Home > Enterprise > Security > DDoS Protection

DDoS Protection

Network unavailability, website downtime, privacy breaches, brand damage, compromised digital assets: each one can be devastating and can cripple any organization with significant associated recovery costs.

Micron21 are pioneers in the industry and protect some of Australia’s largest companies and agencies from crippling DDoS attacks.

Under Attack?

Micron21 offers comprehensive multi-layer protection that defends against volumetric, protocol, and application-layer attacks.

With over 700 Gbps of mitigation capacity directly connected to more than 1,500 networks globally, we have the capability to absorb and mitigate large-scale attacks.

Talk to an expert

Additional Services

If you need to add additional services to your DDoS service, Micron21 has you covered.

Additional Services   Price Per Month (ex-GST)
Additional /24 Prefixes   $20.00
Network Bot Protection (per SSL)   Contact Us
Bilateral Peering Best Effort Throughput Free
Megaport VCX Best Effort Thoughput Customer to arrange VCX
Onnet - Physical Cross Connection Dedicated Throughput Customer to arrange cross connection
DDoS Detection Appliance   $250.00
Security Operation Centre SOC Real time threat detection and incident response Find out more

Introduction

Comprehensive, Multi-Layered
DDoS Protection

In an era where cyber threats are increasingly sophisticated, Distributed Denial of Service (DDoS) attacks and other malicious activities pose significant risks to organizations worldwide. These threats can lead to network unavailability, website downtime, data breaches, brand damage, and compromised digital assets each with devastating consequences and substantial recovery costs.

Micron21 stands at the forefront of cybersecurity, offering state-of-the-art solutions that encompass advanced DDoS mitigation including network-based protection across Layers 3, 4, and 7 and bot protection via our different service offerings.

 

Why Micron21

We do DDoS Protection better

Our 700gbit+ DDoS protected network spans the globe, directly connected to more than 1800 major domestic and international carriers.

Proven Since 2009

Proven since 2009, offering enterprise level DDoS mitigation services since 2013

Data Sovereignty

Provided by an Australian company, which is not bound by the patriot act

Global Scrubbing

5 global scrubbing centres (Melbourne, Sydney, Singapore, Amsterdam, Los Angeles)

SOC Monitoring

Direct support access to our Security Operations Centre (SOC) monitoring your services in real time

Multi-Vendor Hardware

Multi-enterprise vendor mitigation solutions include Brocade, NSFOCUS, Juniper and A10 to provide a superior protection platform

700Gbit+ Capacity

700gbit of mitigation capacity directly connected to 1500+ networks globally

Domestic Scrubbing

Domestic traffic within each scrubbing region is cleaned within the region, avoiding increased latency and additional international traffic rerouting

Global MPLS Network

Global Multiprotocol Label Switching (MPLS) network for optimal routing of clean traffic across regions

Attack Mitigation

Utilise our global network
of scrubbing centers

With over 700 Gbps of mitigation capacity directly connected to more than 1,500 networks globally, we have the capability to absorb and mitigate large-scale attacks.

Our global network of scrubbing centers—strategically located in Melbourne, Sydney, Singapore, Amsterdam, and Los Angeles—ensures low-latency, close-to-source mitigation.

We utilize dedicated infrastructure for scrubbing attack traffic from clean traffic, employing high-performance equipment from industry leaders such as Cisco, NSFOCUS, Juniper, Extreme and A10 Networks. This dedicated approach optimizes performance and ensures that your legitimate traffic remains unaffected.

 

Is your DDoS protection real
or just an empty promise?

In today’s digital landscape, the threat of Distributed Denial of Service (DDoS) attacks looms large over organizations of all sizes.

While many service providers claim to offer DDoS protection, a closer examination often reveals that their solutions lack the depth and effectiveness required to combat sophisticated cyber threats.

 

Features

Advanced Protection Features

Our DDoS mitigation services provide comprehensive, stateless, multi-layered protection against volumetric, application, and web application attacks.

Comprehensive, Stateless,
Multi-Layered Protection

Our stateless architecture allows for rapid processing and analysis of packets without the overhead of maintaining session states, enabling high-performance defense mechanisms. We support multi-protocol environments and offer advanced inspection capabilities, effectively mitigating attacks across TCP, UDP, ICMP, HTTP, HTTPS, DNS, and SIP protocols.

Our protection extends to a wide array of attack vectors, including amplification attacks like NTP, SSDP, SNMP, CHARGEN, and Memcached. We also defend against fragment floods, connection exhaustion attempts, header manipulation, and carpet-bombing attacks. By integrating with Threat Intelligence Feeds, we stay ahead of emerging threats, utilizing real-time data on malicious IPs, botnets, and attack patterns.

 
 

Specialized DNS and
HTTPS Protection

Understanding the critical role of DNS and HTTPS in modern networks, we provide specialized protection mechanisms for these services. For DNS, we implement DNS rate-limiting, DNS TCP-bit checks, DNS CNAME checks, DNS retransmission controls, and DNS keyword checking to prevent abuse and amplification attacks. Our defenses against random subdomain attacks ensure the integrity and availability of your DNS infrastructure.

