BGP network DDoS protection. The self service web portal with integrated API functionality will offer users the best possible network infrastructure BGP DDoS protection.
Terabit-Level DDoS protection to protect an unlimited amount IP subnets. This high volume DDoS protection cloud service will cover any kind of DDoS attack for a fixed fee without any hidden cost afterwards.
DDoS protection packages
Every package will contain DDoS protection and the Web Application Firewall functionality. For example, it does not matter if you get 1 or 100 DDoS attacks a month, your package pricing will always be the same.
The main differences between all packages are the amount of inbound (clean) data traffic and the amount of Safe zones which can created. In all cases the total amount of DDoS attacks is unlimited.
* Ordering can be performed by emailing to firstname.lastname@example.org or requesting a trail. After a few days a sales person will contact you to arrange the contract paperwork.
Try or buy
With the form below you can request a 14 day free Tin package trail. During this test period our engineers will assist with getting started, for example by configuring BGP, creating your GRE setup, creating your personalized security layer and answer all your specific questions. After the first 14 days you can deside if you want to buy the DDoS protection service or not.
IP network DDoS protection connection methods
Every conection method is possible, you can even use one or multiple methods simultaneously.
- Connect by GRE tunnel to protect your remote datacenter
Remote connections can be made by redundant GRE tunnel. Incoming or outgoing data-traffic will passes Serverius and will be cleaned for you. You can use as many GRE tunnels you want, to different Serverius routers.
- Forward all web request by web proxy to a (private) Serverius IP
- Your private IP subnets announced by the Serverius AS50673 network
- Using Serverius IP shared subnets
- Direct fiber to announce your own IP subnets under your own ASN by BGP
- Carrier VLAN (NL-IX/SpeedIX/RETN/DCspine/Zayo)
Configurable technology at your fingertips
The only person who knows which services are running on its IP subnets is the network IP administrator. Based on what is running on a IP subnet, he should be able to create it’s own DDoS protection defense layer for it. Therefore Serverius its self service web portal offers tunable features to configure everything yourself.
Custom made IP security
Users can create a personalized protection environment called Safe Zones. Every Safe Zone can hold one or multiple IPv4 (up to a /32 up to a /19) and IPv6 subnets where multiple security feature can be enabled. This way the user can create specific configuration per IP, per software application, per Web Application.
The most important layer is the “baseline” protection layer (see image next to this text) where you can set all possible checks for TCP/UDP/ICMP/DNS/SIP/HTTP/HTTPS and other type of data traffic and protocols.
Include & exclude IP subnets
When you are using the Serverius DDoS protection to protect your private IP infrastructure, you can forward all data traffic transparently and enable protection for smaller subnets like a /32 single IP address. It’s even possible to exclude IP subnets from larger subnets.
Attack packet capture
When you are under attack you can capture packets and download them as .pcap files. This will help you to evaluate your attacks and make your protection layer even better.
Geographically IP blocking.
A location policy can permit, block, or implement traffic limiting for traffic of a country or a region.
Many attacks on the Internet are launched by attacks by controlling zombie hosts. These zombie hosts may be centrally located in a specific region. A location policy can block or implement traffic limiting by region, effectively prevents attacks from a specific region. In addition, a location policy can take the pass action on traffic from a trusted region.
Also, if you want to allow only one or more countries you can block all countries and allow only the countries you prefer.
Filters (firewall rules)
Filters are like firewall rules, they will allow users to adjust their security layer to their IP subnets. It can block or rate limit data traffic like firewall rules. As a result it will make a Safe Zones even more personal. Mostly it’s used to block specific types of data traffic and it’s the essential tool-set to win the play of cat and mouse attacks.
Self learning user baseline
To achieve best possible protection level and to avoid any false positive, all configuration thresholds should be periodically tuned to match the safe zone traffic. Therefore the user specific thresholds can automatically be tuned by the “baseline learning mode”. The system will analyze the traffic of the safe zone for a period of time and will adjust the thresholds based on the analytic results.
Note: when a defense is enabled the protection system will only collect statistics on the traffic and will activate the defense mechanism only in case the traffic exceeds the threshold.
Learning Cycle (Days) : This value indicates the period of time for each learning cycle. The learning result is applied to the defense policy only after such a learning cycle ends.
Value Is Larger Than the Current Value the system automatically applies baseline learning results to defense policies once the learning cycle ends if the recommended value is larger than the current value.
IP reputation protection
Tracking of most active 5 million zombies and automatic daily update of the IP reputation database to rapidly block attacks; local access IP reputation learning to create dynamic IP reputation based on local service sessions, rapidly forward service access traffic, and enhance user experience.
Attack signature database
RUDY, slowhttptest, slowloris, LOIC, AnonCannon, RefRef, ApacheKill, and ApacheBench attack signature databases; automatic weekly update of these signature databases
Full featured rest API
Almost all functions of the Cybersecurity portfolio are available by API. Therefore users have the ability to automate their protection and integrate it into their own client environments. More at: api.serverius.net
Connect by GRE tunnel to protect your remote datacenter
Remote DDoS protection can be established by GRE tunnel. This way you can connect and protect your own data center network infrastructure. Incoming data-traffic will first passes through Serverius and will be inspected. Only cleaned data-traffic will be sent back to your network by GRE tunnel.
Your router can use a redundant GRE tunnel. One GRE to Serverius router-A and one GRE tunnel to Serverius router-B (both Serverius routers are located at different datacenter facilities). If you have redundant routers or multiple datacenters, you can connect all of them with redundant GRE tunnels. All you need is only one single DDoS protection package.
Note: BGP Layer 3 users can also use their GRE tunnel as a BGP IP transit uplink. Simply by announcing their IP subnets without enabling their IP subnets for DDoS protection. And in case of a DDoS attack, the IP protection can be simply enabled with a single mouse click or API call.
One-to-one personal training
The easy to use a DDoS protection package in the customer portal together with personal training and default support by the NOC engineers are based on the principle “if you can do it yourselves, you should do it yourselves by the client panel. But if needed, you can rely on the default Serverius NOC support”. Therefore you don’t need to be highly skilled to manage your own protection environment, everyone with basic IT knowledge can work with our DDoS protection client panel.
At the first your will be a littlebit overwhelmed by the amount of functionality, but after one or two hours you will understand most of them and see the advantage of it all. The free one-to-one training (for paid service users) will normally take 2 hours. It can take place by telephone, chat or at one of the Serverius office meeting rooms or private location (travel cost will be invoiced as an extra).
DDoS protection SLA packages
“The 24×7 available support service will assist to outsource your monitoring and management and use years of technical knowledge by a team of engineers”
The Serverius 24×7 NOC support service is a ready-to-use SLA service which can be used to outsource all monitoring, management and knowledge to Serverius.