DSL Provider Establishes First Line of Defense Against Evolving DDoS Attacks
About the Customer
This customer is a leading service provider in Canada. The company offers Internet connectivity and VoIP services to Canadian residential consumers and business customers. It is one of Canada’s most experienced digital phone service (VoIP) providers and it delivers leading-edge Internet and network services, award winning voice services, and cloud-based phone systems (Hosted PBX).
This service provider has been an Allot customer for almost a decade, having deployed Allot security solutions for inbound volumetric DDoS protection.
They originally approached Allot following a relatively large DDoS attack on their network. They could foresee the potential risk of scaled-up attacks and decided to use DDoS mitigation to ensure that its network and its customers are protected from attacks and to prevent any collateral damage to its users.
At the same time, it was important that the implementation of robust security did not adversely affect network performance or user experience. The challenge was to offer our customer value-added security features that would protect its network from DDoS attacks while assuring network services availability and consistent application QoE. Our customer needed a solution that was easy to integrate with its existing offering; one that could quickly identify inbound attacks, automatically mitigate those attacks, and provide protection with precision.
As time progressed, the solution needed to be seamlessly scalable and flexible, responsive to changing circumstances and new threats.
Initially, the customer deployed Allot high-performance DDoS detection sensors on its own servers and the Allot Service Gateway Omega (SG-Omega) platform that it implemented for service deployment, delivery, and management. The SG-Omega was subsequently upgraded to the next-generation Allot Service Gateway Sigma E platform, on which our customer was able to activate the Allot DDoS Secure license.
DDoS Secure provides high-speed real-time detection, reporting and mitigation of DDoS attacks from the Internet. It reinforces service continuity by ensuring that services are uninterrupted and there is no collateral damage to non-targeted users (aka, innocent bystanders). Users are completely unaware of a DDoS attack on the network because there is no degradation to the quality of their service delivery.
As our customer anticipated, the challenge from DDoS attacks has become increasingly sophisticated and varied over the years. Allot was able to seamlessly scale the solution with its latest DPI-based platform, Allot Service Gateway Tera, to expand DDoS protection across the customer’s national network. With Allot, the customer has the capability to deliver traffic management to ensure QoE, application control for QoS, and DDoS protection.
Allot’s solution is strategically deployed at a network level to provide robust security for the network. Allot DDoS Secure is activated within the Allot Service Gateway multiservice platform already deployed in the network. From its inline vantage point, Allot inspects 100% of the network traffic and provides the industry’s fastest and precise mitigation; Time to Mitigate < 60 seconds.
This service provider was the first Allot customer to deploy Allot DDoS Secure in North America. With Allot, it has been able to successfully mitigate attacks with increasing volumes year after year. Today, Allot helps this customer to mitigate a varied range of attacks including TCP (SYN) floods, UDP and HTTP floods, and NTP amplification.
Allot was chosen by this service provider for its ability to combine QoS with DDoS protection at a competitive price point with a solution that maintains subscriber quality of experience through an attack. By deploying Allot DDoS Secure within the Allot Service Gateway, the customer has been able to:
- Protect subscribers from the largest volumetric DDoS attacks
- Mitigate and avoid risk to the network and services
- Address the changing nature of security challenges
The operator can confidently provide reliable access and protection for all users, and a consistently high QoE across its networks.