Features

MITIGATOR protects against attacks at L3-L7 levels of the OSI model
MITIGATOR detects and automatically suppresses DDoS attacks of levels L3-L7 of the OSI model. The product contains more than 50 countermeasures based on various mechanisms:
challenge-response, rate-based, regexp, validating, limiting, iplist, application behavior
Flexible traffic distribution over protection policies

In MITIGATOR, traffic separation and filtering is possible not the destination address only, but also by any combination of 5-tuple.
This allows you to divert the traffic of specific services to separate protection policies and apply only necessary countermeasures for scrubbing.

TCP protection for Traffic Asymmetry
To protect against TCP attacks while only incoming traffic is present, MITIGATOR uses widely accepted methods of checking by resetting the TCP session and using the wrong sequence number with different combinations of flags.

In addition to the standard protection mechanisms, a unique mode of operation with ISN synchronization is available, in which protection against traffic asymmetry does not require unnecessary packet exchange or disconnection with the client.

Activation of address protection is supported only for servers under attack, which eliminates the negative impact on the traffic of other services.

TCP protection for Traffic Symmetry
MITIGATOR supports SYN-proxy (TCP Splicing) protection if outgoing traffic from protected resources passes through it.

TLS protection
MITIGATOR allows you to protect TLS applications without traffic decryption by using various methods to analyze TLS parameters and JA3 fingerprints. In combination with other countermeasures and a web server log analyzer, it is possible to achieve maximum protection.


HTTPS protection
MITIGATOR analyzes web server logs in addition to TLS protection to identify attacking bots.
Game servers protection


MITIGATOR protects game servers from DDoS attacks over TCP and UDP protocols.

The product implements protection mechanisms for Counter Strike: GO and other games from Valve, as well as Minecraft, Rust, ARK, Source Engine Query, etc. New protection mechanisms are added constantly.


Programmable filter
MITIGATOR allows the creation and usage of custom traffic processing programs.
Mitigator Challenge Response
A specialized user authentication protocol which can be conveniently embedded in a protected application.

Infrastructure
MITIGATOR can work in L2-transparent and L3-router, inline and on-a-stick modes. The integration method depends on the network structure and tasks. Traffic can be directed to MITIGATOR permanently or only at the moment of attack. Interaction via BGP is supported.
Network Deployment
A separate product for collecting traffic statistics from the client's network infrastructure. Allows you to detect attacks and enable protection for individual policies without constantly sending traffic to the MITIGATOR.
Collector
It is possible to send protected device traffic for analysis and additional verification to the Web Application Firewall. Redirection settings are set individually for each protection policy.

WAF Integration
MITIGATOR supports a wide range of x86-64 processors and network cards.
Runs on common server hardware
MITIGATOR supports network adapters that use hardware bypass. In the event of a system failure or a hardware platform malfunction, the network adapter switches to bypass mode at the physical layer and the traffic starts to be redirected from port to port, bypassing the network adapter controller.
Usage of cards with bypass
The software comes as a set of Docker containers.You only need to run a few commands to update the system version.
Docker
Ensuring maximum reliability of protection due to redundant devices. Traffic processing performance increases due to the growth of the number of filtering nodes.

System management is carried out using a single interface, regardless of the number of devices. In the event of a planned or emergency shutdown of any instance of the system, the ability to manage the rest remains.
Clustering
MITIGATOR works with GRE tunnels in two ways: with the delivery of cleared traffic from MITIGATOR to the protected service, and with the reception of traffic from a third-party filtering service by MITIGATOR with subsequent traffic inspection.
GRE
MITIGATOR REST API allows you to perform any actions in the system in order to integrate with third-party systems and services or automate system management processes.

API usage examples:
-Integration with third-party traffic analyzers
-Loading prefix lists from external systems to form black and white lists in MITIGATOR
-Hosting control panel integration
-Custom dashboards
REST API
It is possible use filtering not only by specific IP addresses, but also by updated lists from various sources. Work with lists is transparent, you can also configure the frequency of requests.
IP address lists
MITIGATOR allows you to send messages about system events via various channels: Telegram, E-mail, Syslog, the Vestochka notification service. The user can flexibly set up sending of the necessary notifications.
Notifications and the channels of their delivery
Traffic Analysis
Automatic collection of a traffic dump at the time of an attack, even in the absence of an operator, for subsequent analysis and configuration of countermeasures.
Automatic capture
There are two ways to create filtering rules: automatically on the client's hardware or by uploading a traffic dump to a dedicated psg.mitigator.ru service. The service is used as one of the tools to evaluate the legitimate traffic of a new application, or to create an attack traffic signature.
In both cases, its use greatly simplifies the task of setting up protection against typical attacks.
Automatic signature generation
Service Creation and Access Sharing
MITIGATOR supports the ability to create a DDoS protection service. Traffic separation allows you to provide independent filtering settings for individual clients.

Flexible role model is used.
Programmable filter
Ability to create and use custom traffic processing programs.
Sales
MITIGATOR is distributed on the basis of temporary and perpetual licenses according to the bandwidth of incoming traffic, starting from 100 Mbps. In the case of centralized management, the number of MITIGATOR instances in the cluster is licensed additionally. If there is no cluster, the number of instances is not limited by the license.

Support is available 8x5 and 24x7
Licensing model
In order to facilitate deployment, MITIGATOR can be supplied as a ready-made complex which includes both hardware and software.
Appliance