service that protects websites from any kind of threat.
Manufacturer: Sucuri
Sucuri Website Security Platform is a service that protects websites from any kind of threat. Its work is based on redirecting traffic through the Sucuri servers, where, in fact, every incoming request to the site is checked and blocked in case of obvious suspicions. This approach does not reduce the speed of the site, since when the detected malicious request is blocked, everyone else will calmly proceed further. Moreover, the site's uptime is increased by the fact that requests go to a third-party Sucuri server and reduce the load on the site's server.
Also Sucuri Website Security Platform optimizes your website and makes it work faster. This is done by copying the pages to the branded CDN Anycast site, and then when the request is made, the user is presented with the copy that is on the nearest Sucuri server.
If the hacker still managed to break through the protection, then the Sucuri Website Security Platform will find the vulnerability of the site through which the attack was made and eliminate it for free.
Key features
- The presence of a scanner that checks the site for threats at regular intervals;
- Alerts that the site is in the black list of search engines;
- The server stores event and access logs;
- Seamless integration; Flexible management;
- Optimization of the site and its acceleration;
- Free troubleshooting in case of unforeseen site hacking.
F5 Big-IP
Manufacturer: F5 Networks
F5 Big-IP is a range of technology solutions that act as application controllers for financial institutions and businesses. They are hardware, software, or are provided as virtual services.
The F5 Big-IP platform allows the inclusion of multiple functional hardware modules. It should be noted that each device has its own combination of such modules, each of which is responsible for a separate network function.
F5 Big-IP runs on a proprietary system - TMOS, which allows controllers to more quickly adapt to specific situations in cloud environments and data centers.
The main advantages of the F5 Big-IP include:
- Flexible control of traffic flows and increased performance, achieved through an open software application interface (API).
- F5 Networks devices use a special iRules scripting language, which allows traffic control with great accuracy.
- Ability to deploy and manage network services within specific applications using iApps templates.
Last edited:
