Home > Enterprise > Security > DDoS Mitigation

DDoS Mitigation

Network unavailability, website downtime, privacy breaches, brand damage, compromised digital assets: each one can be devastating and can cripple any organization with significant associated recovery costs.

Micron21 are pioneers in the industry and protect some of Australia’s largest companies and agencies from crippling DDoS attacks.

 

Micron21’s Advanced DDoS Mitigation Services: Comprehensive Multi-Layered Protection

In an era where cyber threats are increasingly sophisticated, Distributed Denial of Service (DDoS) attacks and other malicious activities pose significant risks to organizations worldwide. These threats can lead to network unavailability, website downtime, data breaches, brand damage, and compromised digital assets each with devastating consequences and substantial recovery costs. Micron21 stands at the forefront of cybersecurity, offering state-of-the-art solutions that encompass advanced DDoS mitigation including network-based protection across Layers 3, 4, and 7 and bot protection via our different service offerings.

Our solutions are tightly integrated with our Security Operations Center (SOC) with comprehensive Security Information and Event Management (SIEM) capabilities. Leveraging the latest advancements in technology and staffed by a dedicated team of security experts, Micron21 provides unparalleled protection tailored to safeguard your organization’s critical infrastructure.

Micron21 offers comprehensive multi-layer protection that defends against volumetric, protocol, and application-layer attacks, ensuring holistic security for your organization. Our services are powered by advanced technology, integrating the latest DDoS mitigation solutions to effectively detect and neutralize emerging threats. With over 700 Gbps of mitigation capacity directly connected to more than 1,500 networks globally, we have the capability to absorb and mitigate large-scale attacks.

Our global network of scrubbing centers—strategically located in Melbourne, Sydney, Singapore, Amsterdam, and Los Angeles—ensures low-latency, close-to-source mitigation. We utilize dedicated infrastructure for scrubbing attack traffic from clean traffic, employing high-performance equipment from industry leaders such as Cisco, NSFOCUS, Juniper, Extreme and A10 Networks. This dedicated approach optimizes performance and ensures that your legitimate traffic remains unaffected.

Micron21’s extensive peering with all major Australian networks like Telstra, Optus, TPG, AAPT, Vocus, and all major peering exchanges in Australia and internationally allows for direct network interconnections. This extensive connectivity reduces latency and improves the overall efficiency of our DDoS mitigation services. Additionally, we offer customized protection by being able to protect a single /32 IP address without the need to reroute larger /24 subnets, providing flexibility to meet your specific network requirements.

Our clients benefit from expert support through our 24/7 Security Operations Center (SOC), staffed by certified security professionals. This ensures that you have immediate access to assistance whenever you need it, further enhancing the reliability of our services.

Is your current provider’s DDoS protection the real deal or just an empty promise?

In today’s digital landscape, the threat of Distributed Denial of Service (DDoS) attacks looms large over organizations of all sizes.

While many service providers claim to offer DDoS protection, a closer examination often reveals that their solutions lack the depth and effectiveness required to combat sophisticated cyber threats.

Find out more

Why Micron21 for DDoS mitigation?

  • Proven since 2009, offering enterprise level DDoS mitigation services since 2013
  • Provided by an Australian company, which is not bound by the patriot act
  • 5 global scrubbing centres (Melbourne, Sydney, Singapore, Amsterdam, Los Angeles)
  • Ensures the integrity of mission-critical applications
  • Protection against the latest emerging threats
  • Direct support access to our Security Operations Centre (SOC) monitoring your services in real time
  • Comprehensive protection for remote online services or entire networks
  • Multi-enterprise vendor mitigation solutions include Brocade, NSFOCUS, Juniper and A10 provide a superior protection platform
  • 700gbit of mitigation capacity directly connected to 1500+ networks globally
  • Domestic traffic within each scrubbing region is cleaned within the region, avoiding increased latency and additional international traffic rerouting
  • Global Multiprotocol Label Switching (MPLS) network for optimal routing of clean traffic across regions
  • 'Always on' or 'on demand' reliable protection services
  • We can protect a single /32 route if required, without rerouting a /24 advertisement

Advanced Bot Protection and HTTPS Attack Mitigation

In today’s digital landscape, malicious bots have become a pervasive threat, often used to launch sophisticated HTTPS attacks that can bypass traditional security measures.

Recognizing the significance of this threat vector, Micron21 has integrated advanced bot protection mechanisms into our DDoS mitigation services to safeguard your web applications and APIs.

Find out more

Advanced Protection Features 

Comprehensive, Stateless, Multi-Layered Protection

Micron21’s DDoS mitigation services provide comprehensive, stateless, multi-layered protection against volumetric, application, and web application attacks. Our stateless architecture allows for rapid processing and analysis of packets without the overhead of maintaining session states, enabling high-performance defense mechanisms. We support multi-protocol environments and offer advanced inspection capabilities, effectively mitigating attacks across TCP, UDP, ICMP, HTTP, HTTPS, DNS, and SIP protocols.

Our protection extends to a wide array of attack vectors, including amplification attacks like NTP, SSDP, SNMP, CHARGEN, and Memcached. We also defend against fragment floods, connection exhaustion attempts, header manipulation, and carpet-bombing attacks. By integrating with Threat Intelligence Feeds, we stay ahead of emerging threats, utilizing real-time data on malicious IPs, botnets, and attack patterns.

Specialized DNS and HTTPS Protection

Understanding the critical role of DNS and HTTPS in modern networks, we provide specialized protection mechanisms for these services. For DNS, we implement DNS rate-limiting, DNS TCP-bit checks, DNS CNAME checks, DNS retransmission controls, and DNS keyword checking to prevent abuse and amplification attacks. Our defenses against random subdomain attacks ensure the integrity and availability of your DNS infrastructure.

For HTTPS traffic, we offer advanced security measures including HTTPS keyword checking, HTTPS authentication, HTTPS dynamic script analysis, and HTTPS frame check sequence (FCS) checks. We utilize HTTPS pattern matching and guard against HTTPS slow attack checks, such as Slowloris attacks that aim to exhaust server resources. Our HTTPS SSL connection control ensures secure and efficient handling of encrypted traffic without compromising on performance.

IP Behavior Analysis and Trusted Source Verification

Micron21 employs sophisticated IP behavior analysis to monitor and assess the legitimacy of incoming traffic. By analyzing patterns such as connection rates, geographic origin, and packet anomalies, we can identify and mitigate suspicious activities. Trusted source IP control allows us to prioritize traffic from verified sources, enhancing the efficiency of legitimate communications.

Additionally, our systems perform empty connection checks to detect and block attempts to consume server resources with incomplete or malicious connections. For Voice over IP services, we provide SIP authentication to secure against protocol-specific attacks.

Detect, analyse and mitigate DDoS attacks. JOIN MICRON21 NOW

Micron21’s DDoS Mitigation Algorithms and Techniques

Our DDoS mitigation strategies are underpinned by a suite of sophisticated algorithms designed to detect and neutralize threats effectively.

Rigorous Protocol Compliance and Filtering

We perform RFC (Request for Comments) checks to ensure that all network traffic adheres to established internet protocol standards. This helps us identify and discard malformed or malicious packets that deviate from expected behaviors.

Our systems leverage blacklists, Threat Intelligence (NTI) blacklists, whitelists, GEOIP filter lists, and access control lists to allow or block traffic based on reputation and geographic origin.

Advanced TCP and UDP Protection Mechanisms

For TCP traffic, we employ techniques such as regular expression filtering and TCP SYN source IP rate limiting to manage and mitigate SYN flood attacks. We monitor TCP SYN bandwidth limits, perform TCP SYN time sequence checks, and apply TCP fragment controls to ensure the integrity of TCP communications. TCP watermark checks and pattern matching enable us to detect and block sophisticated attack patterns targeting TCP protocols.

In UDP traffic, we implement regular expression filtering and payload checks to scrutinize the contents of packets. UDP fragment control and packet length checks help us identify and mitigate attempts to exploit the UDP protocol. We also utilize UDP traffic control, watermark checks, and pattern matching, along with reflection amplification rules, to guard against reflection and amplification attacks that can overwhelm network resources.

Comprehensive Detection of Diverse Attack Vectors

Our algorithms are designed to detect and mitigate a wide range of attack vectors, including SYN floods, ACK floods, UDP floods, ICMP floods, IGMP floods, HTTP/HTTPS floods, DNS attacks, LAND attacks, SIP floods, and attacks exploiting protocol anomalies such as protocol null and TCP flag misuse. We defend against DNS query and response floods, NTP amplification, SSDP amplification, SNMP amplification, and CHARGEN amplification floods.

By monitoring for private IP abnormalities, traffic anomalies, and utilizing auto-learning baselines, we can detect deviations from normal traffic patterns. Our systems assess regional or IP group inbound and outbound traffic abnormalities, enabling us to respond swiftly to localized threats. False source IP detection helps us identify and block spoofed IP addresses commonly used in DDoS attacks. Integration with Threat Intelligence feeds enhances our ability to proactively defend against emerging threats.

Programmable Protection Rules

Micron21’s platform supports programmable protection rules, allowing for customized mitigation strategies tailored to specific network environments. This flexibility enables us to adapt quickly to new attack methods and to fine-tune defenses based on the unique traffic patterns of each client.

Reporting and Analytics

Micron21 provides comprehensive reporting and analytics to give you full visibility into your network’s security status. We track attack events, provide detailed attack summaries, and analyze traffic trends to offer insights into the nature of threats against your network. Our extensive logging captures data on attack summaries, traffic alerts, performance metrics, link states, and authentication activities.

Our reporting capabilities include both real-time and historical reporting, allowing you to monitor ongoing threats and review past incidents for trend analysis and strategic planning. We offer scheduled reports by email, ensuring that key stakeholders receive regular updates on the security posture of your network. This level of transparency empowers you to make informed decisions about your security strategies and resource allocation.

Compliance and Certifications

Micron21 is committed to meeting the highest standards of compliance and certifications. Each of our scrubbing locations is Information Security Registered Assessors Program (IRAP) certified, meeting stringent Australian government security standards.

As an Australian-owned company, we are not subject to foreign data access laws like the USA PATRIOT Act, ensuring your data remains sovereign and protected under Australian law.

For our European clients, we adhere to the General Data Protection Regulation (GDPR), ensuring data privacy and protection in compliance with European standards. Our commitment to compliance ensures that your organization meets its regulatory obligations while benefiting from our advanced DDoS mitigation services.

Service Offerings

Micron21 offers a range of DDoS Protection service offerings to meet the diverse needs of our clients. Our always-on DDoS protection provides continuous monitoring and instant mitigation of any detected attacks, ideal for organizations requiring uninterrupted service and immediate response times. For businesses with lower risk profiles or budget constraints, our on-demand protection offers flexible activation of mitigation services upon detection of an attack.

Our DDoS Protection services involve traffic redirection, where malicious traffic is diverted to our scrubbing centers, cleaned, and legitimate traffic is forwarded to your destination. This seamless integration has minimal impact on your existing network architecture and is easy to deploy. For website and application protection, our remote protection services provide DDoS mitigation without the need for network changes, using DNS-level redirection to route traffic through our scrubbing centers.

For each of our DDoS Protection services, you can customize the level and type of protection to meet your specific needs, as well as select the preferred level of monitoring and support.

Deployment and Integration

Micron21’s DDoS mitigation services are designed for rapid deployment, with quick setup requiring minimal changes to your existing infrastructure. Our solutions are scalable, tailored to organizations of all sizes—from small businesses to large enterprises. Our team of experts provides guidance on best practices and optimal configurations for your specific needs, ensuring a seamless integration with your network.

Global Network and Connectivity

Our global network and connectivity are key strengths of Micron21’s DDoS mitigation services. We have extensive peering with major ISPs and peering exchanges globally, reducing latency and improving performance. Domestic scrubbing ensures that attack traffic originating within a region is mitigated locally, avoiding unnecessary latency from international routing. Our use of BGP Anycast routing distributes incoming traffic across multiple scrubbing centers for load balancing and redundancy, enhancing the reliability of our services.

Want to know more?
 
What is ‘On demand’ automatic?

Threats are detected by our mitigation platform via a deployed onsite virtual appliance. The appliance identifies cyber-attacks within seconds using a combination of flow analytics (Netflow, SFlow, JFlow) and custom tuned base lines of normal traffic within the network.

Analytics and threat reports are then provided without exporting any data outside of the network, maintaining network security, compliance and integrity. This more specific route advertisement allows Micron21 to funnel traffic directly from the source towards our global scrubbing centres.

