No diversion or GRE tunnels required. Continent 8 is an established ISP which has developed its own protection platform. Our filters and scrubs Internet traffic automatically before it arrives at our customers Internet ports. This reduces mean-time-to-mitigation and helps keep latency at consistently low levels, even when under attack.
As an Internet Service Provider, we have multiple layers of protection against DDoS attacks; Large scale upstream filtering, dynamic network edge filtering (using Flowspec), Continent 8 Shield (in house developed propriety tools), volumetric DDoS scrubbing (Thresholds and ratios), application traffic/ connection rate limiting (Continent 8 WAF) and Security Information Event Management and Managed Detection and Response (Continent 8 Secure SIEM and MDR). This enables us to provide unparalleled levels of effective mitigation against large scale and zero-day attacks.
Our multi-terabit network stretches around the globe. As per best practice, we filter traffic as close to the source of attack as possible and uses its low latency MPLS core network to route clean traffic direct to customers. No matter whether customers are on or offnet, we have a solution to help keep latency low.
Continent 8 have developed C8 Shield, an in-house proprietary technique for mitigating against SYN-ACK attacks. SYN-ACK attacks are notoriously hard to protect against and other mitigation providers, as well as their technology providers, struggle to filter attack traffic. Using C8 Shield, Continent 8 successfully filter this type of attack.
Unlike other cloud DDoS solutions, we work with their customers to benchmark clean traffic profiles and tweak mitigation rules to ensure effective and efficient mitigation personalised to each individual customer. Available to all our customers, this helps to reduce false positive traffic categorisation during mitigation and ensures efficient operation of automatic mitigation. We provide self-service portal access which provides real-time and historic views of attacks and provides customers with the ability to create their own whitelists and mitigation profile assignment to individual IP addresses.
With its DDoS response team available 24/7, unlike other cloud DDoS providers, we not only provide SLA’s for availability, but also for network performance and mitigation times.
We provide automatic on-net DDoS protection but can also provide offnet solutions with various diversion methods and clean traffic return options. This ranges from DNS diversion for websites, single IP address protection using IP over GRE and full infrastructure protection using BGP diversion for /24 networks and above. Clean traffic can be returned to the offnet customer network via cross connect, private circuit, Network-to-Network Interface (NNI) or GRE tunnel.
Some DDoS protection providers charge a flat fee to all customers for protection of traffic up to 1Gbps. We offer cost savings over this model as DDoS protection is priced individually for each customer (mapping their Internet bandwidth CDR – starting at 10Mbps). Other providers charge to unlock features or only provide service to limits and charge to breach limits. With us, all features are included with unlimited protection. Our fees are predictable and known upfront, no matter the scale of network or attack.
On-net DDoS protection is in line with IP bandwidth with automatic mitigation. This product is suited to all customers using Continent 8 Internet connectivity, whether colo or cloud customers and customers that use IP over GRE.
Off-net DDoS Protection requires manual diversion (BGP) and mitigation. This product works like traditional cloud DDoS protection and requires manual diversion and clean traffic return via either a cross connect, private circuit, GRE tunnel or NNI, depending on availability. It is also possible to protect websites from DDoS attacks using DNS diversion through our WAAP product.
Whether on or offnet to Continent 8, you can limit traffic/ connections for specific components of web hosted applications or websites. This is done by using our WAAP service as a proxy. DNS diversion.