Buying or Selling IPv4 Addresses?

Watch this video to discover how ACCELR/8, a transformative trading platform developed by industry veterans Marc Lindsey and Janine Goodman, enables organizations to buy or sell IPv4 blocks as small as /20s.

Avenue4 LLCRead Message Promoted Post

Home / Industry

Faster DDoS Mitigation - Introducing Verisign OpenHybrid Customer Activated Mitigation

In the recently published Forrester WAVE: DDoS Service Providers, Q3 2015 report (in which Verisign was identified as a leader), Forrester notes the importance of a hybrid approach to distributed denial of service (DDoS) protection. Specifically, the report highlights the pros and cons of on-premise and cloud-based DDoS protection solutions, and advocates for a hybrid solution that incorporates elements of both; specifically the speed to mitigation of on-premise with the scrubbing capacity of cloud-based.

We couldn't agree more. That's why in early 2015, Verisign announced the availability of the Verisign OpenHybrid™ architecture, an API-centric and automated approach to DDoS protection. This groundbreaking approach gives organizations increased awareness of attacks and improved ability to mitigate them across on-premise devices and in public and private cloud environments.

And today, I am pleased to announce the availability of Verisign OpenHybrid™ Customer Activated Mitigation, an important update to the Verisign OpenHybrid™ architecture that gives customers even more control of their DDoS protection strategy while greatly reducing the time to mitigate attacks.

Customer Activated Mitigation enables an organization to initiate or cease immediate DDoS mitigation across Verisign's global network of scrubbing centers via Border Gateway Protocol (BGP) routing without having to contact Verisign for manual intervention.

How does it work?

In two minutes or less, the following steps are taken to mitigate DDoS attacks:

  1. A customer experiencing a DDoS attack announces the IP prefix needing protection via preconfigured BGP sessions with Verisign using special community strings.
  2. A BGP listener on Verisign's network edge triggers a mitigation as soon as it receives the announcement sent over a pre-configured Generic Routing Encapsulation (GRE) tunnel between the customer router and the Verisign network.
  3. Once the IP prefix is received, Verisign advertises the learned prefix to upstream service providers and peers so that all traffic covered by the IP prefix goes to Verisign DDoS Protection Services scrubbing centers.
  4. A pre-defined set of mitigation templates and countermeasures are automatically applied and Verisign Technical Support Services are alerted so that they can monitor and optimize the mitigation to ensure clean traffic is forwarded back to the customer's network via dedicated cross-connects, or GRE tunnels.

While mitigation is taking place, customers can view event details, traffic graphs and associated alerts on the Verisign DDoS Customer Portal.

Verisign Openhybrid™ Customer Activated Mitigation – The customer-activated mitigation traffic redirection technique is particularly well suited to work with Verisign's DDoS Protection Services because of Verisign's global network and robust peering. Verisign's network is architected to provide for optimal convergence times when advertising customer IP address space to ingest and mitigate traffic faster.

As an integral component of the full Verisign OpenHybrid™ architecture, Customer Activated Mitigation gives organizations the ability to quickly and effectively defend against DDoS attacks, delivering:

  1. Reduced time to mitigation
  2. Increased control over initiating and stopping DDoS mitigations
  3. Immediate operational support from Verisign's experts.

If you are interested in learning more about Verisign OpenHybrid™ Customer Activated Mitigation, read the overview or request a consultation with an expert.

Verisign

About Verisign – Verisign, a global leader in domain names and internet security, enables internet navigation for many of the world's most recognized domain names and provides protection for websites and enterprises around the world. Verisign ensures the security, stability and resiliency of key internet infrastructure and services, including the .com and .net domains and two of the internet's root servers, as well as performs the root-zone maintainer functions for the core of the internet's Domain Name System (DNS). Visit Page

Related topics: Cyberattack, Cybersecurity, DDoS
SHARE THIS POST

If you are pressed for time ...

... this is for you. More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Vinton Cerf, Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Related

Topics

DNS Security

Sponsored byAfilias

IP Addressing

Sponsored byAvenue4 LLC

Cybersecurity

Sponsored byVerisign

Mobile Internet

Sponsored byAfilias

Promoted Post

Buying or Selling IPv4 Addresses?

Watch this video to discover how ACCELR/8, a transformative trading platform developed by industry veterans Marc Lindsey and Janine Goodman, enables organizations to buy or sell IPv4 blocks as small as /20s.