For HTTPS traffic, we offer advanced security measures including HTTPS keyword checking, HTTPS authentication, HTTPS dynamic script analysis, and HTTPS frame check sequence (FCS) checks. We utilize HTTPS pattern matching and guard against HTTPS slow attack checks, such as Slowloris attacks that aim to exhaust server resources. Our HTTPS SSL connection control ensures secure and efficient handling of encrypted traffic without compromising on performance.

IP Behavior Analysis and
Trusted Source Verification

Micron21 employs sophisticated IP behavior analysis to monitor and assess the legitimacy of incoming traffic. By analyzing patterns such as connection rates, geographic origin, and packet anomalies, we can identify and mitigate suspicious activities. Trusted source IP control allows us to prioritize traffic from verified sources, enhancing the efficiency of legitimate communications.

Additionally, our systems perform empty connection checks to detect and block attempts to consume server resources with incomplete or malicious connections. For Voice over IP services, we provide SIP authentication to secure against protocol-specific attacks.

 

Compliance and Certifications

Ensuring Data Privacy
and Protection

Micron21 is committed to meeting the highest standards of compliance and certifications. Each of our scrubbing locations is Information Security Registered Assessors Program (IRAP) certified, meeting stringent Australian government security standards..

As an Australian-owned company, we are not subject to foreign data access laws like the USA PATRIOT Act, ensuring your data remains sovereign and protected under Australian law..

For our European clients, we adhere to the General Data Protection Regulation (GDPR), ensuring data privacy and protection in compliance with European standards. Our commitment to compliance ensures that your organization meets its regulatory obligations while benefiting from our advanced DDoS mitigation services.

 

Full Visibility

Comprehensive Reporting and Analytics

Micron21 provides comprehensive reporting and analytics to give you full visibility into your network’s security status. We track attack events, provide detailed attack summaries, and analyze traffic trends to offer insights into the nature of threats against your network. Our extensive logging captures data on attack summaries, traffic alerts, performance metrics, link states, and authentication activities.

Our reporting capabilities include both real-time and historical reporting, allowing you to monitor ongoing threats and review past incidents for trend analysis and strategic planning. We offer scheduled reports by email, ensuring that key stakeholders receive regular updates on the security posture of your network. This level of transparency empowers you to make informed decisions about your security strategies and resource allocation.

 

Detect and Neutralize

Mitigation Algorithms and Techniques

Our DDoS mitigation strategies are underpinned by a suite of sophisticated algorithms designed to detect and neutralize threats effectively.

Rigorous Protocol Compliance
and Filtering

We perform RFC (Request for Comments) checks to ensure that all network traffic adheres to established internet protocol standards. This helps us identify and discard malformed or malicious packets that deviate from expected behaviors.

Our systems leverage blacklists, Threat Intelligence (NTI) blacklists, whitelists, GEOIP filter lists, and access control lists to allow or block traffic based on reputation and geographic origin.

 
 

Advanced TCP and
UDP Protection Mechanisms

For TCP traffic, we employ techniques such as regular expression filtering and TCP SYN source IP rate limiting to manage and mitigate SYN flood attacks. We monitor TCP SYN bandwidth limits, perform TCP SYN time sequence checks, and apply TCP fragment controls to ensure the integrity of TCP communications. TCP watermark checks and pattern matching enable us to detect and block sophisticated attack patterns targeting TCP protocols.

In UDP traffic, we implement regular expression filtering and payload checks to scrutinize the contents of packets. UDP fragment control and packet length checks help us identify and mitigate attempts to exploit the UDP protocol. We also utilize UDP traffic control, watermark checks, and pattern matching, along with reflection amplification rules, to guard against reflection and amplification attacks that can overwhelm network resources.

Comprehensive Detection of
Diverse Attack Vectors

Our algorithms are designed to detect and mitigate a wide range of attack vectors, including SYN floods, ACK floods, UDP floods, ICMP floods, IGMP floods, HTTP/HTTPS floods, DNS attacks, LAND attacks, SIP floods, and attacks exploiting protocol anomalies such as protocol null and TCP flag misuse. We defend against DNS query and response floods, NTP amplification, SSDP amplification, SNMP amplification, and CHARGEN amplification floods.

By monitoring for private IP abnormalities, traffic anomalies, and utilizing auto-learning baselines, we can detect deviations from normal traffic patterns. Our systems assess regional or IP group inbound and outbound traffic abnormalities, enabling us to respond swiftly to localized threats. False source IP detection helps us identify and block spoofed IP addresses commonly used in DDoS attacks. Integration with Threat Intelligence feeds enhances our ability to proactively defend against emerging threats.

 
 

Programmable Protection Rules

Micron21’s platform supports programmable protection rules, allowing for customized mitigation strategies tailored to specific network environments. This flexibility enables us to adapt quickly to new attack methods and to fine-tune defenses based on the unique traffic patterns of each client.

Come see us for yourself.

Book a tour to our state-of-the-art Tier IV Data Centre

Book Now

Need Help?

Speak to one of our Australian-Based Team now

Call Now

Sign up for the Micron21 Newsletter

Facebook LinkedIn
close

Cart Items

Simple, transparent pricing from Australia's leading cloud provider