How the Protection Works
Distributed Security System
Group-IB points of presence are located in Russia, Europe, North and South America, and Australia, which minimizes the signal delay for local traffic, and enables which minimizes the signal delay for local traffic, and enables rapid response to an attack from any region of the world, making it possible to stop the attack right where it comes from.
Access to filtering systems in Russian and international networks provides the flexibility needed to block malicious traffic (whose sheer volume can impact the main channels of even the leading ISPs), and allows us to reduce the cost of services for clients faced with DDoS attacks, such as in the case that exceeded an astonishing 27 Gbit/sec.
Our own hardware and software, developed by experts with years of experience, successfully copes with new types of attacks on an automated basis. Minimizing the need for human intervention reduces the response time to an unexpected attack, thus improving quality of service.
Group-IB’s detailed and growing historical record of HTTP attacks is an unparalleled resource for investigating DDoS incidents and homing in on attack control centers. Our network design and peering policy ensures load balancing and acceptable response time for internet resources from virtually anywhere in the world.
Group-IB’s Five-Point Approach
Taking into account the diverse nature of DDoS attacks, including both methods and volume of traffic, Group-IB has developed its own five-point approach to stopping DDoS attacks, which includes:
- Using the best equipment to protect from DDoS attacks. Our company’s laboratories have conducted a study of the protective equipment offered by major manufacturers,
leading to the developing our own security system leading to the developing our ownsecurity system. The study also identified the limitations of the market’s currently available security
technologies, allowing us to develop unique custom solutions.
- Proprietary development. Group-IB has developed its own filtering system, allowing us to stop next generation attacks that the equipment of other vendors is unable to handle (patents pending).
- Capacity. For overcoming DDoS attacks, we maintain dedicated channels with a capacity of over 100 Gbit/sec, providing load distribution via several network distribution centers located in different regions. This allows us to provide permanent resistance to massive attacks.
- Experience. Group-IB engineers possess unique and extensive experience handling DDoS attacks. Preventing and defending against DDoS attacks 24/7 is the main focus of their work.
- Comprehensive protection. Group-IB offers the best solution on the market for preventing DDoS attacks and can protect a client’s channels and networks with a unified system.
Traffic routing is carried out in two main ways (the approaches may be varied or combined based on the specific needs of an individual customer).
a. DNS / Proxy Forwarding
This basic method remains the most rapid way of deploying Group-IB solutions. A client is provided with IP addresses in a protection network (IPN). By simply modifying specific DNS records, all client traffic passes through Group-IB’s network infrastructure (IPN), where it is purified. After malicious content is purged, the cleansed traffic is sent back to the client’s network.
b. BGP routing / GRE protocols
This technology is implemented through Generic Routing Encapsulation (GRE) protocols. The client’s subnet and the traffic channel are redirected to Group-IB’s network infrastructure via the GRE protocol. Using GRE provides a number of advantages, including the complete control over traffic filtering.
These solutions are constantly being improved in terms of hardware and software, the capabilities and capacities of the carrier channel, and the skill level of our engineers, allowing us to successfully confront the most complex DDoS attacks and maintain Group-IB’s market-leading status.