DDoS Protection service provides network-based DDoS irregularity identification, notification and mitigation protection from DDoS attacks. This type of attack targets web sites, hosted applications, systems and network infrastructure with the intent to absorb all available bandwidth, thereby disrupting legitimate network services to customers, partners and employees.
Sify Detection Service layer examines traffic of data across the network for each address identified. If a DDoS attack is detected, the traffic is routed to a set of DDoS mitigation devices. The DDoS attack packets are identified and mitigated paving way for the valid traffic to pass.
Sify’s DDoS Protection analyzes IP backbone traffic patterns and creates a “baseline” or threshold of expected traffic patterns and values. This service can then differentiate anomalous traffic in relation to the established values and provide reports and alerts accordingly.
Title | Description |
---|---|
DDoS Detection and Trace back | Auto-learn traffic and alert on abnormal behavior. Mitigate based on severity, and access the origin of attacks |
Network Behavioral Analysis | Detect floods directed at customer networks. Alert on traffic levels above defined thresholds |
Zero-day attack detection | Fingerprint detection based on online active threat level. Analysis System detecting bonnets and malware |
Service-based threat detection | Baseline and alert to misuse of delivered services to customer networks like VOIP or DNS |
Threat Management & DDoS Report | Comprehensive threat management system that mitigates & reports on DDoS and other attacks. |
Traffic information & Mitigation | Monitoring of subscribed IP traffic information in gateway routers to mitigate and black hole the traffic to the hosts affected |
The plans and packages are based on Internet Ports from 5 Mbps to 1000 Mbps.
To know more about the prices, please click on “Have us call you” or email us at connect@cloudinfinit.com.
Distributed Denial of Service (DDoS) Detection and Mitigation Service (DDoS-D&M) provides network-based DDoS anomaly identification, notification and mitigation protection. Sify Detection Service layer examines Customer’s traffic flow data across the Sify network for each address identified by Customer. If a DDoS attack is detected, the traffic is routed to a set of DDoS mitigation devices where the DDoS attack packets are identified and dropped while the valid traffic is passed to Customer.
Sify Security Operations Center (SOC) in Chennai, India, monitors customer Internet traffic on a 24x7 basis.
The Detection service analyzes IP backbone traffic patterns and creates a “baseline” or threshold of expected traffic patterns and values. The Detection service can then differentiate anomalous traffic in relation to the established values and provide reports and alerts accordingly.
The following packages are offered under the Sify DDoS protect service
DDoS Detection [Option1]
As part of Detection service, Sify monitors subscribed IP traffic information communicated through the NetFlow protocol supported in Sify’s gateway routers and monitors this flow information for anomalies compared against attack signatures & baselines. Upon identification of a DDoS attack, the customer is communicated through the Sify SOC center.
DDoS Detection & Mitigation [Option 2]
Advanced to the DDoS Detection service, Sify also provides a mitigation service. Upon informing the customer about a DDoS detection and customer acknowledging and confirming back with a mitigation request, Sify will black hole the traffic to the hosts affected on its IP backbone. The black holing is done through the following procedures
DDoS Detection & scrubbing [Option 3]
The mitigation method of black holing shuts down all traffic destined for the victim’s site—thus completing the DDoS attack. Customers not willing to compromise in losing genuine traffic to a host under attack can subscribe to the scrubbing service. Scrubbing service provides surgical removal of only the attack traffic while maintaining the legitimate business traffic. Upon confirmation from a customer for scrubbing post a detection alert, all traffic destined to the infected site is off ramped to a shared scrubbing centre on Sify IP cloud and cleaned. The clean and legitimate traffic is forwarded back to the customer’s site. This off ramping continues till the duration of attack.
Reporting: For all the above subscriptions, a web portal access is also provided for service and status reporting information, including anomaly reporting, historical archival, dark address analysis, and current status page.
There are two different SLAs which apply to the DDoS Protection service.
Service Parameter | SLA Attribute | SLA Indicators | Availability Guarantee |
---|---|---|---|
Distributed Denial of Service “DDoS” Detection and Mitigation Service | Monitoring | 24x7 real time monitoring | > 99.5% |
Attack Notification | 15 minutes after a successful DDoS detection | > 99.5% |
Note: The Service Availability Guarantee for Scrubbing Device(s) SLA ensures the Availability of the Scrubbing Device(s) to mitigate DDoS Attacks ensuring customer’s network function correctly.
If in any month Service Availability is not fully available for a particular Qualifying Site, the customer will be eligible to a Service Credit equal to the percentage of the Monthly Recurring Charge (“MRC”) for the Service at the affected Qualifying Site.
The Time to Mitigate SLA is intended to guarantee that identified DDoS attack(s) is mitigated timely. This ensures that the customer’s network suffer minimal disruption and is able to recover from an attack promptly.
Service Parameter | SLA Attribute | SLA Indicators | Availability Guarantee |
---|---|---|---|
Mitigation Protection | Availability of Scrubbing Device | 24x7 | > 99.5% |
Threat Mitigation(High/Critical Alerts) | Mitigation will begin within 30 minutes of Customer concurrence on a detected DDoS threat | > 99.5% |
To explore more on plan & packages for subscription or for trial of services – Login to cloudinfinit portal now