With Always-on and On-demand modes, you can customize ZENEDGE security to your current needs. Both options provide you with automatic mitigation in case of an attack, ensuring that you're never left vulnerable.
Specifically designed for the protection of entire networks, service providers and data centers, our high capacity Layer 3 and 4 DDoS mitigation infrastructure mitigates disruption to your network traffic.
As the first point of entry, all of your incoming traffic is routed through our infrastructure ensuring that no malicious traffic reaches your network. Outbound traffic continues to route locally, minimizing performance impact on network traffic.
ZENEDGE for Networks provides always-on or on-demand Layer 3/4 DDos mitigation to ensure the availability of your network when under attack. Each mitigation center in the ZENEDGE network is based on a Juniper MX480 routing platform and an Arbor TMS mitigation platform for high capacity packet filtering. This, in combination with our patent-pending IP to auto-detect and auto-mitigate attacks, delivers you the industry's best DDoS protection solution, managed 24x7 by top cybersecurity experts manning our SOCs.
The Arbor Peakflow collector provides the ZENEDGE Mitigation software platform with multi-tenant capabilities to profile customers down to the individual /32 IP level for baselining. This is an important differentiator that allows ZENEDGE to serve customers with a wide range of traffic patterns while minimizing false positives.
Building on Arbor TMS packet filtering technology, ZENEDGE leverages unique, patent-pending intellectual property to quickly identify and automatically mitigate malicious traffic through data analysis, threat intelligence and behavioral analysis.
The ZENEDGE platform provides automated DDoS attack protection at the network layers. These types of attacks are often referred to as Layer 3/4 attacks (aka volumetric attacks) since they effect the lower layers of the OSI Model (Network and Transport). Some examples of types of attacks include: SYN Floods (Spoofed IPs, non-standard TCP flags), UDP Floods, IPSec flood (IKE/ISAMP assoc. attempts), IP/ICMP fragmentation, NTP / DNS / SSDP reflection, SMURF, DNS flood, etc. These attacks are generally designed to overwhelm the servers, ultimately resulting in a denial of service for legitimate traffic and disrupting the operation of the network.
Normal traffic: in the current network scenario, traffic is being routed through the current network configuration. This is a normal day-to-day environment prior to routing changes in case of an attack.
Example with GRE tunnel GRE tunnel between the Zenedge Scrubbing Center and the Origin network datacenter. Usually, the high performance GRE tunnel will have a 1Gbps capacity for a normal traffic expected to be approximately 100Mb. The following diagram depicts both legitimate traffic flow as well as any potential DDoS traffic that may hit the environment.
ZENEDGE has developed a new model for rapid DDoS Mitigation through the automatic analysis of DDoS alerts and deployment of routing commands to ensure immediate action is taken when legitimate DDoS attacks are detected, without human intervention. Traditionally, BGP routing changes would require DG-I to communicate network advertisements from DG-I datacenter to ZENEDGE. Our RapidBGP technology can automatically make the necessary BGP changes after detecting a DDoS attack if we receive an alert through our monitoring systems via flow data.
Maximum Tolerable Downtime is the time after which the process being unavailable creates irreversible consequences generally, exceeding the MTD results with severe damage to the viability of the business. Depending on the process, MTD can be in hours, days, or longer. In production tests, ZENEDGE is able to detect, route and mitigate volumetric Layer 3/ 4 DDoS attacks within 57 seconds, without any human intervention. Note that connectivity to our customer router is not a requirement for subnets that are /23 or bigger.