Enterprise DDoS Attack Protection

Under DDoS Attack?
DDoS Attacks recorded per day worldwide
Can buy a Week long DDoS Attack on the Dark Web
Of Downtime Incidents are attributed to DDoS Attacks
Largest Recorded DDoS Attack - February 2020
Average DDoS Attack Duration

vXtream DDoS Mitigation

vXtream’s network is protected by advanced DDoS Mitigation. All our Elastic Compute customers have standard DDoS protection included with their packages. A managed Enterprise-level Mitigation service with pricing based on volumes of ‘Clean-Return traffic’ is an option available to all customers.

Standard DDoS Protection

vXtream’s network is DDoS protected. All Elastic Compute customers have basic DDoS Protection included with their services. Enterprise-level DDoS Mitigation is available to all customers as an option.

On-Demand Enterprise DDoS Mitigation

On-Demand Re-route & Scrub with proactive or auto-mitigation controls with around-the-clock support backed by eight global Security Operation Centres (SOCs) across North America, Latin America, Asia-Pacific and Europe

Always-On Enterprise DDoS Mitigation

Rest easier. With around-the-clock monitoring and mitigation of your network services, you can worry less and work more.

What is a DDoS Attack?

A Distributed Denial of Service (DDoS) attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources. They target a wide variety of important resources, from banks to news websites, and present a major challenge to making sure people can publish and access important information.

The stakes are higher. Time to raise your game.

Your business is riding on the availability and integrity of your website and online services. The next Distributed Denial of Service (DDoS) attack could wreak financial havoc, compromise your customers and damage your reputation.

Unfortunately, DDoS attacks are increasing in scale, frequency and sophistication. And alarmingly, they’re easier than ever to execute. These days, anyone with an internet connection and a grievance can launch a DDoS attack for as little as $5.00.

What’s worse, everyone’s fair game. Not just the big banks, government or e-commerce sites. From FTSE 100 Companies to emerging growth companies, no organization is too insignificant to be the target of a criminal or “hacktivist” attack.

Types of Attacks

DDoS attacks come in many different forms, from Smurfs to Teardrops, to Pings of Death. These are the types of attacks and amplification methods:

Attack Class: Four common categories of attacks

TCP Connection Attacks - Occupying connections

These attempt to use up all the available connections to infrastructure devices such as load-balancers, firewalls and application servers. Even devices capable of maintaining state on millions of connections can be taken down by these attacks.

Fragmentation Attacks - Pieces of packets

These send a flood of TCP or UDP fragments to a victim, overwhelming the victim’s ability to re-assemble the streams and severely reducing performance.

Application Attacks - Targeting Applications

These attempt to overwhelm a specific aspect of an application or service and can be effective even with very few attacking machines generating a low traffic rate (making them difficult to detect and mitigate).


Volumetric Attacks - Using up bandwidth

These attempt to consume the bandwidth either within the target network/service, or between the target network/service and the rest of the Internet. These attacks are simply about causing congestion.


Amplification: Two ways attacks can multiply traffic they can send

DNS Reflection - Small request, big reply

By forging a victim’s IP address, an attacker can send small requests to a DNS server and ask it to send the victim a large reply. This allows the attacker to have every request from its botnet amplified as much as 70x in size, making it much easier to overwhelm the target.



Chargen Reflection - Steady streams of text

Most computers and internet connected printers support an outdated testing service called Chargen, which allows someone to ask a device to reply with a stream of random characters. Chargen can be used as a means for amplifying attacks similar to DNS attacks above




vXtream Enterprise DDoS Mitigation Key Features

Protection on any Connection

We can re-route and scrub all internet connections, regardless of carrier, our Carrier-agnostic protection supports vXtream or third-party connections for IPv4 and IPv6 traffic with options for IP VPN Direct and GRE clean traffic return.

85+ Tbps of attack Ingestion capacity

15 global scrubbing centres leveraging 85+ Tbps of FlowSpec-based defence capacity integrated into one of the largest global internet backbones.




24/7 Monitoring and Support

vXtream DDoS Mitigation monitors your edge devices directly, providing early detection and notification of attack backed by 24/7 support and eight global Security Operations Centres (SOCs) across Europe, North America, Latin America, and Asia-Pacific.

10-minute time-to-mitigate

Up to 10-minute time-to-mitigate SLAs for most attacks after traffic hits scrubbing centres.



Rapid Threat Defense

Automatic detection and response with Rapid Threat Defense stops DDoS bot traffic at the network level. Rapid Threat Defense countermeasures are updated by Black Lotus Labs every 15 minutes.



Global scrubbing centres

Customer traffic on-boarded at closest scrubbing centre or at hundreds of partner internet service or IP VPN points of presence (POP) globally


Speak to our DDoS Mitigation Experts