Verisign provides Internet infrastructure services and was founded in 1995. Its initial focus was on domain names and operating two of the Internet’s thirteen root nameservers; however, it also offers in-depth cyber security services. This includes DDoS protection, which Business.com rates as “among the best DDoS protection services”.
Verisign has an in-depth online portal, which allows its clients to monitor traffic and attack reports, and see how DDoS detection and mitigation are functioning. Its significant self-service offerings allow you to create detailed reports, upload whitelists and blacklists, determine escalation plans, and so on. You can select always-on protection or on-demand services.
Your online portal will always receive an alert when a threat is detected, as will the Verisign security operations center. The next step is the use of signature analysis and dynamic profiling, via which Verisign determines whether the threat is indeed real. Signature analysis entails looking for anomalies that are known to be part of DDoS attacks; dynamic profiling, meanwhile, observes and analyzes traffic patterns. When traffic spikes, the system sends out an automatic alert.
If the threat is deemed to be real, Verisign will redirect your site traffic either via border gateway protocol (BGP) announcements or changes to DNS records; depending on what you selected on sign-up. Sending the attack traffic to Verisign allows its security team to scrub redirected traffic using mitigation technologies in one of its five scrubbing centers.
According to business.com, Verisign’s capacity is only 1.7TB, which given the recent scale of memcached attacks is not large enough for the terabit era we have now entered; however, the company is clearly growing its network capacity and for many businesses, particularly in the SMB space, this will be plenty.
Verisign also has its own mitigation platform, Athena, which protects against different types of attack at the network and application layer. It specializes in mitigating Layer-7 and SSL-based attacks. Also because of its roots and specialty in hosting, Athena is Custom built to defend critical Internet infrastructure such as .com, .net, and the A and J Root servers, allowing it to provide rapid mitigation of zero day attacks.
Athena has three key components: the shield, proxy and load balancer. The shield protects against Layer-3 and Layer-4 attacks by applying mitigation techniques such as deep packet inspection and blacklisting and whitelisting. The proxy, meanwhile, stands in for the client’s server during the beginning stages of a transaction. Verisign inspects and filters HTTP- and HTTPS-level content, detecting anomalies in the header values and blocking malevolent traffic. As bad requests are dropped, legitimate traffic is sent back to protected servers. The load balancer, the platform’s third component, filters requests before they reach transaction services. This helps the proxy, shield and other Verisign applications concentrate on sophisticated application-level attacks. Additionally, the load balancer handles health checks and communication with the platform’s routers so that Verisign can rapidly eliminate points of failure.
Verisign’s DDoS Protection Service is designed mainly for the cloud; however, Verisign also offers OpenHybrid, which can be deployed on-premises.
The company has a 24/7 support staff who work in its security operation centers around the clock. Customer service is available over the phone and via email.