An intelligent protection against sophisticated DDoS attacks.
Globally, the magnitude and complexity of cyber-attacks has evolved, and DDoS attacks have become a major concern in Internet security today. Prevent unnecessary website downtime with Primary Guard’s DDoS Protection, the best solution for providing DDoS mitigation and DDoS attack prevention from a wide array of attack vectors.
A Distributed Denial-of-Service (DDoS) attack is an attempt to make an online service unavailable by overwhelming it with network traffic from multiple sources. During a DDoS attack, no one can access the network resources, which means that for web servers running eCommerce sites, consumers will not be able to purchase products or receive any assistance.
Companies can lose up to $20,000 per hour in the event of a successful DDoS attack. According to ITIC estimates, downtime and service degradation during peak can result in huge loss of revenue (average loss is about $5,600 per minute).
On the Internet, a network connection is composed of many different “layers”. These layers form what’s called the Open Systems Interconnection (OSI) model (shown below):
Applications access the network service
(user-computer interaction layer)
Ensures that data is in a usable format and is where data encryption occurs.
Maintains connections and is responsible
for controlling ports and sessions.
Transmits data using transmission
protocols including TCP and UDP
Decides which physical path
the data will take
Defines the format of data
on the network
Transmits raw bit stream over
the physical medium
Depending on which layer of the OSI model is being targeted, most DDoS attacks are attacks that target the Network, Transport, Presentation and Application layers.
A protocol attack that attempts to “flood” the targeted server, service or network with TCP ACK packets. It’s usually done with IP spoofing and is very difficult to stop without using a CDN to filter out unnecessary traffic.
A protocol attack that attempts to “flood” the targeted server, service or network with TCP SYN packets. In a 3-way handshake, the target will reply with TCP ACK packets, which increase the load of the target server. It’s the same as ACK flood, which uses IP spoofing to prevent being detected.
A protocol attack that attempts to “flood” the targeted server, service or network with UDP packets. This causes the target to overload, and unable to process and respond to legitimate traffic.
An application layer attack that attempts to flood the targeted server, service or network with large numbers of HTTP requests, resulting in denial-of-service.
Malware that infects IoT devices that run on ARC processors. Infected devices will turn into botnets, which can be used to launch DDoS attacks from those devices without spoofing the IP addresses.
A volumetric attack that exploits the vulnerability of LDAP (Lightweight Directory Access Protocol) that is capable of doing reflection/amplification to perform DDoS attack. Requests with victim IP as spoofed IP are sent to those vulnerable servers and those servers will respond to the victim, causing a DDoS attack.
Don’t be a victim of any of these cyberattacks. Avoid having to scale back potential data loss or downtime by taking preventive measures to protect your services.
Ease of purchasing DDoS-as-a-service tools (<$150) from the Dark Web.
Complicated price structure for most cloud providers
Loss of trust from potential customers due to bad website performance
Unpredictable web domain downtime
Massive amount of website traffic which floods and overloads the origin server
Can come simultaneously from many locations
Naturally, time is of the essence when it comes to DDoS protection. Prompt DDoS detection is a critical phase of the mitigation process – the faster security systems can detect a potential threat, the better the chance of minimising damage and even neutralising the threat.
Primary Guard provides a solid DDoS protection platform that is built to withstand and mitigate all kinds of DDoS attacks.
DDoS attacks are absorbed by the nearest data centre to where the attack is originated – no longer using the legacy scrubbing centre approach.
Limit the number of incoming requests, block bad bots from credential stuffing, content scraping, credit card stuffing, inventory hoarding and more.
Request logs are available to download or push to various destinations, e.g. Amazon S3, Microsoft Azure, Sumo Logic, Elastic and more. Various visualizations and metrics available to increase web traffic visibility and quicker decision making.
No major configuration changes needed from customer – requires only nameserver change on the registrar to onboard. Works with on-premise and cloud-based solutions.
Unlimited and unmetered DDoS mitigation No extra charge for any size and layer of DDoS attack mitigated.
Biggest network capacity globally to mitigate and protect from any kind/layer of DDoS attack With more than 121Tbps of network capacity and rapidly growing, our solution is able to mitigate even the largest DDoS attack ever recorded until this point of time.
Single Platform with multi-user account access Fine-grained control that assigns only the necessary permissions to each user. This is to ensure the access management can be controlled with relevant permission and logged for audit trail purpose.
Fast-growing DDoS protection Number of PoPs (Point of Presence) and network capacity is increasing around 2-3 on a monthly basis to mitigate more sophisticated and larger DDoS attacks.
The PRIMARY GUARD company profile and logotypes are the sole and exclusive property of Primary Guard Sdn. Bhd. Media and partners are encouraged to download the PRIMARY GUARD company profile as a reference only and may not use for any other commercial purpose without permission from the Primary Guard Sdn. Bhd.
Send us a request and we will look into it immediately.