Akamai Prolexic and Equinix Cloud Exchange Bring DDoS Defense Closer to the Origin
In terms of cyberthreats and digital risk, 2020 has been all about distributed denial-of-service (DDoS) attacks. We've seen threat actors launch record breaking 1.44 Tbps and 809 Mpps attacks, cybercriminals conduct the largest global DDoS extortion campaign, and a significant uptick in cyberweek DDoS attacker activity aimed at disrupting digital commerce. Now, more than ever, organizations see DDoS as an insurance policy to keep internet-facing applications and services available -- it is today's cost of conducting digital business. As we head into the new year, many businesses are looking to DDoS mitigation experts to deploy defenses that help ensure business continuity, uptime, and a unified security experience across hybrid environments. Who do you want on your DDoS defensive line heading into 2021?
First-Round Picks for the DDoS Defense Team
In sports, the best offense is a good defense. With a similar mindset, Equinix and Akamai Prolexic teamed up to develop a cloud-based, interconnected DDoS detection and mitigation solution that helps businesses rapidly connect into the Prolexic global cloud-scrubbing DDoS platform via the Equinix Cloud Exchange. Organizations now have access to Prolexic's high-performance, purpose-built DDoS mitigation capabilities to keep internet-facing assets and infrastructure protected -- across all ports and protocols.
A recognized industry leader in DDoS mitigation, Akamai has always prioritized investment in the scale, capability, and managed service of Prolexic. And we have designed the Prolexic platform to be the most capable, resilient, and accessible DDoS platform available across the globe. In addition to expanding vertically and horizontally, we move and grow alongside our customers as they migrate applications and workloads to the cloud. It's no secret that the traditional concept of a data center origin has morphed, traffic volumes have exploded, and the need for efficient connectivity to a customer's origin across multiple locations has become the new norm.
With this in mind, Akamai has expanded accessibility to the Prolexic platform via Equinix, a global leader in data center and Layer 2 cloud fabric connectivity, to launch Akamai Prolexic Connect via Equinix Cloud Exchange, complementing our existing Generic Routing Encapsulation (GRE) and Connect offerings. The Equinix partnership could not have been better timed to meet market demands and the acceleration of digital transformation due to COVID-19. With the global pandemic, many organizations needed to quickly rethink growth and bandwidth usage models driven by the surge in remote workers as the world shifted to an all-digital reality. The ability for Akamai to provide added resilience, diversity, and virtually unlimited throughput via Prolexic Connect -- backed by our 100% availability service-level agreement (SLA) -- has met the needs of these challenging times.
A Closer Look Inside the Huddle
Using Equinix Cloud Exchange Fabric (ECX Fabric) software-defined interconnection, Akamai Prolexic offers direct and secure private connectivity to its cloud-based DDoS solution. Prolexic stops attacks with a scalable, cloud-based DDoS scrubbing platform to protect entire customer networks, including all of your enterprise applications, whether they are deployed in an on-premises data center, the public cloud, or a colocation facility such as Equinix.
The Prolexic Routed solution leverages the Border Gateway Protocol to route all network traffic through Akamai's globally distributed scrubbing centers. Within each scrubbing center, proactive mitigation controls remove all abnormal traffic instantly, while Akamai Security Operations Control Center (SOCC) staff inspects the remaining traffic, mitigates any and all detected attacks, and forwards only clean traffic to the application origin via ECX Fabric.
The Prolexic Connect via Equinix solution takes clean traffic routing off the internet and enables Equinix to deliver the traffic back to the customer origin over private VLANs. Redirecting production, disaster recovery, or QA traffic to origin Always-On within Akamai's zero-second and 100% availability SLAs is easier than ever before. Providing Akamai and Equinix customers with the ability to connect directly to the Prolexic platform via Equinix Cloud Exchange versus GRE tunnel connections eliminates the need for TCP MSS adjustments on your router. These adjustments can be CPU intensive and some applications have hardcoded MTU, and IP routing of attacks directly toward GRE endpoints can result in performance side effects, particularly at high bandwidth rates (multi-Gbps).
A Winning Defense Strategy
In the architecture shown below, an interconnected approach, where ECX Fabric returns cleaned/scrubbed data and workload traffic back to the customer, removes threats with greater efficiency and speed.
This interconnected solution also reduces the complexity and eliminates the overhead and bandwidth constraints associated with moving traffic through multiple GRE/IPsec tunnels. The capacity needed to effectively mitigate large-scale DDoS attacks far exceeds connected bandwidth that even most enterprise companies contract/purchase or deploy to run an enterprise. This means such limitations could be catastrophic for most companies under a major attack.
Prolexic's expanded connectivity with Equinix complements our already-available methods, including virtual GRE tunnels, GTT Layer 2 fabric, GRE tunnels via Amazon's BYOIP connectivity, and reverse proxy through Prolexic IP Protect, enabling protection of individual IP-based properties or IP subnet blocks smaller than a class C (/24). Our flexible connectivity options enable you to easily provision services and gain access to the Prolexic platform, regardless of where the origin(s) may reside. Optimizing the hybrid cloud playing field, we continue to expand our offerings to enable connectivity that best meets your security needs, regardless of origin location.
Do you feel confident in your DDoS defense? Learn more about Prolexic DDoS protection.
