In terms of cyberthreats and digital risk, 2020 has been all about DDoS attacks. We've seen threat actors launch record breaking 1.44 Tbps and 809 Mpps attacks, cybercriminals conduct the largest global DDoS extortion campaign, and a significant uptick in cyberweek DDoS attacker activity aimed at disrupting digital commerce. Now, more than ever, organizations see DDoS as an insurance policy to keep internet-facing applications and services available -- it is today's cost of conducting digital business. As we head into the new year, many businesses are looking to DDoS mitigation experts to deploy defenses that help ensure business continuity, uptime, and a unified security experience across hybrid environments. The biggest question to consider: Who do you want on your DDoS defensive line heading into 2021?
First-Round Picks for the High-Performance DDoS Defense Team
In sports, the best offense is a good defense. With a similar mindset, Equinix and Akamai Prolexic teamed up to develop a cloud-based, interconnected DDoS detection and mitigation solution that helps businesses rapidly connect into the Prolexic global cloud-scrubbing DDoS platform via the Equinix Cloud Exchange. Organizations now have access to Prolexic's high-performance, purpose-built DDoS mitigation capabilities to keep internet-facing assets and infrastructure protected -- across all ports and protocols.
As a recognized industry leader in DDoS mitigation, Akamai has always put scale, capability, and the white-glove-managed service components of the Prolexic service as top investment priorities. And we have designed the Prolexic platform to be the most capable, resilient, and accessible DDoS platform available across the globe. However, in addition to growing vertically and horizontally, we have listened to our customers as they ask us to move and grow alongside them as they migrate applications and workloads to the cloud. It's no secret that the traditional concept of a data center origin has morphed, traffic volumes have exploded, and the need for efficient connectivity to a customer's origin across multiple locations has become the new norm.
With this in mind, Akamai has expanded accessibility to the Prolexic platform via Equinix, a global leader in data center and Layer 2 cloud fabric connectivity, to launch Akamai Prolexic Connect via Equinix Cloud Exchange, complementing our existing GRE and Connect offerings. The Equinix partnership could not have been better timed to meet market demands and the acceleration of digital transformation due to COVID-19. As a result, many organizations needed to quickly rethink growth and bandwidth usage models driven by the surge in remote workers as the world shifted to an all-digital reality. The ability for Akamai to provide added resilience, diversity, and virtually unlimited throughput via Prolexic Connect -- backed by our 100% availability SLA -- has met the needs of customers challenged by the times.
A Closer Look Inside the Huddle
Using Equinix Cloud Exchange Fabric (ECX Fabric) software-defined interconnection, Akamai Prolexic offers direct and secure private connectivity to its cloud-based DDoS solution for its customers. Prolexic stops attacks with a scalable, cloud-based DDoS scrubbing platform to protect entire customer networks, including all of their enterprise applications, whether they are deployed in an on-premises data center, the public cloud, or a colocation facility such as Equinix.
The Prolexic Routed solution leverages the Border Gateway Protocol to route all network traffic through Akamai's globally distributed scrubbing centers. Within each scrubbing center, proactive mitigation controls remove all abnormal traffic instantly, while Akamai Security Operations Control Center staff inspects the remaining traffic, mitigates any and all detected attacks, and forwards only clean traffic to the application origin via ECX Fabric.
The Prolexic Connect via Equinix solution takes clean traffic routing off the internet and enables Equinix to deliver the traffic back to the customer origin over private VLANs. Redirecting production, disaster recovery, or QA traffic to origin Always-On within Akamai's zero-second and 100% availability SLAs is easier than ever before. Providing Akamai and Equinix customers with the ability to connect directly to the Prolexic platform via Equinix Cloud Exchange versus GRE tunnel connections eliminates the need for TCP MSS adjustments on the customer router. These adjustments can be CPU intensive and some applications have hardcoded MTU, and IP routing of attacks directly toward GRE endpoints can result in performance side effects, particularly at high bandwidth rates (multi-Gbps).
A Winning Defense Strategy
In the architecture shown below, an interconnected approach, where ECX Fabric returns cleaned/scrubbed data and workload traffic back to the customer, removes threats with greater efficiency and speed.
This interconnected solution also reduces the complexity and eliminates the overhead and bandwidth constraints associated with moving traffic through multiple Generic Routing Encapsulation (GRE)/IPsec tunnels. The capacity needed to effectively mitigate large-scale DDoS attacks far exceeds connected bandwidth that even most enterprise companies contract/purchase or deploy to run an enterprise. This means such limitations could be catastrophic for most companies under a major attack.
Prolexic's expanded connectivity with Equinix complements our already-available methods, including virtual GRE tunnels, GTT Layer 2 fabric, GRE tunnels via Amazon's BYOIP connectivity, and reverse proxy through Prolexic IP Protect, enabling protection of individual IP-based properties or IP subnet blocks smaller than a class C (/24). Our flexible connectivity options enable customers to easily provision services and gain access to the Prolexic platform, regardless of where their origin(s) may reside. Optimizing the hybrid cloud playing field, we continue to expand our offerings to enable connectivity that best meets customers' security needs, wherever their origins may be located.
Do you feel confident in your DDoS defense starting lineup?