Home / Industry

Faster DDoS Mitigation - Introducing Verisign OpenHybrid Customer Activated Mitigation

In the recently published Forrester WAVE: DDoS Service Providers, Q3 2015 report (in which Verisign was identified as a leader), Forrester notes the importance of a hybrid approach to distributed denial of service (DDoS) protection. Specifically, the report highlights the pros and cons of on-premise and cloud-based DDoS protection solutions, and advocates for a hybrid solution that incorporates elements of both; specifically the speed to mitigation of on-premise with the scrubbing capacity of cloud-based.

We couldn't agree more. That's why in early 2015, Verisign announced the availability of the Verisign OpenHybrid™ architecture, an API-centric and automated approach to DDoS protection. This groundbreaking approach gives organizations increased awareness of attacks and improved ability to mitigate them across on-premise devices and in public and private cloud environments.

And today, I am pleased to announce the availability of Verisign OpenHybrid™ Customer Activated Mitigation, an important update to the Verisign OpenHybrid™ architecture that gives customers even more control of their DDoS protection strategy while greatly reducing the time to mitigate attacks.

Customer Activated Mitigation enables an organization to initiate or cease immediate DDoS mitigation across Verisign's global network of scrubbing centers via Border Gateway Protocol (BGP) routing without having to contact Verisign for manual intervention.

How does it work?

In two minutes or less, the following steps are taken to mitigate DDoS attacks:

  1. A customer experiencing a DDoS attack announces the IP prefix needing protection via preconfigured BGP sessions with Verisign using special community strings.
  2. A BGP listener on Verisign's network edge triggers a mitigation as soon as it receives the announcement sent over a pre-configured Generic Routing Encapsulation (GRE) tunnel between the customer router and the Verisign network.
  3. Once the IP prefix is received, Verisign advertises the learned prefix to upstream service providers and peers so that all traffic covered by the IP prefix goes to Verisign DDoS Protection Services scrubbing centers.
  4. A pre-defined set of mitigation templates and countermeasures are automatically applied and Verisign Technical Support Services are alerted so that they can monitor and optimize the mitigation to ensure clean traffic is forwarded back to the customer's network via dedicated cross-connects, or GRE tunnels.

While mitigation is taking place, customers can view event details, traffic graphs and associated alerts on the Verisign DDoS Customer Portal.

Verisign Openhybrid™ Customer Activated Mitigation – The customer-activated mitigation traffic redirection technique is particularly well suited to work with Verisign's DDoS Protection Services because of Verisign's global network and robust peering. Verisign's network is architected to provide for optimal convergence times when advertising customer IP address space to ingest and mitigate traffic faster.

As an integral component of the full Verisign OpenHybrid™ architecture, Customer Activated Mitigation gives organizations the ability to quickly and effectively defend against DDoS attacks, delivering:

  1. Reduced time to mitigation
  2. Increased control over initiating and stopping DDoS mitigations
  3. Immediate operational support from Verisign's experts.

If you are interested in learning more about Verisign OpenHybrid™ Customer Activated Mitigation, read the overview or request a consultation with an expert.


About Verisign – Verisign, a global leader in domain names and internet security, enables internet navigation for many of the world's most recognized domain names and provides protection for websites and enterprises around the world. Verisign ensures the security, stability and resiliency of key internet infrastructure and services, including the .com and .net domains and two of the internet's root servers, as well as performs the root-zone maintainer functions for the core of the internet's Domain Name System (DNS). Learn More

Related topics: Cyberattack, Cybersecurity, DDoS


Don't miss a thing – get the Weekly Wrap delivered to your inbox.

Related Blogs

Related News

Explore Topics

Dig Deeper

IP Addressing

Sponsored by Avenue4 LLC

DNS Security

Sponsored by Afilias

Mobile Internet

Sponsored by Afilias Mobile & Web Services


Sponsored by Verisign

Promoted Posts

Buying or Selling IPv4 Addresses?

ACCELR/8 is a transformative IPv4 market solution developed by industry veterans Marc Lindsey and Janine Goodman that enables organizations buying or selling blocks as small as /20s to keep pace with the evolving demands of the market by applying processes that have delivered value for many of the largest market participants. more»

Industry Updates – Sponsored Posts

Verisign Named to the Online Trust Alliance's 2017 Audit and Honor Roll

Attacks Decrease by 23 Precent in 1st Quarter While Peak Attack Sizes Increase: DDoS Trends Report

Leading Internet Associations Strengthen Cooperation

Verisign Releases Q4 2016 DDoS Trends Report: 167% Increase in Average Peak Attack from 2015 to 2016

Verisign Q3 2016 DDoS Trends Report: User Datagram Protocol (UDP) Flood Attacks Continue to Dominate

2016 U.S. Election: An Internet Forecast

Government Guidance for Email Authentication Has Arrived in USA and UK

ValiMail Raises $12M for Its Email Authentication Service

Don't Gamble With Your DNS

Defending Against Layer 7 DDoS Attacks

Understanding the Risks of the Dark Web

New TLD? Make Sure It's Secure

Verisign Releases Q2 2016 DDoS Trends Report - Layer 7 DDoS Attacks a Growing Trend

How Savvy DDoS Attackers Are Using DNSSEC Against Us

Facilitating a Trusted Web Space for Financial Service Professionals

MarkMonitor Partners with CYREN to Deepen Visibility into Global Phishing Attacks

Verisign Named to the Online Trust Alliance's 2016 Honor Roll

Verisign Q1 2016 DDoS Trends: Attack Activity Increases 111 Percent Year Over Year

Is Your TLD Threat Mitigation Strategy up to Scratch?

i2Coalition to Host First Ever Smarter Internet Forum