To do so, VeriSign works with the customer to establish a dynamic profile of its Internet traffic. Deviations from the established customer profile that exceed pre-defined thresholds automatically activate an alert for VeriSign 24/7 security teams, enabling VeriSign to respond to new and one-of- a-kind attack profiles.
Traffic Patterns
To do so, VeriSign works with the customer to
establish a dynamic profile of its Internet traffic. Deviations from the
established customer profile that exceed pre-defined thresholds automatically activate
an alert for VeriSign 24/7 security teams, enabling VeriSign to respond to new
and one-of- a-kind attack profiles.
Mitigation
Because timeliness is critical to protecting
Web-based services, VeriSign works with the customer during the initial set-up
and testing phases to seamlessly implement a combination of off-ramping,
filtering, and on-ramping as needed to address the problem.
Off-Ramping Traffic
VeriSign security experts redirect Internet
traffic destined for the customer to Internet Defense Network sites, so the
traffic reaches VeriSign first. VeriSign offers several methods for off-ramping
traffic, including BGP announcements or changes to customer Domain Name System
(DNS) records.
Optimal solutions vary by customer and depend
upon the size of the customer network, the types of services they utilize, and
a host of other considerations.
Progressive Filtering
VeriSign employs a layered Fig approach to
traffic filtering that progressively enhances rule sets over time. Instead of
blocking all traffic to a customer, VeriSign helps legitimate traffic reach its
intended destination.
Multiple filters are applied at various layers
of the OSI stack. Although some attacks can be mitigated by implementing
filters at the network layer, complex attacks now require analysis and
filtering up through the application layers. VeriSign is able to complement
commercially available products with custom, in-house development to create a
world-class DDoS mitigation solution.
Ultimately, malicious traffic is blocked while
filtered traffic is sent to your network, helping you sustain normal business
operations.
On-Ramping Traffic
Once traffic is “cleaned,” VeriSign redirects
it from the Internet Defense Network site to the customer’s network. VeriSign
network architects work with the customer to establish the best method for
redirecting legitimate traffic back into its network, such as GRE tunneling,
establishing a Virtual Private Network (VPN), or directly connecting to a site.
What Can
It Do?
It’s simple. VeriSign Internet Defense Network
can help protect User online operations. User will have peace of mind knowing
that legitimate users— including their employees and customers—can always
access User’s Web Site, email, and other services.
Preventing a DDoS attack can save thousands,
even millions, in lost revenue. It can also help keep your organization’s
brand, and reputation, strong.