RedSpam is part of Ampito Group
Bookmark and Share

Methodology

MONITORING: Traffic monitoring is critical to identifying and mitigating attacks in their infancy. We collect traffic flow from our clients' internet-connected routers and traffic flow samples go into our correlation engine for threat detection, alerts, and reporting.

The frequency of packet sampling is tailored to customer size, type, and router performance. Packets are classified and analyzed by correlating a number of fields in the headers of sampled packets. Packets are then segmented into categories and correlated using advanced heuristics to profile normal versus anomalous traffic patterns.

Customer traffic is monitored by the redspam.net 24x7 security operations centre. Customer-specific alerts enable trained security experts to immediately identify nascent potential attacks. Additionally, customers can monitor their own traffic and alerts via a secure online portal.

THREAT DETECTION: Early detection mitigates attacks before they impact organisations. RedSpam uses both signature analysis and dynamic profiling for detection and is continually looking for new methods to identify and classify malicious activity.

Signature analysis, or misuse detection, looks for predefined deviations that are signs of a DDoS attack. RedSpam uses a combination of industry best practices and proprietary intelligence to identify these signatures. Since attacks are always evolving, lessons learned from mitigating them feed into ongoing research and development to identify new threat signatures.

Dynamic profiling enables RedSpam to understand customers' normal traffic patterns. Deviations from the established profile that exceed pre-defined thresholds automatically activate an alert, enabling the company to respond to new and one-of-a-kind attack profiles.

 

RedSpam DDoS Protection Emergency Telephone Number

MITIGATION: RedSpam establishes procedures with each customer to fit their service model. Mitigation encompasses off-ramping, filtering, and on-ramping. For time-critical protection, we work with customers during initial set-up and testing to ensure seamless implementation of all three components.

Off-ramping redirects Internet traffic destined for customer servers to RedSpam's cloud-based cleansing or scrubbing centres when a potential attack warrants redirection. The traffic reaches RedSpam first. Off-ramping methods include BGP announcements or changes to customer DNS records.

Filtering using a layered approach progressively enhances rule sets over time. Since blocking all traffic accomplishes the same goals as a DDoS attack, RedSpam ensures legitimate traffic reaches its intended destination. Over time, state-of-the-art filtering technology increases the level of filtering to progressively block more malicious traffic. Filters are applied at various layers of the OSI stack, including network and application layers.

On-ramping redirects traffic from RedSpam cleansing and scrubbing centre sites to customer networks. RedSpam network architects establish the best method for redirecting clean traffic back to the network, such as GRE tunnelling, establishing a VPN, or connecting directly to a site.

Reporting includes traffic summary reports, application reports, protocol reports and event reports.