DDoS protection solutions

Application availability

Application availability is achieved by security analysis of application Denial of Service conditions and through performance engineering.

Security DoS conditions

This is one of the most severe classes of Denial of Service attacks as it normally only requires a single attacking machine to take down an application server. There are many prospective areas for security review of application DoS conditions, specifically – improper handling of data, encryption and compression services, data parsing and processing, user session management, etc.

In our many years of experience, we are yet to see the first web application that would not be susceptible to application level DoS before its first availability security assessment.

Performance engineering

It’s an extensive and complicated field of knowledge that requires a lot of software engineering skill and performance testing know-how. To ensure optimal application performance under load, our experienced performance engineers perform architecture performance review, back-end and front-end performance profiling, code review, analysis of Virtual Machine and Garbage collector utilization, and suggest performance optimizations.

This can have a dramatic effect on application performance and the number of users it can service with the same hardware and running cost. It also significantly raises the bar for a DDoS attack, requiring a much larger offending botnet to achieve Denial of Service.

System and network availability

We actively develop 2 solutions for DDoS protection and use them for anti-DDoS subscription services.
They are highly customizable, allowing for swift adaptation to new attack types.

Filter

Filter is a highly secure, attack sensing filtering HTTP proxy. It’s designed and configured with a multitude of heuristics determining whether an HTTP request is from a legitimate user, of from an attacking bot.

Filter can protect from all widespread DDoS attacks on HTTP/HTTPS protocols, including SYN flood (on OS level), slow HTTP, GET and POST flood.

One Filter server with modern specs can process 30.000+ HTTP requests per second, which is enough to fend off a small-to-medium botnet. The system is designed for easy unlimited horizontal scalability if more filtering servers are required.

For maximum security, Filter is designed to be coupled with ModSecurity and Naxsi. Additionally, Filter exposes a JSON API that allows the protected application to control filtering of incoming requests.

Perimeter

Perimeter is a modular, highly customizable, software attack sensing packet filter designed to fight flood traffic on network borders.

Technically Perimeter is a transparent Ethernet bridge. It can process 802.3 ethernet, 802.1q VLAN, Q-in-Q packets, and is fully compatible with LACP. Perimeter is completely transparent for VTP, Spanning tree and other non-IP protocols.

Perimeter automatically detects and blocks flood traffic based on IP level network info, protocols used, TTL, IP and TCP flags, ports, packet sizes, TCP/IP anomalies, GeoIP info, and can initiate traffic blocking on BGP protocol level (black hole) if necessary.

Perimeter supports Juniper FlowSpec for manual filtering management of unlimited Perimeter instances from a single control center. Traffic statistics are available in a web-based control panel.

Perimeter is a high performance software system, processing 8.000.000+ packets per second on Intel Xeon 5150@2.66Ghz/Intel E1G42ET Ethernet.

Have questions?

We have answers. Write us at security@softseq.com

Your message has been sent!

We'll get in touch shortly