DDoS Protection
DDoS Protection is an Edge Firewall add-on that protects your applications against Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks, at the network, transport, presentation, and application layers (layers 3, 4, 6, and 7 of the OSI model, respectively).
At Azion, DDoS Protection is unmetered and is automatically enabled in all accounts. It offers protection against DoS and DDoS attacks with unmetered bandwidth. This means that, no matter how much DDoS attack traffic is directed to your edge applications or the Azion infrastructure, the Azion dedicated network will guarantee that all services are constant and not affected by the attack. As it’s unmetered, mitigation using this protection won’t appear on billing. For more information regarding traffic accounting, see the pricing page.
It runs specific algorithms directly on Azion’s distributed network to detect small attacks from a single IP and large-scale attacks from criminal botnet networks.
The mitigation of DDoS attacks is carried out by Azion and doesn’t impact the performance of its applications. It also doesn’t require specific configuration, but custom rules can be configured for specific detection, mitigation, and targeted attacks.
DDoS Protection advantages and characteristics
Always-on mitigation
DDoS Protection is always-on. It’s continuously monitoring the network flow by inspecting incoming traffic. It also provides advanced traffic analysis and signature algorithms to detect and block malicious traffic in time and with no impact on your applications. It also uses Deep Packet Inspection (DPI) and Artificial Intelligence (AI) algorithms to detect abnormal traffic behavior for accurate detection, reducing false positives.
Flexible and customizable protection
Azion will be able to apply customized rules to mitigate sophisticated attacks from the network, transport, presentation, and application layers. These rules can be applied instantly, allowing you to quickly and efficiently protect your content or application. You can implement custom rules to mitigate specific attacks, using Edge Firewall, a programmable firewall at the edge equipped with Network Layer Protection, Rate Limiting, WAF, and Bot Manager.
Advanced detection
DDoS Protection offers advanced detection, inspecting network flows, as well as monitoring each application layer for its resources delivered by Azion using Edge Firewall and Web Application Firewall. It uses advanced algorithms and Software-defined Networking (SDN) for granular detection and mitigation of DDoS attacks, such as HTTP Floods, HTTP Slow Reads, DNS Query Floods, SYN/ACK Flood, and many others.
Azion’s network of over 100 edge locations offers built-in DDoS protection and global scrubbing centers, achieving a median latency of less than 30ms across the Americas and Europe. It detects and mitigates attacks in under 3 seconds on average, ensuring an ultra-fast response, even for large-scale attacks.
Mitigation of complex attacks
DDoS Protection offers sophisticated algorithms for automated attack mitigation. It’s suitable for medium-sized businesses to companies that use Azion in mission-critical systems, with a direct impact on business results, and that want protection against any volume of attack.
Go to DDoS MigrationInfrastructure and DNS Protection
DDoS Protection provides Infrastructure Protection and DNS Protection, ensuring the security of your entire Autonomous System (AS) infrastructure and Domain Name System (DNS) service.
Infrastructure Protection secures your Autonomous System Number (ASN) infrastructure against DDoS attacks. The mitigation of DDoS attacks against your infrastructure is performed using Border Gateway Protocol (BGP) and can be activated during an attack or remain always-on.
DNS Protection safeguards your DNS service from DDoS attacks. By keeping your DNS origin server hidden and spreading Azion’s DNS servers to the internet, you’ll rely on Azion to ensure the continuity of your services. The Azion DNS service is distributed in many different geographic locations and has protection against DDoS attacks.
Azion’s DNS servers get their configuration from the customer’s origin server, whether it’s inside their infrastructure or in the cloud. If your infrastructure already uses the DNSSEC extension, you can count on DDoS Protection without giving up the guarantee of integrity and authenticity of your records, thus providing security and availability for address resolution for your business. Other TCP/UDP applications encapsulated in HTTP can benefit from the same level of protection via reverse proxy.
Attack visibility
DDoS Protection offers complete visibility of application attacks through Azion Console or Azion API to be able to view the attack volume. In conjunction with the Security Response Team (SRT), you’ll have access to post-event analysis and investigations.
Security Response Team (SRT)
DDoS Protection offers 24/7 access to Azion’s Security Response Team (SRT). The team can be contacted during or after an attack, or even preventively, in the construction of customized rules. This service is available as an add-on for Enterprise and Mission Critical service plans. Whenever contacted, the SRT will support you in incident triage, root cause identification, and application of necessary mitigations on your behalf.
Limits
These are the default limits:
| Scope | Limit |
|---|---|
| Bandwidth traffic | Unmetered |
Contributors
