DDoS Protection for Networks

Protect your Network or Datacenter within minutes with 1Tbps Mitigation capacity.

SeGuard Mitigation ^tm

Infrastructure DDoS Protection helps large enterprises, ISPs, small and medium businesses, and even the casual gamers protect their services availability. In the event of an attack, traffic is rerouted through SeFlow’s scrubbing centers using BGP announcements or API Call. From that point on, SeFlow advertises IP range and start protecting it.

All incoming network traffic is inspected and filtered, and only legitimate traffic is securely forwarded to the enterprise network via GRE tunneling.

Infrastructure DDoS Protection offers a direct link to your network infrastructure that can be always-on or activated on-demand as well as mitigation and monitoring appliances for on-site protection.

Some Key Features:

Full-Reach Panel

Peacetime performance and event reporting with extensive attack visibility and historical data via the SeFlow Portal. Your Control Panel also allows you to monitor attacks, generate reports and to take full control of the actions.

API Integration

The SeFlow API is a RESTful API that supports all features available through the SeFlow SeGuard web interface. Use our APIs to guide the development of your sites and applications. Give to your customers opportunity to track Anomalies, IP Accounting and much more. Details >>

1 Tbps Ingestion Capacity

Special and dynamics rules was applied on all routers and firewalls ensuring DDoS Protection with 1 Tbps of attack ingestion capacity. As second defense layer we had various sensors that analyze traffic and if an anomalies is found, redirect the IP to our scrubbing centers.

Custom Scripts

Run Custom scripts when DDoS attack starts or expire. We offer Dynamic Parameters that can be used as parameters
or script arguments for most Response actions. With custom scripts you can set ACL on your routers, trig remote API and launch any application you need.

Auto-learning Filters

SeFlow protects services using collective knowledge about security threats, including new and emerging DDoS attack methods. Using crowdsourcing techniques, new security information is aggregated across our entire network and new mitigation rules are applied in real-time across all filters.

Telegram Notification

Keep your staff updated for all DDoS Anomalies with our instant notification. You can setup emails, visual, push, and now Telegram Alerts. Within few minutes you can alert your noc or staff chat group about any new or expired anomaly. Details >>

Frequently Asked Questions

How does remote DDoS work?

A: Remote DDoS is for client’s with a remote data center or networks where they own the IP space. Instead of relocating the IP space, they can announce their IP into our network where we will scrub the dirty traffic and deliver the clean traffic over GRE tunnel or Fiber back to your server or network.

What is required to get setup with remote DDoS protection?

A: You will need your own IP space, ASN, and a router that is able to do BGP. To get setup, we’ll need an LOA (Letter of Authorization) authorizing the announcement of your IP block (prefix) on our network.

Is remote DDoS only for a network or can client's also protect a single remote server?

A: Your welcome to announce small prefixes such as a /24 which can be for one specific server or simply high risk clients who are under attack.

Is there a minimum requirement for a client to use remote DDoS protection?

A: Yes, a minimum prefix of /24 along with a router that allows BGP and GRE is required to get started.

Is there is a cost associated with announcing and withdrawing prefixes for remote DDoS?

A: When a tunnel along with GRE is built, you do not need to announce prefixes all the time. You can wait until an attack occurs where you can announce the prefix to initiate the mitigation process. note you can only announce a /24 which is the smallest a BGP route allows for a provider to recognize that prefix. There are no charges when announcing and withdrawing prefixes. The flexility is in the network operator’s decision.

Scrubbing Centers

Having worldwide POPs allows our system to mitigate much larger attacks when necessary. With anycast DDOS systems we are able to direct traffic to multiple locations allowing our systems to utilize the “divide and conquer” method.

This allow us to deliver a protected network. Using our services from IP transit, Dedicated server our customers has an ease of mind that we are able to defend against any attack. Anycast DDOS & Services has allow our customers to utilize its service to deliver content closest to the POP as well as mitigate attacks away from its origin.