F. A. Q.

MITIGATOR is used by a wide range of companies, including financial institutions, game hosting companies, telecommunications companies - all those who are at high risk of DDoS attacks. We take into account the peculiarities of our clients' systems, timely inform them about new threats and promptly respond to needs of their business.

MITIGATOR has a wide range of possibilities for integration into the customer's network infrastructure. It supports both installation in the network gap, and on the side, with the symmetry and asymmetry of traffic. Interaction with flow collectors and interaction via BGP is provided. When combining several instances of MITIGATOR into a cluster, it is possible to set individual network deployment settings for each of the instances, which allows you to protect networks with a complex organization.

MITIGATOR is distributed on the basis of temporary and perpetual licenses for the bandwidth of incoming traffic, starting from 100 Mbps. When centralized management is used, the number of MITIGATOR instances in the cluster is licensed additionally . If there is no cluster, the number of instances is not limited by the license. In order to facilitate deployment, MITIGATOR can be supplied as a complete package appliance including hardware and software.

MITIGATOR is registered in the register of domestic software under No. 4063 and has been granted with FSTEC certificate for the fourth level of trust by the No. 4367.

The system for registering user requests allows our technical support to quickly respond to any difficulties that users may encounter. For operational interaction with the MITIGATOR development team, there is a Telegram bot. This communication format is not a registered call to technical support, but allows you to quickly get advice on setting up and operating MITIGATOR. Our telegram news channels will inform you about product changes and the current situation on the fronts of DDoS protection.

MITIGATOR supports interaction with the equipment of upstream telecom operators from various manufacturers via cloud signaling protocols. This defense in-depth increases the availability of Internet services and filters some of the attacks on the operator's network. MITIGATOR supports BGP Flow Specification: in case of high-volume attacks the filtering rules are transmitted to the upstream carrier and received from clients.

Sales of MITIGATOR are carried out by the network of authorized integrator partners. You can find a list of them at this link.In certain regions where the partners are not available, business can be discussed directly. For that leave us the message using the feedback form.

Reaction speed.
Operators using telemetry over flow protocols are forced to use 1:1000 sampling or more, and transmit data on current traffic once every 30 seconds or less. This reduces the accuracy and timeliness of the received statistics, which in turn causes a delay between the start of the attack and the start of filtering. MITIGATOR can constantly monitor traffic and, if an anomaly is detected, activate filtering in less than a second.

Minimal impact on legitimate traffic.
To reduce the response time, the operator filters the service traffic all the time, which negatively affects the legitimate traffic of the protected service, leads to delays and an increase in RTT. MITIGATOR is installed next to protected resources, which makes it possible to avoid significant changes in the path of packets.

Safety for previously established sessions.
MITIGATOR monitors legitimate traffic even before the moment of attack, and when filtering is applied, it does not affect already established connections. In addition, MITIGATOR can filter constantly, which fundamentally excludes the possibility of sessions break.

Automatic activation of necessary countermeasures depending on the situation.
The MITIGATOR protection policy allows the detection subsystem to control each and any of the countermeasures and set the conditions under which they are independently activated. This method of protection avoids potential damage to traffic, unlike the standard mitigation templates applied to each anomaly that most of our competitors use.

Traffic distribution.
MITIGATOR distributes traffic to independent protection policies in accordance with routing rules. The rules consist of five parameters: protocol, src prefix, src port, dst prefix, dst port. The value of each of the fields can be multiple or empty. This approach makes it possible to distribute the traffic of individual services to different policies and apply only the necessary countermeasures to scrub it. Understanding the specifics of traffic allows you to achieve the most efficient configuration of each of the countermeasures.

The fundamental difference in the approach to the attacks like TCP Flood.
MITIGATOR was designed to filter both symmetric and asymmetric traffic and has built-in mechanisms that eliminate the negative impact of TCP Flood attacks on protected resources. In the case of symmetric traffic, the system uses the TCP Splicing mechanism, which allows you to establish legitimate connections without consequences for the client application. For an asymmetric stream, MITIGATOR uses the ISN synchronization mechanism: when using it, the establishment of a TCP connection is transparent to the client and server.

Advanced UDP applications protection.
In addition to DNS and SIP protection, MITIGATOR employs countermeasures to ensure the security of many gaming applications running over the UDP protocol. An authentication mechanism by waiting for the redirection of UDP datagrams has been implemented, which allows the description of the necessary packets using rules for L3-, L4-headers and regular expressions for payload. Often, UDP application traffic is encrypted or has complex semantics. For such cases, the client application has the MITIGATOR Challenge Response open authentication protocol, which improves the quality of protection for both UDP and TCP applications. In addition to existing countermeasures, MITIGATOR, using a programmable filter mechanism, allows you to develop algorithms independently and protect any application, including your own. This can be done for example, by supporting a special client authentication logic. Algorithms are created as C programs and loaded directly to the countermeasure.

Analysis of logs of a protected HTTPS server.
In addition to protection for TCP and analysis of TLS Client Hello, MITIGATOR analyzes the logs of the protected Web server. During the analysis, anomalies are detected and attacking IP addresses are blocked. Analysis of web server logs allows you to improve the quality of protection without decryption on the filtering device. Additionally, MITIGATOR supports JA3-fingerprints, which allow you to block bots when they try to connect.

Active development.
New functionality is constantly being added to MITIGATOR to effectively counter emerging threats. Releases are issued once every 2 months, contain new protective techniques and take into account customer requests.