• 04.12.13

The DDoS Protection Squad

When companies find themselves targeted by hacktivists or organized crime taking them offline, they give Prolexic a call.

The DDoS Protection Squad

Distributed denial of service (DDoS) attacks are a fact of life for most large companies, government agencies, and anyone unlucky enough to be targeted by cybercriminals or hactivists. The attacks, which take companies off the Internet by flooding servers with fake outside connections, require no real technical skills to pull off–just multiple users or a botnet to coordinate attacks. Scripts and programs such as Anonymous’ Low Orbit Ion Cannon mean that anyone can successfully attack an unprotected server. There is a thriving industry of companies offering DDoS protecting and mitigation; Florida-based Prolexic is one of the largest. When customers fear attack by Anonymous or extortionists, Prolexic are the on-call experts–but their services are expensive.


“Lots of very large attacks happen with huge numbers of packets sent per second,” Prolexic CEO Scott Hammack told Fast Company. “The attack vectors are way out there.” These large attacks can be launched by criminals, activist organizations such as Anonymous, or even by nation-states. The problem for ordinary companies is that beyond ordinary criminals, hactivists can target them as part of larger, international conflicts.

Prolexic, which claims to offer DDoS protection, risk mitigation, and intelligence services to half of the world’s top 50 banks, got its start in the gaming world. Founder Barrett Lyon started the company in 2003 to capitalize on casino sites and pay-gaming sites which experienced crippling cyberattacks from extortion-seeking cybercriminals. In a 2005 Wired article, journalist Michael Myser explained that Eastern European gangs often targeted gambling sites. Because online gambling sites frequently host servers in one country while serving customers in another country with all information being hosted in the cloud, they serve as a perfect target for DDoS attacks.

Since the early 2000s, the demand for the kind of services Prolexic offers has expanded exponentially. The rise of e-commerce and online banking was accompanied by a massive rise in telecommuting and online communication within huge multinational corporations. In 2003, servers at large companies being knocked offline was annoying; in 2013, they can cause the loss of hundreds of millions of dollars in profits or manpower hours.

One of the biggest problems is that DDoS attacks can happen to companies that barely expect it for geopolitical reasons. Over the past few years, there have been a slew of DoS attacks aimed at companies based squarely on their national origin. Anonymous-affiliated hackers recently attacked Israeli civilian and business websites as part of their #opisrael, and South Korean banks recently suffered a devastating cyberattack that included a DDoS component.

The main product offered by Prolexic is a cloud-based DDoS monitoring service which includes hardware, software, and human intelligence components. Engineers working with Prolexic monitor bandwidth anomalies for subscribers and immediately launch responses to bring servers and domains back online. Other monitoring services sold as add-ons track minute router activity and traffic for traces of botnet activity.

However, Prolexic’s services don’t come cheap. Although the company declined to disclose pricing, telling Fast Company that fees were dependent on client requirements, costs are substantial for small- and medium-sized businesses. A Slashdot user said in 2012 that the company quoted them for a minimum of $3,000 a month, and in 2011 a customer said they cost $7,000 monthly for 10Mbps clean traffic, along with a $7,500 setup fee. While these prices may be expensive, they’re frequently cheaper in the long run for companies facing extortion from criminal organizations–companies fearing cyberattack from ideologically motivated hacktivists, however, are another matter.


Hammack told Fast Company that the sophistication of attacks has been increasing greatly in recent months. “DDoS attacks are becoming a major concern for businesses because their increasing size and sophistication means they can no longer be mitigated in-house and there is a higher risk of extended downtime.  Over the last six months, attack sizes have ramped up considerably, in many cases to over 50 Gbps, so now we are seeing concern spread to ISPs, carriers, content delivery networks and even other mitigation providers,” Hammack said. “Just last week Prolexic mitigated a DDoS attack that peaked at 160 Gbps and 120 million packets-per-second.  These numbers would have been unheard of just 12 months ago.”

When Prolexic’s customers do come under attack, the company attempts to get them back on the Internet as quickly as possible. Proprietary routing services, traffic redirects, and traffic proxies are initiated in order to guarantee users access to sites. The specific method used depends on a client company’s size and who is attacking–depending on whether attacks come from criminals, activists, or disgruntled employees, they vary widely in effectiveness and strength.

Part of what Prolexic’s business plan involves running “scrubbing centers” around the world. Scrubbing centers are systems located at hubs of the real, physical Internet–the Internet backbone of data centers, fiber optics, and international cables which physically transport information from one place to another. Prolexic operates scrubbing centers in San Jose, Frankfurt, Hong Kong, and other places where–as Hammack puts it–the Internet “physically converges.” The scrubbing centers can mitigate, the company claims, large DDoS attacks for multiple clients simultaneously. By placing these centers at strategic points for the physical Internet, Prolexic is able to gain valuable time in deflecting attacks for clients.

However, Prolexic isn’t the only company working in the DoS mitigation field. Their largest competitor is Virginia-based Verisign. While Prolexic works primarily to prevent and track DDoS attacks, Verisign is a much larger domain services company that also offers domain registration and non-security-related products. A smaller company, Black Lotus, also offers DDoS mitigation services. Another company, Cloudflare, offers similar services to large businesses although their bread and butter are small- and medium-sized businesses.

[Top Image: Flickr user Jeff McNeill / Bottom Image: Flickr user Jemimus]