London firm offers fixed-price cloud DDoS protection

One company has launched a fixed-price cloud DDoS-protection service for mitigating the ever-present threat of DDoS attacks.

A London-based company has launched a new cloud-based service promising to protect companies from distributed denial-of-service (DDoS) attacks for a fixed-price subscription, regardless of the size or length of the attacks.

Adversor, based in London, is the brainchild of a team of security professionals from the financial services industry. The startup has financial backing from Meridian Growth Capital LLP, a venture capital fund.

It (a DDoS attack) has become a new form of vandalism.

Paul Dwyer

Adversor CTO Dave Lane said the company has been in operation for 11 months, and is focusing exclusively on DDoS mitigation. “We are drawing on our own experience of using DDoS mitigation vendors and the ISPs. A lot of the current solutions tend to be reactive to attacks,” he said. “When I was working for banks, we tried dealing with the problem ourselves by buying more bandwidth or more boxes, or by going to the ISP to get them to deal with it, or the DDoS vendors. It wasn’t a great experience.”

Adversor’s cloud DDoS protection offering runs on a number of Peakflow SP appliances from security vendor Arbor Networks Inc., but adds some of its own patent-pending technology to ensure "good" traffic is not blocked. “Adversor builds a model of what is deemed to be normal traffic, so it can spot any deviation from the norm,” Lane said. “Instead of identifying the bad, we try to identify the good and let it through. We take the customer’s current firewall policies and IDS policies and apply them in the cloud, and then dynamically apply rules by monitoring the customers’ existing infrastructure. We are constantly learning.”

Lane explained that the system learns which customers tend to send traffic on a regular basis, and allows these requests to still come in during an attack. “We list the top customers for yesterday or last week, or the countries they came from, and we can build a profile” for them, he said. “So when an attack starts, we can let in customers that came in yesterday, for instance, but run dynamic mitigation challenges against those who didn’t come in yesterday but who want to get to the website today.”

The company currently offers a 20 Gbps mitigation capability through two separate data centres in London, and can provide service within minutes if necessary using DNS or Border Gateway Protocol (BGP) rerouting, Lane said. “We do not need to access your security certificates, your hardware is unaffected and you don’t have to worry about the cost, complexity or risks of integrating new hardware into your systems,” he said.

DDoS attacks have long been used by attackers to blackmail online organisations – notably gaming companies – for financial gain, but the rise of hacktivism, with groups such as Anonymous and LulzSec, has seen the technique being more widely used for political and ideological purposes to shut down, or merely embarrass, targets.Figures from the Kaspersky Lab Securelist blog showed that in the second quarter of 2011, the longest DDoS attack lasted 60 days, 1 hour, 21 minutes and 9 seconds, and the highest number of DDoS attacks made against a single site in the second quarter of 2011 was 218.

“It has become a new form of vandalism,” said Dublin-based cybersecurity consultant Paul Dwyer, who currently advises Eircom, the Irish telecommunications company, on security and cyberthreats.

Dwyer said he has used the Adversor service and likes that the company specialises in DDoS and nothing else, and that it has a UK-based helpdesk. “I tried using Adversor with clients who were under attack, and the service worked,” he said.

Dwyer said while a lot of companies, including ISPs, claim to be able to control DDoS attacks, they are ill-suited to react fast when needed in an emergency. “They’ll say they have guys on standby who can filter ports, give you more bandwidth, redirect your traffic or do content delivery management. But if you need real mitigation, you don’t want to be sitting around a table having a conference call deciding what’s the next best thing to do. You want to have the equipment and expertise to fix it there and then,” he said.

Dwyer also criticised some companies for their charging policies. “Some big DDoS-mitigation companies seem to be very expensive and arrogant to deal with. When you scrutinise their SLA, you find they charge by the size and length of the attack.”

With DDoS attacks becoming larger and lasting longer, having a fixed price DDoS mitigation service is appealing to his clients, Dwyer said. 

However, using a cloud-based service is not without its own problems, said Clive Longbottom, senior analyst at Windsor-based research company Quocirca.

“The big question with a cloud-based DDoS solution is how much bandwidth [cloud providers] have,” Longbottom said. “If they were battling multiple DDoS attacks at any one time, I’m not sure how they would manage the bandwidth into and out of their environment to guarantee response times for their customers. My worry would be how scalable they are.”

Adversor said in order to cope with the extra growth, it plans to add new scrubbing centres in the US and the Far East in 2012 to supplement its two London-based centres.

Read more on Network security management