GRX ZE Protection for Networks
GRX ZE for Networks provides always-on or on-demand Layer 3/4 DDos mitigation to ensure the availability of your network when under attack. Each mitigation center in the GRX ZE network is based on a Juniper MX480 routing platform and an Arbor TMS mitigation platform for high capacity packet filtering. This, in combination with our patent-pending IP to auto-detect and auto-mitigate attacks, delivers you the industry’s best DDoS protection solution, managed 24×7 by top cybersecurity experts manning our SOCs.
DDoS Mitigation – Network Layer 3/4
The GRX ZE platform provides automated DDoS attack protection at the network layers. These types of attacks are often referred to as Layer 3/4 attacks (aka volumetric attacks) since they effect the lower layers of the OSI Model (Network and Transport). Some examples of types of attacks include: SYN Floods (Spoofed IPs, non-standard TCP flags), UDP Floods, IPSec flood (IKE/ISAMP assoc. attempts), IP/ICMP fragmentation, NTP / DNS / SSDP reflection, SMURF, DNS flood, etc. These attacks are generally designed to overwhelm the servers, ultimately resulting in a denial of service for legitimate traffic and disrupting the operation of the network.
Traffic Flow Before and During An Attack (On-Demand)
Normal traffic: in the current network scenario, traffic is being routed through the current network configuration. This is a normal day-to-day environment prior to routing changes in case of an attack.
Introducing GRX ZE RapidBGP™: From Detection to Auto-Routing to Auto-Mitigation in under 60 seconds!
GRX ZE has developed a new model for rapid DDoS Mitigation through the automatic analysis of DDoS alerts and deployment of routing commands to ensure immediate action is taken when legitimate DDoS attacks are detected, without human intervention. Traditionally, BGP routing changes would require DG-I to communicate network advertisements from DG-I datacenter to GRX ZE. Our RapidBGP technology can automatically make the necessary BGP changes after detecting a DDoS attack if we receive an alert through our monitoring systems via flow data.
Maximum Tolerable Downtime – MTD * 57 Seconds*
Maximum Tolerable Downtime is the time after which the process being unavailable creates irreversible consequences generally, exceeding the MTD results with severe damage to the viability of the business. Depending on the process, MTD can be in hours, days, or longer. In production tests, GRX ZE is able to detect, route and mitigate volumetric Layer 3/ 4 DDoS attacks within 57 seconds, without any human intervention. Note that connectivity to our customer router is not a requirement for subnets that are /23 or bigger.
Learn more about GRX ZE for Networks