Neustar provides information services and analytics to marketers and other industries drawing on big-data analysis. As part of their portfolio of solutions, Neustar also offers DDoS protection. The company’s SiteProtect NG offers a massive 10TBP of protection, a significant amount in the new era of terabit DDoS attacks. If one of its global data centers becomes compromised, other data centers can step in to pick up traffic and continue to mitigate attacks, helping create a low level of risk for its 11,000 customers worldwide.
They offer three different kinds of protection: cloud-based, on-premises and hybrid.
Cloud-based DDoS protection utilizes Neustar’s large global network and scrubbing capacity. When a client is hit by a DDoS attack, Neustar redirects its traffic through the SiteProtect NG cloud, usually via a DNS change. Neustar’s Security Operations Center (NSOC) then filter out the malevolent traffic and let the legitimate traffic pass through to your site. Once the attack is over, the client just needs to switch their DNS records back to the original IPs.
On-premise DDoS protection involves the use of Arbor Networks hardware and on-site services, an industry specialist in DDoS and advanced threat protection. This solution is always-on, offering 24/7 monitoring and mitigation of attacks by the Neustar SOC; and is a good option for companies facing significant security challenges, or for whom downtime is a serious business concern. To do this, Neustar uses the Pravail Protection Availability System from Arbor, which comes in various sizes, from 500 Mbps to 10 Gbps of inspected throughput. The Pravail equipment is designed to immediately stop application layer 4-7 attacks. If you are nearing the mitigation threshold of your account, then on approval, Neustar will manage failover to its SiteProtect NG cloud for an additional fee. This helps mitigate against the largest volumetric attacks. When an attack is over, Neustar will provide a report summarizing what happened and the responses it took to prevent the threat toppling your infrastructure.
Its third option is a Hybrid DDoS Protection, which the company describes as “the best of both worlds: on-premise hardware to stop smaller attacks instantly, plus the Neustar SiteProtect NG cloud when attack volume and complexity explode”. The company claims it offers “the largest and most effective hybrid platform solution”. You can choose with Hybrid between always-on or on-demand DDoS protection as needed. Hybrid essentially offers both on-premises DDoS hardware in addition to its cloud-based mitigation and access to its senior-level security expects in the Neustar SOC. It is a fully managed service, including remote management of the Arbor hardware, allowing you to “commit resources to higher priorities”. The service charges more for unlimited DDoS protection; however, its 24/7 monitoring of volumetric, protocol and application layer attacks may well be worth it.
Neustar does not include content delivery network methods or caching to optimize web content to end users; rather, it draws on web proxies for quick, reliable data analysis and routing. Neither does Neustar have a centralized management dashboard. There is an online portal, but it only offers limited insights into activity surrounding DDoS identification and mitigation.
The company does offer constant monitoring and promises mitigation starting between 5-15 minutes of threat detection, in addition to offering a 99.99% platform availability guarantee.
Neustar was recently acquired by San Francisco-based Golden Gate Capital. Neustar’s president and CEO Lisa Hook is continuing to run the company, and a news release announcing the deal said the transaction would not change Neustar’s business model or strategy.