Serverius DDoS Protection

Protect your remote IP infrastructure

The Serverius DDoS protection is cloud based protection system to create, protect and control your own datacenter environment.

DDoS protection packages

Every package will contain DDoS protection and the Web Application Firewall functionality. For example, it does not matter if you get 1 or 100 DDoS attacks a month, your package pricing will always be the same. The main differences between all packages are the amount of inbound (clean) data traffic and the amount of Safe zones which can created. In all cases the total amount of DDoS attacks is unlimited.

IP network DDoS protection connection methods

Every connection method is possible, you can even use one or multiple methods simultaneously.

• Connect by GRE tunnel to protect your remote datacenter
• Forward all web request by web proxy to a (private) Serverius IP
• Your private IP subnets announced by the Serverius AS50673 network
• Using Serverius IP shared subnets
• Direct fiber to announce your own IP subnets under your own ASN by BGP
• Carrier VLAN (NL-IX/SpeedIX/RETN/DCspine/Zayo)

Configurable technology at your fingertips The only person who knows which services are running on its IP subnets is the network IP administrator. Based on what is running on a IP subnet, he should be able to create it’s own DDoS protection defense layer for it. Therefore Serverius its self service web portal offers tunable features to configure everything yourself. Custom made IP security Users can create a personalized protection environment called Safe Zones. Every Safe Zone can hold one or multiple IPv4 (up to a /32 up to a /19) and IPv6 subnets where multiple security feature can be enabled. This way the user can create specific configuration per IP, per software application, per Web Application. Geographically IP blocking A location policy can permit, block, or implement traffic limiting for traffic of a country or a region. Many attacks on the Internet are launched by attacks by controlling zombie hosts. These zombie hosts may be centrally located in a specific region. A location policy can block or implement traffic limiting by region, effectively prevents attacks from a specific region. In addition, a location policy can take the pass action on traffic from a trusted region. Also, if you want to allow only one or more countries you can block all countries and allow only the countries you prefer. Self learning user baseline To achieve best possible protection level and to avoid any false positive, all configuration thresholds should be periodically tuned to match the safe zone traffic. Therefore the user specific thresholds can automatically be tuned by the “baseline learning mode”. The system will analyze the traffic of the safe zone for a period of time and will adjust the thresholds based on the analytic results. Note: when a defense is enabled the protection system will only collect statistics on the traffic and will activate the defense mechanism only in case the traffic exceeds the threshold.