Home / Industry

Faster DDoS Mitigation - Introducing Verisign OpenHybrid Customer Activated Mitigation

In the recently published Forrester WAVE: DDoS Service Providers, Q3 2015 report (in which Verisign was identified as a leader), Forrester notes the importance of a hybrid approach to distributed denial of service (DDoS) protection. Specifically, the report highlights the pros and cons of on-premise and cloud-based DDoS protection solutions, and advocates for a hybrid solution that incorporates elements of both; specifically the speed to mitigation of on-premise with the scrubbing capacity of cloud-based.

We couldn’t agree more. That’s why in early 2015, Verisign announced the availability of the Verisign OpenHybrid™ architecture, an API-centric and automated approach to DDoS protection. This groundbreaking approach gives organizations increased awareness of attacks and improved ability to mitigate them across on-premise devices and in public and private cloud environments.

And today, I am pleased to announce the availability of Verisign OpenHybrid™ Customer Activated Mitigation, an important update to the Verisign OpenHybrid™ architecture that gives customers even more control of their DDoS protection strategy while greatly reducing the time to mitigate attacks.

Customer Activated Mitigation enables an organization to initiate or cease immediate DDoS mitigation across Verisign’s global network of scrubbing centers via Border Gateway Protocol (BGP) routing without having to contact Verisign for manual intervention.

How does it work?

In two minutes or less, the following steps are taken to mitigate DDoS attacks:

  1. A customer experiencing a DDoS attack announces the IP prefix needing protection via preconfigured BGP sessions with Verisign using special community strings.
  2. A BGP listener on Verisign’s network edge triggers a mitigation as soon as it receives the announcement sent over a pre-configured Generic Routing Encapsulation (GRE) tunnel between the customer router and the Verisign network.
  3. Once the IP prefix is received, Verisign advertises the learned prefix to upstream service providers and peers so that all traffic covered by the IP prefix goes to Verisign DDoS Protection Services scrubbing centers.
  4. A pre-defined set of mitigation templates and countermeasures are automatically applied and Verisign Technical Support Services are alerted so that they can monitor and optimize the mitigation to ensure clean traffic is forwarded back to the customer’s network via dedicated cross-connects, or GRE tunnels.

While mitigation is taking place, customers can view event details, traffic graphs and associated alerts on the Verisign DDoS Customer Portal.

Verisign Openhybrid™ Customer Activated Mitigation – The customer-activated mitigation traffic redirection technique is particularly well suited to work with Verisign’s DDoS Protection Services because of Verisign’s global network and robust peering. Verisign’s network is architected to provide for optimal convergence times when advertising customer IP address space to ingest and mitigate traffic faster.

As an integral component of the full Verisign OpenHybrid™ architecture, Customer Activated Mitigation gives organizations the ability to quickly and effectively defend against DDoS attacks, delivering:

  1. Reduced time to mitigation
  2. Increased control over initiating and stopping DDoS mitigations
  3. Immediate operational support from Verisign’s experts.

If you are interested in learning more about Verisign OpenHybrid™ Customer Activated Mitigation, read the overview or request a consultation with an expert.

By Verisign, A Global Provider of Domain Name Registry Services and Internet Infrastructure

Verisign, a global provider of domain name registry services and internet infrastructure, enables internet navigation for many of the world’s most recognized domain names. Verisign enables the security, stability, and resiliency of key internet infrastructure and services, including providing root zone maintainer services, operating two of the 13 global internet root servers, and providing registration services and authoritative resolution for the .com and .net top-level domains, which support the majority of global e-commerce. To learn more about what it means to be Powered by Verisign, please visit Verisign.com.

Visit Page

Filed Under


Commenting is not available in this channel entry.
CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet




Sponsored byVerisign

Threat Intelligence

Sponsored byWhoisXML API

Domain Names

Sponsored byVerisign

New TLDs

Sponsored byRadix

IPv4 Markets

Sponsored byIPv4.Global

Brand Protection

Sponsored byCSC