Geographically distributed multilevel system for detecting and mitigating network layer DDoS attacks that exploit DNS, ICMP, TCP and UDP protocols. All incoming network traffic is analyzed in real time. When the traffic characteristics resemble a DDoS attack, the system automatically activates mitigation employing Arista 7508R, Cisco and Arbor network firewalls. Our data center infrastructure capacity is 15 Tbps, which allows absorbing large traffic volumes during the attack. Efficient against such attacks as SYN Flood, UDP Flood, Memcached Amplification, IP Fragmentation, DNS Flood, DNS Amplification, and their varieties.
Multilevel system for detecting and mitigating application layer DDoS attacks that exploit HTTP and HTTPS protocols. All incoming traffic is analyzed at the network stack level using proprietary statistical and behavioral modules capable of self-learning from any type of attack. To more accurately detect anomalies, the system collects the signatures of all known DDoS attacks and records the legitimate user behavior maps and request frequency. When a threat arises, the system automatically activates the filtering rules including JavaScript Challenge, slowing down suspicious requests, source blocking, etc. Efficient against such attacks as HTTP/S Flood, Slowloris, Slow Post, and their varieties.
Detecting and filtering undesired bots and parsers and preventing brute force are based on checking if the request source is using a browser: cookies, JavaScript, window size, etc. If the bot’s IP address doesn’t pass the browser test, is not on the customer’s whitelist as well as the whitelists of search engines, payment aggregators, trackers and other useful systems whose bots may access the site, then this IP is flagged as undesired and its access is restricted. For bots mimicking full-featured browser, additional customizable rules are applied to limit the access.
Our servers are located at the world’s largest and most reliable data centers, OVH and Voxility. The main filtering points are located in Germany, France, Romania, UK, Canada, and US. Total channel capacity exceeds 15 Tbps, which allows filtering even the most voluminous and long-lasting attacks.
All incoming traffic is analyzed by filters that operate in standby mode both on network and application layer. This allows instant detection and response to a DDoS attack. Mitigation and filtering start from the first seconds of the attack and stop after its complete localization. This allows preventing illegitimate connections and requests from reaching the customer’s server.
When developing the protection algorithms, our engineers fully realize the fact that each website has its peculiarities. Filter setting flexibility allows specifying the rules for each website individually taking into account the legitimate user experience. These measures allow minimizing false positive defense activation rate.
We have developed our own service control panel in Python and Angular. Detailed graphs with statistics on requests and traffic are available in the panel. Added the ability to manage the service, certificates, caching and whitelisting. And for clients using our failover NS-servers, DNS-record management is implemented.
- Finance Projects
- Online Stores
- Media & Blogs
- Services
Protection is adapted to popular scripts for finance projects, and filtering process is sensitive to their features.
Payment system aggregators are already whitelisted, so their additional setup is not required.
We provide dedicated IP addresses for required region and support for Websocket filtering.
We respect and guarantee customer’s anonymity. You may choose from a number of convenient payment options.
Protection is adapted to popular online store CMSs, and filtering process is sensitive to their features.
Website work acceleration by static file caching and improving behavioral factors.
The maps of legitimate user behavior ensure low false positive rate.
Payment system and search aggregators are already whitelisted, so their additional setup is not required.
Protection is adapted to popular CMSs for media and blogs, and filtering process is sensitive to their features.
News and search aggregators are already whitelisted, so their additional setup is not required.
System resilience to large traffic volumes allows latency-free processing of legitimate visitors.
Static file caching allows significantly lowering customer’s server load and optimizing costs.
Protection is adapted to popular frameworks for service development, and filtering process is sensitive to their features.
You can manage whitelists for more flexible script settings without damage to legitimate users.
Significant lowering of costs for on-premise infrastructure owing to request optimization and static file caching.
HTTP/2 and Websocket support and load balancing for the stable operation of large and complex online projects.
-
1 domain under protectionUp to 5 subdomains25 Mbps legitimate traffic?
Legitimate traffic bandwidth included in the plan. Calculated for 95th percentile monthly. Excess is not limited.
Unlimited filtering bandwidthDedicated IP addressCustom SSL certificates?Free Let’s Encrypt certificates and support for third-party SSL certificates provided by the customer
Protected DNSHTTP/2 supportWebsocket supportAccelerating site’s work?Brotli/Gzip compression and static content caching
Guaranteed uptime: 99,8%Support response time: within 60 minutes
-
All benefits of Starter plan
-
Up to 10 subdomains
-
50 Mbps legitimate traffic?
Legitimate traffic bandwidth included in the plan. Calculated for 95th percentile monthly. Excess is not limited.
-
Extended DDoS protection
-
Unused IP address
-
Brute force protection
-
Content parsing protection
-
Load balancing: 2 servers
-
Uptime monitoring
-
Guaranteed uptime: 99,9%
-
Attack notifications
-
Support response time: within 30 minutes
-
All benefits of Professional plan
-
Unlimited subdomains
-
100 Mbps legitimate traffic?
Legitimate traffic bandwidth included in the plan. Calculated for 95th percentile monthly. Excess is not limited.
-
Expert support
-
Individual filters
-
Web Application Firewall
-
Load balancing: up to 10 servers
-
Guaranteed uptime: 99,99%
-
Personal manager
-
Telegram support
-
Support response time: within 15 minutes
IP address