Freely subscribe to our NEWSLETTER

As most enterprises and financial institutions have deployed cloud-based DDoS mitigation services from one of two primary providers, regulators, auditors and the enterprises themselves fear a simultaneous attack could overwhelm the finite resources of either of these two providers. This could cause a DDoS mitigation provider to go down and take their customers with them. Due to this Concentration Risk, these organizations want a highly scalable secondary provider that can step in and protect them from DDoS attacks should their primary provider be unable to deliver protection.

Similar to police SWAT (Special Weapons and Tactics) teams, Defense.Net DDoS SWAT provides backup support on top of an existing DDoS mitigation service. Targeted to large enterprises, it is designed for the increasingly frequent large-scale attacks that have overwhelmed traditional DDoS mitigation services and have even exceeded the size of the Internet pipe before any traffic can even reach an organization’s mitigation equipment. Defense.Net DDoS SWAT provides a massive amount of bandwidth of up to ten times the capacity per customer of existing DDoS mitigation services, combined with new technologies custom built to respond to today’s modern attacks. When overlaid on top of a primary DDoS mitigation solution, it provides an added level of protection to ensure operational continuity.

“When there is normal criminal activity, the police can generally handle the situation, but in particularly dangerous or threatening scenarios, the response is escalated to the SWAT team for a more aggressive response,” said Barrett Lyon, founder and CTO of Defense.Net. “Think of traditional DDoS mitigation solutions as the police and Defense.Net DDoS SWAT as the police SWAT team that is always there and can be called in when the police needs additional assistance.”

Defense.Net DDoS SWAT is based on four new technologies developed by Barrett Lyon. These include:

· Defense.Net Traffic SpectrumTM: a new technique for breaking multi-layer attacks into their components for more thorough mitigation via the only systems specifically designed to mitigate each attack vector: White List, Black List, SYN Traffic (including SYN Flood attacks), Connection Accumulation Traffic, Layer 7 Traffic, DNS Traffic (including DNS Reflection attacks), etc. Legacy DDoS has a “one box does all” approach that cannot get to the level of detail or scalability required for the new generation of DDoS attacks.

· Defense.Net IP Reflection TM: a patent-pending artifact-free technology that delivers clean traffic back to the organization under attack. The returned traffic has the appearance of traffic coming from the original visitor which ensures normal delivery and eliminates false fraud alerts. This unique asymmetric approach requires only inbound traffic be diverted and thus needs only a fraction of the bandwidth (less than one-eighth) of legacy symmetric DDoS mitigation technology. This asymmetric approach also reduces the latency generated by symmetric technology used by legacy DDoS mitigation.

· Defense.Net SYN Assure TM: a new technique for mitigating SYN Flood attacks that detects suspect SYN requests and conducts further analysis before blocking. Prevents the common problem with legacy DDoS technology that blocks legitimate traffic.

· Defense.Net AttackView™: the only interactive portal to provide customers with detailed information on an attack in real-time, as well as post-attack analysis. Includes data not typically provided by leading DDoS mitigation services, including attack origin, diagnostics of the attack traffic, specific mitigations performed, the result of each mitigation vector on attack traffic, and how each attack responds and morphs based on the specific mitigations performed.

After installation and configuration, Defense.Net DDoS SWAT operates 24x7 on a standby basis on top of existing DDoS solutions, providing an always-on insurance against attack. It fully integrates with on-premises or hosted defenses and is designed to operate in tandem with the equipment of all leading security hardware providers.

In addition to the new technology in Defense.Net DDoS SWAT, the service also includes the Defense.Net “Zero Day Team.” This team includes the best and brightest DDoS mitigation experts and network operators in the world, including veterans of Prolexic, Verisign, BitGravity, Juniper, Box.net and Apple’s security team. Defense.Net founder and CTO Barrett Lyon’s understanding of DDoS stretches back to his teenage years in the 1990’s when he operated IRC chat servers – the focal point for the creation of today’s DDoS techniques. As the DDoS threat spread to businesses, he went on to pioneer defenses for a variety of companies, including online wagering and one of the largest insurance companies. This led to his pursuit of hackers operating as part of the Russian mob, as chronicled in the best-selling book, Fatal System Error by Joseph Menn. After founding Prolexic Technologies, Lyon founded two successful companies focused on streaming digital content on the web.