Simwood launches DDoS Security solution

Simon Woodhead

Simon Woodhead

10th August 2011

As you may have read in the press, we have today launched our DDoS and Security service. If not, you can read the press release or see an overview on our website.

This marks the conclusion of many months work here, including our previously mentioned network upgrade. I wanted to take some time here to explain a little more about what we’ve done and why it is relevant to you as a VoIP provider.

DDoS is all over the news. Security intrusions are all over the news. We hear from customers who have fallen foul to a breach of some kind or other every single week and we ourselves are scanned, probed, or otherwise interfered with continuously nowadays. It is not getting better and to avoid substantial commercial loss we all need to successfully defeat every attempt. They need to succeed just once. I firmly believe there are only two types of business operating on the Internet – those who have been attacked/breached, and those who will be attacked/breached.

So, we set about looking for a solution but were unable to find one. Sure, we could spend telephone number sized amounts and have the service that has bailed out Visa or Mastercard but that simply didn’t make economic sense. We could also buy service from other providers but none were quite ‘there’ in terms of reliable infrastructure or technical merit – lets face it, we want the infrastructure backing ours to be as solid or more solid than our own. Finally, we could buy hardware off-the-shelf but there were multiple issues there as well.

Essentially we have combined many of the options above in our own unique way. We’ve combined hardware from multiple vendors – every one claims their’s is the only solution which can do ‘x’ or ‘y’ which lead us to conclude that none is suitable alone! We’ve expanded our own network capacity and resilience as well as subscribing to mitigation services from larger mitigation providers – re-insurance in case we ever need it. We’ve partnered with best of breed solutions such as ThreatSTOP and, as you might expect, used them in unconventional ways.

The result is a capability in our London site which combines DDoS mitigation, IPS and firewall. It transparently examines and cleans 100% of relevant traffic passing through, at wire-speed and in just 100 micro-seconds (yes ‘micro’, not ‘milli’!). It blocks traffic from (and to) invalid or disreputable sources which extends from a single malware-infected PC involved in attacks only today, right through to entire ISPs who have been bad for months. Traffic which is allowed through is monitored at every level and a continual behaviour pattern is formed. Traffic falling outside that pattern has the brakes put on before being totally blocked; this is the layer that takes the heat out of a DDoS attack. Finally, further DDoS related checks take place again, known vulnerabilities are checked for, protocol adherence is checked for (see below) and finally sophisticated firewall rules and protocol specific rate limits are applied.

Whilst protocol adherence applies for most protocols, it is particularly relevant for VoIP providers and is an important aspect of the defence we now have. Our system is comparing every packet to the RFCs and depending on the anomaly either dropping the traffic altogether or at least flagging it. Admittedly we’ve had to de-tune this slightly as not all customer equipment is alike and compliance varies greatly, but the majority of checks remain in place and do an amazing job. With SIP and RTP passing mostly over UDP and most DDoS/security equipment and services focussing on TCP, VoIP actually presents many issues to conventional solutions which we have had to overcome.

So what does this mean to you? In short we can put all of this in front of your own equipment or network. A key goal in developing our solution was making it accessible to all since we know that whilst some of our customers are huge, many are small. We’ve also tried to make it flexible as whilst some customers run their own networks and others are already on ours in some form, many use co-location or rented servers from other networks. We believe we have a solution that we can offer to cater for all these variables.

Pricing wise, we price based on the number of IP address blocks protected, the clean traffic volume and the dirty traffic protection desired. We can deliver this as an enhancement to our IP Transit, or in front of co-location/virtualisation/access solutions. Customers not presently on the Simwood network can still enjoy it in a number of ways – we can protect your equipment even if it is on another network elsewhere in the world.

Additionally, for those who do not wish to make the leap to our complete hosted protection, or wish to tweak it further, we can offer the ThreatSTOP solution to enable you to benefit from IP Reputation based blocking on your own firewall(s). We are the first European distributor for ThreatSTOP as well as a contributor of data from our own honeypots and darknets. Used this way the ThreatSTOP solution also enables you to block geographic areas so if you’re only doing business with the UK for example, blocking access from certain other countries may be desirable.

Our mission here is not to protect banks from those who they offend but more to offer protection for those caught in the cross-fire whilst also enabling our customers to do business with more confidence. Our own voice network has been sitting behind this protection for a while with amazing results. Very few networks have or can offer this protection and we firmly believe that if you are doing VoIP business, you need to be on or behind the Simwood network.

If you’ve got this far, thank you for reading! I hope this is of interest and we’d be delighted to hear from you to discuss how we can help.

Kind regards

Related posts