DDoS-GUARD has been one of the leading service providers on the global DDoS protection and content delivery markets since 2011. We spoke with marketing manage Ivan Golushko about how unlike most other companies, they use their own network of scrubbing centers with sufficient channel and computing capacities to process high volumes of traffic.
What is DDoS?
A DDoS attack (Distributed Denial of Service attack) is an intentional attempt to break down normal functioning and decrease the availability of a website or application by overloading it with more traffic than it can process. For example, a site that can comfortably process 500 requests per second will experience performance issues if that limit is exceeded. Malefactors exploit the limited processing capabilities of your website by sending thousands of requests per second, making it virtually unusable. To send these requests, an attacker usually uses a group of bots (any IoT devices or ordinary computers he gained control of), which form a so-called botnet.
How does DDoS protection work?
The majority of DDoS protection solutions on the market use reverse proxy technology. Requests sent to a site are delivered through an intermediate web server called a proxy server. Protecting sites from being overwhelmed with malicious traffic generated by botnets requires analyzing all traffic and allowing only legitimate requests from real users through to the web server.
What plans do you offer for Website protection and optimization?
We offer both free and paid plan, with a free trial available for all paid plans.
Our free plan offers comprehensive protection of your website, unlimited legitimate and scrubbing bandwidth, SSL certificate, CDN and content optimization. So, we not only protect the your site we also make it faster! That’s why our solution is called Website Protection and Optimization. DDoS-GUARD is also one of a few companies that has client support service on all plans.
Our paid plans start at $15/month. They give customers extended opportunities for tuning website traffic processing and protection. Using a control panel or an API customers can benfit from our advanced features and higher support ticket priority. For example, our Normal plan ($180/month) includes a dedicated IP address, load balancing, support of custom SSL certificates, and 30 minutes of support ticket time. With this plan our servers compress “raw” data from the customer’s website and re-compress content by choosing the most efficient algorithm. This minimizes the amount of transferred data, which results in faster website loading speed.
How do your customers benefit from CDN?
CDN (content delivery network) is a technology that diversifies points of content storage for better performance and resiliency. Or instance, the part of a customer’s website content ‑ static data, which is not frequently updated ‑ is stored at CDN nodes placed in our points of presence (Los Angeles, Hong Kong, Amsterdam, Almaty, Saint-Petersburg, Moscow). The site visitors download static content from the nearest CDN node instead of the origin server. In this way it relieves the load from the origin server and also compensates for the delays due to the physical distance between visitors and the destination. In brief, by having multiple nodes, the content delivery network is much more resistance to attacks as the failure of one node will not bring down the entire CDN. CDN nodes are located at DDoS protected perimeter, which means we protect our CDN the same way we protect our customers’ servers and subnetworks. Our customers receive the benefits of unlimited CDN at no additional cost.
What is Protected VDS and how does it work?
Protected VDS is a Virtual Dedicated Server running on a distributed fault-tolerant cluster located in the DDoS protected environment. All the websites, apps and other projects deployed on the Protected VDS will be DDoS protected as well. Traditional reverse proxy technology cannot protect you if an attacker knows your original IPs and targets them directly. Thus, the main advantages of the Protected VDS service over the Website protection and optimization, are protection from the direct volumetric DDoS attacks to your IPs and higher customizability. By providing comprehensive protection against all known DDoS attack types of any power and has great scalability, this is the best solution for fast-growing projects.
Do you offer any SSL certificate services?
Yes, we provide “Let’s Encrypt” SSL certificate for free or “Comodo” for a small fee, both of which are issued within 5 minutes or less. Additionally, some plans allow using a third party (custom) certificate if a customer finds it more suitable.
What is IP Transit and for whom is it beneficial?
IP Transit is a service that transfers traffic between the customer’s network and the larger Internet through the DDoS-GUARD network. This is beneficial to carriers, internet service providers, application and content delivery providers, and data centers as it can shorten routes, improve network connectivity, decrease delays, and optimize traffic costs. We offer direct connections to Worldwide Tier 1 providers and China-optimized Routes, which is valuable if a company’s servers reside outside of mainland China but the services still need to be accessible from the country, despite the Great Firewall.
How does your network protection solution work?
When Network Protection is activated, any traffic going into or out of the customers’ network flows through our protected network. First, we determine whether incoming requests are malicious or legitimate. We block all the malicious traffic from cybercriminals, bots and compromised networks and deliver cleansed traffic to its destination ‑ the customer network ‑ via a virtual tunnel, logical or physical link. By purchasing this service our customers can protect their networks or individual servers from all known types of DDoS attacks.
This service is designed for enterprise customers, ISPs (Internet service providers), data centers, etc. Moreover, ISPs and hosting providers can use DDoS-GUARD White Label program to provide their customers with premium-grade DDoS protection under their brand names.
What is DNS filtering?
DNS filtering is another layer of protection that is complementary to basic L3-4 algorithms. When the UDP-based validation mechanisms fail to protect a customer from a DDoS attack, all requests to his infrastructure are switched from UDP (which is in short an unreliable protocol) to TCP (which guarantees delivery of data) for thorough data validation.
It’s important to note that this switching does not result in any noticeable latency for end users. The only requirement is that a customer’s DNS server must be located on DDoS-GUARD VDS / dedicated server or the Network protection service must be enabled.