TopDefense®
Increase the availability of your IT systems while also protecting your company from volume-based attacks with DDoS Protection
The (working) world is digital. More than ever, companies today are dependent on IT system availability in order to remain competitive. Unfortunately, as our dependence on online services increases, so does the risk of becoming a victim of cyberattacks. Distributed Denial of Service Attacks (DDoS) aim to flood your servers with data, causing them to timeout and thereby take your business offline.
The result: financial losses, damage to reputation, business interruptions and violations of compliance regulations.
Comprehensive DDoS protection solutions are therefore essential to every company’s cyber security strategy.
TopDefense® is a multi-level defense solution that protects the entire customer infrastructure in the conova data centers – managed by conova. Attacks are blocked before they reach the network, thus ensuring system availability. This security solution is also georedundant and available at all conova locations. We recommend TopDefense® to all TopHousing, TopCloud or Managed Services customers.
Advantages
- Maximum protection against attacks to business-critical applications such as web services and VPN endpoints
- TopDefense® Basic is free to all conova customers
- Offers active protective measures such as blackholing, filter listing, rate limits
- Fully automatic analysis and defense against anomalies in the scrubbing nodes using defined filter criteria
- 24/7 operation and support by certified conova specialists
- No costly investments in your own infrastructure required
TopDefense® DDoS prevention service comes in three product variants.
The basic level is available to all conova customers free of charge. In the basic version, all data traffic is dropped in the event of an attack. In contrast, the data stream is cleaned using certain filter criteria in the advanced and professional versions. These indicators determine which services (VPN, remote desktop, E-mail, etc.) are permitted and may be delivered to the customer infrastructure.
The prerequisite for using TopDefense® is one or more IP addresses from the conova AS (Autonomous System) or provider-independent (PI) network blocks that use conova as an upstream provider.
| TopDefense® | Basic | Advanced | Professional |
| Clean Traffic inbound (average) | — | 10 Mbit/s | 100 Mbit/s |
| Traffic outbound | unlimited | unlimited | unlimited |
| Attack Traffic (max) | — | 200 Gbit/s | 400 Gbit/s |
| Protected Objects/Net blocks | — | 1 | 3 1) |
| Defense policy | Blackholing | Predefined filter profiles | customer-specific filter profiles |
| Protection of own autonomous systems | no | no | yes |
| Procedure in event of attack | |||
| Anomaly detection | automatic | automatic | automatic |
| Start of defense | automatic | automatic | automatic |
| Traffic fingerprint of the attack traffic | no | no | yes |
| Cost of individual defense by the conova task force | — | via hourly account | via hourly account |
| Report | — | upon request | upon request |
| Service Level Agreemend (SLA) included 2) | — | Economy | Economy |
| Price per month | — | upon request | upon request |
| Set-up costs (one-time expense) | — | upon request | upon request 3) |
| Options | |||
| Each additional protected object/network block | — | upon request | upon request |
| Upgrade Clean Traffic 10 Mbit/s | — | upon request | upon request |
1) With uniform defense policies.
2) Further information about SLA on request.
3) Includes a 3-hour joint onboarding workshop.
Contract details:
• Minimum contract period 36 months.
• Errors and changes reserved.
How TopDefense® works
Put simply, TopDefense® continuously analyzes the incoming data stream in real time for threats or unusual data volumes. This real-time DDoS protection uses so-called scrubbing nodes that are set up at all conova locations and peering points.
Deviations from the learned traffic are detected and trigger an automated defense so that only clean traffic is forwarded to the customer infrastructure.
For this, thresholds are defined with the customer in advance that initiate a mitigation if they are exceeded. Depending on the product scope selected, further defensive measures can, if necessary, be implemented manually by conova specialists.
TopDefense® Basic, Advanced and Professional
In the basic version of TopDefense®, all forms of traffic – both attacked and clean – is discarded in the event of an attack (blackholing).
The advanced version monitors and protects an object (customer network area) using predefined filter profiles. Your service remains available in the event of a breech.
The professional version offers you the most freedom as a customer. You can have up to three objects protected using individual filter profiles as well as your own autonomous systems.
THE MOST COMMON QUESTIONS ABOUT DDOS ATTACKS AND TOPDEFENSE®
What is a DDoS attack?
A DDoS attack is when a target system is attacked by several systems over the Internet. The mass of data floods the system and can lead to delayed data delivery or server timeouts.
How can I protect myself from DDoS attacks?
Professional DDoS protection solutions fend off DDoS attacks before they reach your infrastructure and thus increase your service availability.
What are the consequences of a DDoS attack?
During a DDoS attack, your IT system availability can be compromised. As a result, you may experience financial losses, damage to the company’s image or business interruptions.
What is TopDefense®?
TopDefense® is a multi-level defense solution created by IT specialists at conova that protects the entire customer infrastructure in its own data centers. Attacks are blocked before they can reach the network, ensuring your systems’ availability.