After receiving traffic, we surgically separate unwanted from clean traffic. Clean traffic is then safely returned to the protected network via the customer's choice of cross connection and our global MPLS network. This process happens transparently to the end user and is activated within seconds.

Once the threat subsides, the virtual appliance removes the injected route, notifies of the mitigated attack and returns routing traffic to its previous state. The virtual appliance is extremely configurable. It features custom thresholds for different types of attacks and alerts, and is capable of monitoring an entire network.

What is ‘On demand’ manual?

With complete control, you identify threats using your preferred method and advertise the specific /24 routes under attack via Border Gateway Patrol (BGP) towards Micron21. You withdraw routes manually to enable protection.

On demand manual service offers:

  • Custom protection levels, with user-defined protection parameters based on specific requirements.
  • Transparently configured service, with no other trace of network rerouting other than BGP paths.
  • Between 20 seconds to a maximum of two minutes for Global BGP convergence and complete mitigation.
  • A physical or virtual cross connection at any Micron21-enabled Data Centre or a bi-lateral BGP session on major peering exchange across the world.
  • Flexibility of providing mitigation services via a dedicated GRE tunnel.

In always on mode you receive all the features and functions of our demand protection platform with the added benefit of traffic always being routed via Micron21 global network: essentially an IP transit service.

This service eliminates the need for routing traffic and waiting for BGP to update globally when an attack is detected. It provides real-time superior protection for every packet entering your network via Micron21.

Our always on service can be used in combination with existing upstream suppliers to provide your network with a blended service. For instance, use Micron21 for clean international capacity or known targeted IP ranges within your network, while still maintaining existing local transit providers for domestic traffic.

Soak and Scrub Protection Options Explained.
  • Clean traffic refers to the total volume of traffic forwarded to the client's network after surgical DDoS mitigation has removed the unwanted traffic.
  • Guaranteed protection is the amount of protection which is guaranteed for sustained attacks 24 hours a day. Typically, guaranteed protection is designed for low volume persistent attacks and not large UDP flood attacks which are rare and always short in duration.
  • Burst protection refers to the amount of additional protection a service receives in order to protect against large-scale short-duration flood attacks that typically last from ten minutes to an hour.
  • Burst duration refers to the amount of time a service is allowed to burst above the guaranteed protection level per attack.
How to activate a Soak, Scrub and Polish Service.

Switch the DNS record of the application you want to protect to a Virtual IP (VIP) address provided by Micron21. All inbound application traffic will then be routed to Micron21 global scrubbing centres where it will be analysed and surgically inspected. Any Layer 7 attack traffic will be eliminated, and legitimate traffic will be passed on to your infrastructure, ensuring non-stop availability for your critical applications.

Mitigation layers.
  • High-speed global close to source filtering defends against bandwidth flooding using wire-speed mitigation hardware.
  • Protocol Verification filters packets by verifying that Layer 3 network switching and routing protocols and layer transport protocols are being used correctly, enabling it to mitigate packet floods.
  • Deep Packet Inspection (DPI) filters out SYN flood and similar attacks attempting to exploit TCP/IP protocol vulnerabilities by examining the packet header and information all the way down to the application layer.
  • Adaptive filtering and signature matching uses both statistical analysis and anomaly recognition to guard against zero-day attacks.
  • Application-level Filtering blocks HTTP traffic that does not conform to protocol specifications
  • Progressive Challenge-Response algorithms are employed to further distinguish between spoofed and legitimate traffic.
  • Intelligent HTTP Malformed Filtering mitigates application-specific level attacks in real time.
  • Flexible Content Filtering deters morphing HTTP Flood attacks by adapting flexible-content filters to rapidly counter evasive intentions.
  • Rate Limiting further limits the exploitation of system and bandwidth resources against baseline statistics.
  • Web Application Firewall (WAF) protects web applications, mobile apps, and application program interface (API) apps against common threats such as OWASP Top 10 Attacks.
  • Caching serves as the last layer of protection to absorb unwanted attack traffic, if any, that may have slipped through the preceding layers.

Come see us for yourself.

Book a tour to our state-of-the-art Tier IV Data Centre

Need Help?

Speak to one of our Australian-Based Team now

Sign up for the Micron21 Newsletter