At 10:25 30/05/2011 -0400, Jim Mercer wrote: My knowledge is from 1.5 years ago when I compared Verisign, Prolexic, Akamai and others so things may have changed since then. VeriSign claim that they are servicing their own network globally which has performed with zero down time over the last decade. Verisign have 2 offerings - one over BGP and the other over GRE/SSL VPNs. The BGP solution would be faster to turn on but will require more configuration set-up. Interestingly, their mitigation service is not 'always-on' (they sell their monitoring and mitigation services seperately). On detection of an attack, they contact the customer and only once the customer acknowledges that they want their services "redirected" do they turn on the filtering. My biggest gripe was their SLA - or lack of one. Back in Dec 2009 I forced them to start writing an SLA which they had not thought of, which back then showed an immaturity of service. Things might be different now. Verisign then took the view that the SLA should be based on *their* mitigation platform availability ("our scrubbing center has 100% SLA") and not on the customer site availability (all great and wonderful that your scrubbing center is up and running - but my site is down). They were willing to give service credits if their scrubbing center was down but not if the customer site was down. I found they had a well established customer portal and ample reporting facilities. Just make sure they have improved on their SLA before buying. Regards, Hank
Heyo,
So, I asked to look into the viability and usefullness of the "Verisign Internet Defence Network" service.
I don't claim to be any kind of expert in DDoS mitigation, but some of the claims made by the product descriptions seem suspect to me.
it claims to be "Carrier-agnostic and ISP-neutral", yet "When an event is detected, Verisign will work with the customer to redirect Internet traffic destined for the protected service to a Verisign Internet Defense Network site."
anyone here have any comments on how this works, and how effective it will be vs. dealing directly with your upstream providers and getting them to assist in shutting down the attack?
-- Jim Mercer jim@reptiles.org +1 416 410-5633 You are more likely to be arrested as a terrorist than you are to be blown up by one. -- Dianora