DDoS Defense Platinum Rounds 360° Defense Strategy
Max Roettgermann, Senior Product Manager IP Transit and DDoS Defense at Deutsche Telekom Global Carrier, describes the organization’s newest solution in the fight against the ever-growing threat of cyber criminality.
At Deutsche Telekom Global Carrier we’ve just launched a really exciting, innovative new service as part of our 360° Defense Strategy. It is the very first carrier-grade, inline, always-on DDoS defense solution that cost-effectively handles volumetric and application attacks even in the terabit range.
We call it DDoS Platinum – a powerful solution that makes it easier, faster and less expensive than ever before to ensure organizations are protected from cyberattacks.
1. On Premise DDoS Protection
Normally, to combat large scale or sophisticated application or multi-layer attacks, a series of steps need to be taken. A typical scenario looks like this: When questionable IP traffic comes in, it goes through the customer’s on-premise device.This filters or blocks small attacks before allowing it to move into their infrastructure.
2. On Premise with Backbone Protection
The local device, however, has a limit. So if an attacker steps up their attack and the on-premise equipment has reached its capacity, it signals for help. At that point our backbone-based mitigation solution is automatically activated. It then ‘washes’ out the bad and sends it back along its normal route.
3. DDoS Defense Platinum
Now, with DDoS Defense Platinum, we have basically moved the function of an on-premise device directly into our backbone network. So no hardware is needed at the customer site – making it the first time such a service has been provided by a carrier without any hardware needed at customer premises.
4. DDoS Defense Platinum + Backbone Protection
DDoS Defense Platinum then works in much the same way as described above. It acts as the on-premise tool which, if it needs help for larger attacks, activates our backbone protection. This is a great benefit, as on-premise solutions are expensive, have long delivery times and take up space. Which is why many organizations take their chances with a backbone-based DDoS defense service alone.
DDoS Defense Platinum is actually an equipment cluster, located in Germany within the core of Deutsche Telekom’s network. It provides significantly more capacity than any on-premise device could offer. If traffic reaches even this higher threshold, it signals for help to our backbone solution, which is spread over 15 global locations. A preliminary filtering is done, and then traffic is sent back to DDoS Defense Platinum for a final washing.
At this point some of you may be asking why such local devices are needed at all. Actually, they are the only way to mitigate application layer and state exhaustion attacks. That’s because they are always on and so ensure real-time and automatic protection. But they are only really effective for large attacks when they work together with mechanisms such as our backbone protection. And backbone solutions alone are also not completely effective. That’s because they are not as precise as local solutions and they cannot always be on, as they would use too many resources.
DDoS Defense Platinum is the perfect answer to combat heavy-duty attacks. It significantly reduces the expense of on-premise devices and is simple to implement. It also eliminates the sometimes very lengthy waiting time of on-site installation. With DDoS Defense Platinum, Deutsche Telekom Global Carrier provides the capability of permanently connected, inline DDoS mitigation at an affordable price.