PROS / When a DDoS attack is detected, Verisign works with you to redirect traffic to its scrubbing centers, blocking malicious traffic and allowing legitimate visitors to your site without interruption.
CONS / The website does not offer live chat.
VERDICT / Verisign’s portal allows for significant self-service compared to other DDoS services on our lineup. You can run detailed reports, upload whitelists and blacklists, create escalation plans and more.
Verisign is among the best DDoS protection services we reviewed. If you want to be involved in the mitigation process, this service works with you to create a customer service model, and its online portal allows you to monitor traffic and attack reports, among other things.
When a threat is detected, both Verisign’s security operations center and your online portal receive an alert. Using signature analysis and dynamic profiling, Verisign confirms whether there is indeed a threat. With signature analysis, the DDoS service looks for deviations that are known to be part of DDoS attacks. Dynamic profiling monitors and analyzes traffic patterns so that when traffic spikes, the system automatically sends out alerts.
If a real threat is identified, Verisign redirects your traffic either through border gateway protocol (BGP) announcements or changes to DNS records. When you set up your service, you can choose whether to redirect attacks using either DNS or BGP traffic. The redirection happens in the cloud, sending attack traffic to Verisign before it overwhelms your network. Verisign then monitors and analyzes traffic pattern data while the security team scrubs redirected traffic using mitigation technologies. The service has five scrubbing centers. With a network capacity of 1.7TB and growing, Verisign can surmount large-scale DDoS attacks.
To better protect you against DDoS attacks, Verisign developed their own mitigation platform, Athena. This platform has three main components: the shield, proxy and load balancer. The shield handles Layer-3 and Layer-4 attacks by applying mitigation techniques like IP reputation lists, deep packet inspection and blacklisting and whitelisting. The second part, the proxy, stands in for your server during the initial stages of a transaction. Verisign inspects and filters HTTP- and HTTPS-level content, identifying anomalies in the header values and blocking bad traffic. Once bad requests are dropped, legitimate traffic is sent back to protected servers. The load balancer, the last component of the platform, filters requests before they can even touch the transaction services. This helps the proxy, shield and other Verisign applications focus on complex application-level attacks. The load balancer also handles health checks and communication with its routers so that Verisign can quickly remove points of failure.
While Verisign DDoS Protection Service can be used primarily on the cloud, Verisign’s OpenHybrid allows you to deploy on-premises. Likewise, you can select either always-on or on-demand protection. Verisign manages the service using the cloud. As a client, you have access to a secure online customer portal that displays detailed reports and analysis. The portal allows for self-service where you can run detailed reports, upload whitelists and blacklists, create escalation plans and more.
Verisign’s security operation centers have analysts that monitor threats 24 hours a day, seven days a week, every day of the year. With a dedicated support manager, you can contact them with questions and concerns. Customer service is available around the clock as well via phone and email. The service does not feature a live chat option for its DDoS protection.
Verisign’s DDoS Protection Service can effectively protect you against the most sophisticated DDoS attacks. With its own mitigation platform, the service employs techniques to thwart attacks before they ever reach your server. Verisign works with you to create a customized strategy that fits your company and your site and keeps you up to date and involved.