As the traffic from cyber-attacks keeps breaking records, the number of attacks has also become more frequent and the attack methods have become more and more diverse. Due to the interconnected nature of our IT infrastructure today, DDoS attacks are inevitable for both external business and internal enterprise applications. The damage caused by DDoS attacks blocks the server of the origin site, makes the real users inaccessible, and can cause additional issues in the future, such as the leakage of core business data, a sharp decline in the number of users, economic losses, and brand reputation.
Alibaba Cloud's various business entities, such as Tmall, Taobao, AutoNavi, Ant Financial, and Lazada, have accumulated rich experience in DDoS attack protection in their global operations and resisted an average of 2500 cloud DDoS attacks per day. *How does Alibaba Cloud defend the attacks?
As a self-use DDoS protection mechanism for various business entities of Alibaba Group, Alibaba Cloud has successfully defended against multiple malicious traffic attacks. It has been deployed in China, Japan, Malaysia, Singapore, India, Indonesia, Germany, the United Kingdom, and the United States to reduce business security risks. Fifteen DDoS Scrubbing Centers were built, with a total protection bandwidth exceeding 10 Tbps.
Utilizing the global DDoS protection network and Anycast and GSLB technologies, you can dispatch Alibaba Cloud to distribute global protection nodes, pull attack traffic to the nearest cleaning center automatically, clean and remove malicious traffic, and return the filtered normal traffic to the original server. Alleviate the load of cross-border network links and use global resources to resist large traffic attacks launched worldwide to improve overall protection capabilities
Alibaba Cloud Anti-DDoS is based on big data computing and machine learning. It builds an AI intelligent anti-DDoS system to realize automatic protection against complex resource-consuming DDoS attacks (CC attacks) by adjusting according to the attack conditions quickly and automatically. Then, it adjusts protection strategies to reduce the cost of safe operation and maintenance, so relevant personnel can face complex DDoS attacks and ensure the smooth operation of the business.
Compared to traditional DDoS attack security solutions, Alibaba Cloud Anti-DDoS has six advantages: easy deployment, high network quality, large protection capabilities, stable and available systems, and AI smart protection technology:
Two access methods are provided: DNS resolution and IP direct pointing to achieve access protection for website function variable names and business ports. There is no need to install any software or hardware or adjust the routing configuration, and the deployment and startup can be completed in five minutes.
Fifteen worldwide cleaning centers provide more than 10 Tbps+ bandwidth, effectively resisting all kinds of DDoS attacks based on the network layer, transport layer, and application layer.
It can identify attacking IP accurately and filter and clean automatically by aiming at network traffic-based attacks and resource-exhausted DDoS attacks through automatic optimization of protection algorithms and deep learning.
It supports flexible protection bandwidth adjustments. Users can upgrade it by themselves without adding any physical equipment or making business adjustments. There is no service interruption throughout the process.
The real origin server address is hidden through the reverse proxy access protection service, so the attacker cannot find the origin site address, thereby ensuring the origin site security.
The source station system is not limited to Alibaba Cloud. It can protect the local computer room and multi-cloud environment easily.
Alibaba Cloud Anti-DDoS does not need to be activated and configured for Alibaba Cloud users. As long as you have an Alibaba Cloud account, you can enjoy this basic protection scheme for free, with up to 5 Gbps of basic DDoS protection. Note: The free Anti-DDoS basic protection capabilities on the cloud may differ by region, ranging from 500M to 5G.
DDoS-native protection can load the defense capabilities directly into Alibaba Cloud ECS, SLB, WAF, and EIP without changing the IP. There are no restrictions on the number of four-layer ports and seven-layer functional variable names. It is easy to deploy. After purchase, you only need to bind the IP address of the cloud product that needs to be protected. It is suitable for users that need to protect multiple public IPs, service bandwidth greater than 1Gbps, QPS greater than 5000, and IPv6 access traffic.
The recommended package match for common situations is listed below:
In high-risk scenarios, such as game launches, promotional festivals, and online live broadcasts, users can expect attacks from malicious competition, such as DDoS attacks and blackmailing, leading to business unavailability. Anti-DDoS Premium can hide the source site address. Alibaba Cloud will provide unlimited cleaning resources regardless of the source site in the local computer room or other clouds, with no upper limit on protection, and leverage the global cleaning center resources to ensure full protection.
According to the frequency of attacks, it is divided into two plans:
In addition to defending against TB-level DDoS attacks, GameShield can solve CC attacks of the TCP protocol unique to the gaming industry with lower protection costs and better results!
Compared with traditional single-point DDoS defense solutions, GameShield Smart Scheduling diverts normal player traffic and hacker attack traffic to different nodes to minimize large traffic attacks. End-to-end encryption allows small traffic that simulates user behavior, and the attack cannot reach the client.
At the same time, in a traditional defense mechanism, hackers can lock the attack target IP easily. The smart scheduling and identification of GameShield can make users invisible and make hackers visible. Every attack will damage the hacker once, and the attacking equipment and puppets will no longer be available repeatedly, subverting the past situation of unequal DDoS offensive and defensive resources.
As mentioned above, Alibaba Cloud has established multiple cleaning centers worldwide. Businesses in Hong Kong, Macao, and Taiwan can use the Hong Kong cleaning center nearby to handle access traffic. In addition, specific regions provide high-quality dedicated lines based on demand. This reduces latency (Latency) by 20% compared to public networks, reduces cross-border public network packet loss rates (Packet Loss), and improves user access quality.
You can learn more about Alibaba Cloud Anti-DDoS Premium by visiting https://www.alibabacloud.com/help/doc-detail/153308.htm
Original content from Alibaba Cloud TC Content
Disclaimer: The views expressed herein are for reference only and don't necessarily represent the official views of Alibaba Cloud.
Alibaba Cloud New Products - June 10, 2020
Alibaba Clouder - March 22, 2021
Alibaba Clouder - March 25, 2021
Alibaba Clouder - November 8, 2018
Alibaba Clouder - November 28, 2018
Alibaba Clouder - January 12, 2021
A cloud-based security service that protects your data and application from DDoS attacksLearn More
A cloud firewall service utilizing big data capabilities to protect against web-based attacksLearn More
A comprehensive DDoS protection for enterprise to intelligently defend sophisticated DDoS attacks, reduce business loss risks, and mitigate potential security threats.Learn More
Explore Web Hosting solutions that can power your personal website or empower your online business.Learn More
More Posts by Alibaba Clouder