SBN

Balancing Protection with Performance to Double Down on DDoS

Combating DDoS attacks with the highest quality of mitigation means having the right platform, processes, and people in place. At Akamai, we’re recognized as a leader for DDoS mitigation solutions based on our Edge DNS, CDN edge-scrubbing, and cloud-scrubbing platforms that are designed to keep your internet-facing assets, services, and critical infrastructure protected.

With the upcoming Akamai Platform Update, we are showing our continued commitment to investing in the platform technologies and scalability that differentiate Prolexic from other DDoS mitigation providers. And the time to deploy DDoS security controls is now. Because the internet powers today’s digital economy, DDoS adversaries are highly motivated to disrupt organizations of all sizes and across industry verticals. These bad actors are increasing the number of attacks and evolving their tactics and techniques — as seen with the latest global DDoS extortion campaign.

For today’s security leaders, it’s clear you must reduce risk and minimize attack surfaces in order to strengthen your security posture — without sacrificing performance. To help you accomplish that, we’ve enhanced our purpose-built Prolexic platform, allowing enterprises to strike the optimal balance between DDoS defense and performance while still reducing risk and the effort required to secure internet-facing assets. 

Attacks can last hours, and extortion campaigns can last weeks, taking a toll on enterprise defenders and consuming incident response resources There’s already so much to stress about right now. We get it — and we’re here to help.

A new scrubbing center in South America

We expanded the Prolexic platform with our new São Paulo, Brazil, scrubbing center, increasing the total number of global cloud scrubbing centers (CSCs) to 20 centers worldwide, with plans for additional locations in the future. The new Brazil location also supports provisioning of Prolexic via the Equinix Cloud Exchange.

Security_Blog7_Day3.jpg

Akamai Prolexic customers now have in-region access to our proprietary, globally-distributed DDoS mitigation platform via multiple tier 1 providers and peering partners. By building this new CSC, we are allowing traffic to remain local and helping to reduce latency and improve mitigation performance for our Prolexic customers.

The Brazil location adds even more strength to Prolexic’s purpose-built DDoS mitigation platform. The new scrubbing center is backed by 24/7 global SOCC attack support and dedicated 8.3+Tbps of cloud-scrubbing capacity to keep your networks, applications, and business-critical services protected.

No /24? No problem with Prolexic platform defense

Today’s threat actors have a diverse arsenal of attack tools and techniques, with no shortage of DDoS vectors to leverage. But for organizations with less than a /24 subnet and/or fragmented IP space, deploying security controls and managing a consistent posture across disparate back-end environments proves challenging. Not anymore.

As part of the Akamai Platform update, we are introducing Prolexic IP Protect — designed to simplify DDoS protection for small subnets or single IPs. The launch offers expanded on-ramp access to the Prolexic platform and includes protection for services and applications beyond traffic designated for port 80 (HTTP) and port 443 (HTTPS). With Prolexic IP Protect, customers can deploy DDoS defense for all ports and protocols, including UDP, TCP, GRE, ESP, etc.

Additionally, each virtual IP address (VIP) can be mapped to any backend with one of four configurations: 1) a single specific port, 2) a port range (up to 100 ports per customer back-end IP address), 3) comprehensive, multi-port protection (up to 100 ports per customer backend IP address), or 4) can be configured to a traditional FQDN (CNAME). Flexibility with multiport assignments simplifies VIP-to-backend-IP management and protects any backend origin IP, regardless of the hosting infrastructure (private or public).

Security_Blog7_pic2_Day3.jpg

Control and visibility where you need it most

Prolexic IP Protect enables users to make configuration changes to Akamai-provided VIPs to allocate, manage, and update backend IPs (IPv4 and IPv6) and ports — all without requiring a service representative. Additionally, we have enhanced the visibility into network traffic for any VIP or subnet in terms of packets per second (pps) and bits per second (bps) to support unified reporting capabilities in Akamai Control Center. 

This /32 data can be integrated into a customer’s security information and event management (SIEM), billing systems to enrich data analytics, business intelligence, or threat intelligence platforms via our 100+ APIs. Unlike many CSP hosting environments, Prolexic IP Protect offers transparent visibility into network traffic flows for more robust reporting.

Single pane of defense streamlines hybrid protection

We know modern enterprises are challenged with managing a consistent security posture and workflow as applications and workloads are migrated to the cloud. For organizations actively moving beyond traditional data centers, Prolexic IP Protect offers uniform protection for any back-end infrastructure behind our VIPs, helping ensure a consistent security posture. 

This capability prevents customers from having to manage multiple security policies, requirements, operational due diligence, dedicated cloud resources, and troubleshooting across various CSPs or third party colocation partners. Prolexic IP Protect combines a unified SOCC experience with centralized reporting to help organizations reduce the complexity of their security-stack and attack surface. In today’s landscape, it’s all about relieving the pressure. 

Common Prolexic IP Protect Use Cases:

  • Protect enterprise assets and services that fall outside of a /24 IP space (VPN concentrators, remote work endpoints, etc.)
  • Emergency onboarding for organizations under active attack or threat of an attack
  • Web gateway protection for inbound SD-WAN or VPN traffic
  • Internet-facing applications requiring multiple ports for the same VIP and/or port ranges
  • Protect gaming environments requiring multiport UDP assignments for establishing play sessions

We hope our updates to the Prolexic platform reinforce your confidence in our ability to provide the highest quality of DDoS mitigation with the highest performance in the industry.  As a leader in cloud-based DDoS mitigation, our goal is to offer best-in-class solutions that not only simplify protection but also respond to the evolving needs of our customers’ digital environments. As trusted advisors on all things DDoS, we’re here to help you fight back, together.

There will be more opportunities to engage with us on this and more at Edge Live | Adapt. Sign up to see how customers are leveraging these improvements, engage in technical deep dives, and hear from our executives how Akamai is evolving for the future.


*** This is a Security Bloggers Network syndicated blog from The Akamai Blog authored by Susan McReynolds. Read the original post at: http://feedproxy.google.com/~r/TheAkamaiBlog/~3/sqKxDufFHN0/balancing-protection-with-performance-to-double-down-on-ddos.html