DDoS Protection

DDoS Protection is an Edge Firewall module that protects your applications against Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks, at the network and transport layers (layers 3 and 4 of the OSI model, respectively).

At Azion, DDoS Protection is unmetered. It offers protection against DoS and DDoS attacks with unmetered bandwidth. This means that, no matter how much DDoS attack traffic is directed to your edge applications, or to the Azion infrastructure, the Azion dedicated network will guarantee that all services are constant and not affected by the attack. As it’s unmetered, mitigation using this protection won’t appear on billing. For more information regarding traffic accounting, see the pricing page.

It works by running specific algorithms directly on Azion’s distributed network to detect small attacks coming from a single IP and large-scale attacks coming from criminal botnet networks.

The mitigation of DDoS attacks is carried out by Azion and doesn’t impact the performance of its applications. Also, it doesn’t require specific configuration, but it’s possible to configure custom rules for specific detection, mitigation, and targeted attacks.

To activate DDoS Protection - Unmetered you need to have an Azion Business, Enterprise, or Mission Critical service plan. The Developer plan doesn’t offer support for DDoS Protection.

The account type configuration is available at Azion Console, going to the Account menu, located in the upper-right corner. Under Billing & Subscriptions, then on the Subscriptions tab, at the last section, Service Plans.

Learn more about Pricing and Service Plans

DDoS Protection - Unmetered advantages and characteristics

Section titled DDoS Protection - Unmetered advantages and characteristics

DDoS Protection - Unmetered is always-on. It’s continuously monitoring network flow by inspecting incoming traffic. It also provides advanced traffic analysis and signature algorithms to detect and block malicious traffic in time and with no impact on your applications.

You can also optimize protection against DDoS attacks at the application layer (layer 7) using the Web Application Firewall, an Edge Firewall module.

Flexible and customizable protection

Section titled Flexible and customizable protection

Azion will be able to apply customized rules to mitigate sophisticated attacks from the network, transport, and application layers. These rules can be applied instantly, allowing you to quickly and efficiently protect your content or application. You can implement custom rules to mitigate specific attacks, using Edge Firewall and Web Application Firewall.

DDoS Protection - Unmetered offers advanced detection, inspecting network flows, as well as monitoring each application layer for its resources delivered by Azion using Edge Firewall and Web Application Firewall. It uses advanced algorithms and Software-defined Networking (SDN) for granular detection and mitigation of DDoS attacks, such as HTTP Floods, HTTP Slow Reads, DNS Query Floods, SYN/ACK Flood, and many others.

DDoS Protection - Unmetered offers sophisticated algorithms for automated attack mitigation. It’s suitable for medium-sized businesses to companies that use Azion in mission-critical systems, with a direct impact on business results, and that want protection against any volume of attack.

Support for add-ons extensions

Section titled Support for add-ons extensions

DDoS Protection - Unmetered has support for add-ons, such as Infrastructure Protection and DNS Protection, which together guarantee the protection of your entire Autonomous System (AS) infrastructure and your Domain Name System (DNS) service.

Protecting your infrastructure with Infrastructure Protection

Section titled Protecting your infrastructure with Infrastructure Protection

The Infrastructure Protection add-on protects your Autonomous System Number (ASN) infrastructure against DDoS attacks. The mitigation of DDoS attacks against your infrastructure is performed using Border Gateway Protocol (BGP) and can be activated during an attack or remain always-on.

Protection for your DNS with DNS Protection

Section titled Protection for your DNS with DNS Protection

The DNS Protection add-on protects your DNS service from DDoS attacks. By keeping your DNS Master server hidden and spreading Azion’s DNS servers to the internet, you’ll rely on Azion to ensure the continuity of your services. The Azion DNS service is distributed in many different geographic locations and has protection against DDoS attacks.

Azion’s DNS servers get their configuration from the customer’s Master server, whether it’s inside their infrastructure or in the cloud. If your infrastructure already uses the DNSSEC extension, you can count on DDoS Protection without giving up the guarantee of integrity and authenticity of your records, thus providing security and availability for address resolution for your business.

DDoS Protection - Unmetered offers complete visibility of application attacks through Azion Console or Azion API to be able to view the attack volume. In conjunction with the Security Response Team (SRT), you’ll have access to post-event analysis and investigations.

DDoS Protection - Unmetered offers 24/7 access to Azion’s Security Response Team (SRT). The team can be contacted during an attack, after an attack, or even preventively, in the construction of customized rules. This service is available as an add-on for Enterprise and Mission Critical service plans. Whenever contacted, the SRT will support you in incident triage, root cause identification, and application of necessary mitigations on your behalf.


These are the default limits:

ScopeLimit
Bandwidth trafficUnmetered

Contributors