DDoS Protection and DDoS Mitigation
An intelligent protection against sophisticated DDoS attack
An intelligent protection against sophisticated DDoS attacks.
Globally, the magnitude and complexity of cyber-attacks has evolved, and DDoS attacks have become a major concern in Internet security today. Prevent unnecessary website downtime with Primary Guard’s DDoS Protection, the best solution for providing DDoS mitigation and DDoS attack prevention from a wide array of attack vectors.
What is a DDoS Attack?
A Distributed Denial-of-Service (DDoS) attack is an attempt to make an online service unavailable by overwhelming it with network traffic from multiple sources. During a DDoS attack, no one can access the network resources, which means that for web servers running eCommerce sites, consumers will not be able to purchase products or receive any assistance.
Companies can lose up to $20,000 per hour in the event of a successful DDoS attack. According to ITIC estimates, downtime and service degradation during peak can result in huge loss of revenue (average loss is about $5,600 per minute).
Common Types of DDoS Attacks
On the Internet, a network connection is composed of many different “layers”. These layers form what’s called the Open Systems Interconnection (OSI) model (shown below):
Application Layer (7)
Applications access the network service
(user-computer interaction layer)
Presentation Layer (6)
Ensures that data is in a usable format and is where data encryption occurs.
Session Layer (5)
Maintains connections and is responsible
for controlling ports and sessions.
Transport Layer (4)
Transmits data using transmission
protocols including TCP and UDP
Network Layer (3)
Decides which physical path
the data will take
Datalink Layer (2)
Defines the format of data
on the network
Physical Layer (1)
Transmits raw bit stream over
the physical medium
These are some of the most popular attack vectors.
Depending on which layer of the OSI model is being targeted, most DDoS attacks are attacks that target the Network, Transport, Presentation and Application layers.
A protocol attack that attempts to “flood” the targeted server, service or network with TCP ACK packets. It’s usually done with IP spoofing and is very difficult to stop without using a CDN to filter out unnecessary traffic.
A protocol attack that attempts to “flood” the targeted server, service or network with TCP SYN packets. In a 3-way handshake, the target will reply with TCP ACK packets, which increase the load of the target server. It’s the same as ACK flood, which uses IP spoofing to prevent being detected.
A protocol attack that attempts to “flood” the targeted server, service or network with UDP packets. This causes the target to overload, and unable to process and respond to legitimate traffic.
An application layer attack that attempts to flood the targeted server, service or network with large numbers of HTTP requests, resulting in denial-of-service.
Malware that infects IoT devices that run on ARC processors. Infected devices will turn into botnets, which can be used to launch DDoS attacks from those devices without spoofing the IP addresses.
A volumetric attack that exploits the vulnerability of LDAP (Lightweight Directory Access Protocol) that is capable of doing reflection/amplification to perform DDoS attack. Requests with victim IP as spoofed IP are sent to those vulnerable servers and those servers will respond to the victim, causing a DDoS attack.
Don’t be a victim of any of these cyberattacks. Avoid having to scale back potential data loss or downtime by taking preventive measures to protect your services.
Business Concerns of DDoS Attacks
Ease of purchasing DDoS-as-a-service tools (<$150) from the Dark Web.
Complicated price structure for most cloud providers
Loss of trust from potential customers due to bad website performance
Unpredictable web domain downtime
Massive amount of website traffic which floods and overloads the origin server
Can come simultaneously from many locations
Our Solution
Naturally, time is of the essence when it comes to DDoS protection. Prompt DDoS detection is a critical phase of the mitigation process – the faster security systems can detect a potential threat, the better the chance of minimising damage and even neutralising the threat.
Primary Guard provides a solid DDoS protection platform that is built to withstand and mitigate all kinds of DDoS attacks.
Key Details of Our Solution
DDoS attacks are absorbed by the nearest data centre to where the attack is originated – no longer using the legacy scrubbing centre approach.
Limit the number of incoming requests, block bad bots from credential stuffing, content scraping, credit card stuffing, inventory hoarding and more.
Request logs are available to download or push to various destinations, e.g. Amazon S3, Microsoft Azure, Sumo Logic, Elastic and more. Various visualizations and metrics available to increase web traffic visibility and quicker decision making.
No major configuration changes needed from customer – requires only nameserver change on the registrar to onboard. Works with on-premise and cloud-based solutions.
Unlimited and unmetered DDoS mitigation No extra charge for any size and layer of DDoS attack mitigated.
Biggest network capacity globally to mitigate and protect from any kind/layer of DDoS attack With more than 51Tbps of network capacity and rapidly growing, our solution is able to mitigate even the largest DDoS attack ever recorded until this point of time.
Single Platform with multi-user account access Fine-grained control that assigns only the necessary permissions to each user. This is to ensure the access management can be controlled with relevant permission and logged for audit trail purpose.
Fast-growing DDoS protection Number of PoPs (Point of Presence) and network capacity is increasing around 2-3 on a monthly basis to mitigate more sophisticated and larger DDoS attacks.
Get In Touch
