network background popup

Two Cloud Based Security Solutions for Networks

solution
  • DOSarrest’s Traffic Analyzer (DTA)

  • DDoS protection for network infrastructure


Concerned that your network infrastructure could be a target of malicious traffic?

This is one of the worst scenarios to be in, depending on what type of business you have, a hacker can flood your network with 100’s of Gb/sec of traffic targeting any IPs that are part of your network infrastructure.

Without adequate and tested protection in place your whole data center, websites, applications or corporate network access will cease to function, and you will be at the mercy of your network provider to solve the problem.

We all know how quick network providers are to snap into action and solve problems in a timely fashion!

The misconception

Network engineers employed by corporations or hosting operations are under the impression that their ISP or upstream provider will take care of a large network flood of nuisance traffic that’s overwhelming their link to the Internet.

Without a prearranged agreement in place with your network provider you may be out of luck. Then there are the network providers who claim to be able to handle a DDoS flood of traffic but have little or no experience handling such large volumes of traffic in a timely fashion, especially when the target is rotating on different IPs inside your network.

Reality check

ISP’s, hosting providers and network providers will not allow an attack on your network to negatively impact other customers. The immediate solution for them is to null-route or black-hole your IP space, you lose but your provider saves their other customers.

Not sure if your network can handle a DDoS attack on your infrastructure ?

Then you should test it……… Try our DDoS attack platform. Learn more here.

Overview

DOSarrest has 2 services for network operators

  1. DOSarrest’s Traffic Analyzer (DTA)
  2. Data Center Defender (DCD)

DOSarrest’s Traffic Analyzer (DTA)

Why use DTA ?

Most network engineers have no real-time insights of what’s going on in their network at any one time, let alone what happened yesterday, last week or last month, making finding any trend next to impossible. They know what the bandwidth volume is but not what applications or systems are consuming the bandwidth, like Web, Mail, DNS, SQL, etc are. It can make capacity planning and QOS, very difficult.

As of late this type of network analysis was only available by deploying and configuring expensive on premises hardware along with maintenance and licensing contracts. This is a thing of the past, as this mode of analysis belongs in the cloud with an operator that can give you actionable intelligence you can use in real-time.

The Solution

Practically every router and most switches these days produce an incredible amount of information on what types of traffic and at what volumes are traversing the network. DTA allows network operators to send this Netflow, Sflow or Jflow traffic analysis data to our DTA big data platform where it is stored and then presented to a customer in an easy to view fashion in real-time.

solution

Why Use DOSarrest’s Traffic Analyzer

  • No on premise hardware
  • No licencing agreements
  • No long term contracts
  • Create ACL’s based on real-time traffic analysis
  • Simple setup, just add 1 line to your router configuration
  • Amalgamate traffic from multiple routers into 1 easy to understand dashboard
  • Historical records can be retained for up to 1 year.
  • Interactive dashboard displays, see the info you want and how you want to see it.

Available metrics easily viewable using the customer portal

  • Top 10 countries
  • Top 10 ASN’s
  • Top 10 Netblocks
  • Top 10 Source IPs
  • Top 10 Destination IPs
  • Top 10 Protocols and ports

All displays are interactive and allow you to select custom time intervals, as specific as a 5 minute window

Once DTA is in place you are now ready to use the DCD platform if you chose and automatically protect any IP address or netblock inside your network from DDoS attacks, traffic floods, or setup blacklists/whitelists, and define pretty much any trigger that will cause DOSarrest’s global network to auto mitigate any malicious traffic that you predefine.

DDoS protection for Network infrastructure

DOSarrest’s Data Center Defender DCD

DOSarrest developed the Datacenter Defender (DCD), specifically to protect network infrastructure, the DCD platform leverages the mitigation engines of DOSarrest’s global network, scrubbing DDoS traffic (volumetric and advanced) and then routing valid traffic on an established clean path back to the customer's Datacenter or network, all within a few seconds.

How it works

This service has a number of configuration options, the most popular mode is that the customer feeds DOSarrest their Netflow,Sflow or Jflow network data. The customer then defines thresholds on their whole netblock and as granular as a single IP address. Once a threshold has been triggered, DOSarrest will advertise the specific class C on the customers behalf that is being attacked this causes all traffic for that specific Class C to ingress to all of DOSarrest’s scrubbing centers, where it is cleaned and then tunneled back to the customer’s network. The return traffic is routed directly to the Internet visitor from the customers network (Asymmetric routing) This minimizes latency and provides the ultimate performance when under attack. Once the attack has stopped the system will withdraw the customers’ class C advertisement from Dosarrest’s network and the traffic will ingress and egress from the Customer’s network as it normally does. This is all done automatically!

Your network infrastructure is completely protected 24/7 and monitored by our 24/7/365 SOC and you can also login and see the attack and mitigation in near real-time.

Why Use DOSarrest’s Data Center Defender Platform ?

  • Protect any amount of IP space and in any global location
  • Volumetric traffic anomalies continuously monitored every few seconds
  • Asymmetric routing for ultimate performance
  • Define thresholds on a single IP address or as large as a /16 networks
  • Traffic analysis – See what’s passing through any interface inside your network real-time using our customer portal
  • Multiple configuration options, Always-on, on-demand and auto fail-back.

Below is a sample of some thresholds and triggers that can be configured on any netblock and as granular as a single IP address based on BPS or PPS. White-listing and black-listing is also available.

IP Based on any type of IP traffic (UDP, ICMP, TCP or any other IP protocol) for BPS and/or PPS
TCP Based on any type of TCP traffic only. You can create even more unique profiles for certain types of TCP packets such as:
  • TCP+SYN
  • TCP+RST
  • TCP+SYN+ACK
UDP Based on any type of UDP traffic only
ICMP Based on any type of ICMP only
HTTP/s Based on any TCP traffic for ports 80/443, source or destination
DNS Based on any UDP traffic on port 53, source or destination
NTP Based on any UDP traffic on port 123, source or destination


Click Here To View Pricing

The DCD Platform can be configured in 3 ways:

BGP Based Trigger

In this type of configuration, customers configure a BGP session with DOSarrest, over which they can announce their netblocks anytime. This will cause all visitors to that netblock to come into the DOSarrest network, where the attack traffic will be scrubbed, and clean traffic tunneled/routed back to the customer network.

Control method: Customer controlled

Modes of Operation: “Always on” or “hotstandby”

Connectivity Options: GRE, IPsec, direct connect, MPLS/VPLS, Equinix Cloud Exchange, Cloud WAN.

Flow Based Trigger

For customers who do not have BGP capabilities, but are able to export Network Flows (Netflow/Jflow/Sflow) to the DCD platform. The DCD platform will analyze incoming flows, and automatically modify routing for effected netblocks and immediately mitigate the attack once it starts to come into the DOSarrest network. Once the attack is over, routing is restored back to normal.

Control method: Automatic

Modes of Operation: “Always on” or “hotstandby”

Connectivity Options: GRE, IPsec, direct connect, MPLS/VPLS, Equinix Cloud Exchange, Cloud WAN.

Secure Stack

For customers who are not able to do option 1 or 2, and have a server or stack that needs DDoS protection. Typical customers of this service are organizations who are co-locating their servers, or using a public cloud (eg. AWS or Rackspace).

Users of this service are allocated a Secured DOSarrest IP/IP’s, which they configure on their servers. A tunnel is created from the DOSarrest network to the server(s), over which the Secured IP is routed.

Control method: Customer controlled

Modes of Operation: “Always on” or “hotstandby”

Connectivity Options: GRE or IPsec.

The DCD platform is supported 24/7/365 by our SOC and can be a fully managed service.