DDOS PROTECTION SERVICE FOR INFRASTRUCTURE AND APPLICATIONS

AMICA

When you or your customers have a problem with DDoS…

DDoS attack from Russia

DDoS attack from China & SEA

DDoS attack from Europe

DDoS attack from USA

Connecting to AT&T, Cogent, Zayo, Tata, ReTNet, TransTelecom, PCCW | 1 Tb filtering power

We will protect you with our protection system

Only clean traffic

8 filtering nodesUSA: Ashburn, Dallas,San JoseEurop: Frankfurt Amsterdam Moscow Asia: Almaty, Singapore

Logical infrastructure. BGP anycast connection.

Filteringnetwork

Filtering node

user

user

zombiezombie

client’s IP

Filtering node

user

zombie

client app

user

user

zombieuser

user

user

BGP anycast network Amica 178.248.232.0/21

BGP anycast network Amica 178.248.232.0/21

• The huge bandwidth;• Cleaning of sophisticated attacks using multi-

level filtering.

Lock complex DDoS threats, including DDoS-attacks Application Layer, including SSL and TLS

Cascade filtering

Each filtering node have cascade system of DDoS protection

3d & 4th layer OSI

TCP flood, incorrect combinations of TCP flags, window size attack (eg Sockstress), slow TCP connections; UDP / ICMP flows, attacks fragments IP / TCP / UDP etc.5th – 7th layer

Attacks on VoIP / SIP gateways, attacks on SSL / TLS, slow attacks HTTP, HTTP GET / POST streams,etc.Attacks on/from DNS servers

Streams of DNS queries, incorrect DNS traffic

• The simplicity and accessibility connection;• Custom filtering;• Minimum configuration;• Standard access to the statistics of attacks.

But:• redirect traffic speed is limited time to rebuildDNS, which is important when we connectunder attack;• Infrastructure, which is protected serverremains vulnerable for DDoS attacks.

Protect customer’s application

For connecting to service we need change only DNS A record

Connecting BGP AS

• Complex protection of infrastructure;• Fast forwarding traffic;• Flexible configuration of load balancing

between the border routers.

• Need for self-AS;• The impossibility of selective filtering.

Or the whole network, minimum /24, ornothing;

• More configuration settings during theconnection process.

• Access log: transmits the syslogfile of access to application.Filtration System will automaticallyblock bot-treatment, based onbehavioral analysis algorithms.

• API enables automatedmanagement of White / Black listsin the system.

HTTPS filtration without passing key

S L A

* The guaranteed availability of 99.9% and above is provided in the case of VPN L2 by filteringnetwork to the customer's equipment.

Small / Medium Business Basic 95,00% 60

Small / Medium Business Basic 1Mb/s 95,00% 60

Small / Medium Business Light 1Gb/s 97,00% 30

Small / Medium Business Light 2Gb/s 97,00% 30

Large Business Business 2Gb/s 99,00% 30

Large Business Business+ 99,00% 30

Large Business Corporate+ 99,50% 14

Large Business Corporate++ 99,50% 14

Enterprise Enterprise 99,9%* 14

Segment Name of the tariff plan

Accessibility (total time per month)

Maximumunreachable time (min)

The result of implementation

• Reliable protection system against DDoS at all levels;

• Efficiency, backed by S L A;

• Multiple connectivity options;

• Detail reporting;

• Free trial period;

• Protection against attacks on HTTPS without handing over the keys.

The following steps:1. Select connection type (app or infrastructure);2. Free test period;3. Testing under load.

Thank you for attention!

Mikhail Kalin Information security division mk@amica-it.com+1 647 243 7821Amica LLC