Return to Events

IIJ Launches IIJ DDoS Protection Service

dl button PDF [48 KB] 01 February 2012

TOKYO-February 1, 2012-Internet Initiative Japan, Inc., (IIJ, NASDAQ: IIJI, TSE1: 3774), one of Japan's leading Internet access and comprehensive network solutions providers, today announced a complete upgrade of the IIJ DDoS Solution Service-which protects Internet connections, servers, and network environments from DDoS *1 attacks-to create the new IIJ DDoS Protection Service with an even larger defensive capacity. The new service will be launched in March 2012.

The IIJ DDoS Protection Service is a fully managed service that detects potential threats against the client's network and protects it from DDoS attacks just as the IIJ DDoS Solution Service did. Defensive equipment installed on IIJ's network backbone monitors the client's network round the clock to detect communications that contain previously defined DDoS attack characteristics or deviations in normal traffic patterns, and when such are detected, implements access restrictions or bandwidth control. By blocking attacks at the backbone, client's do not experience any traffic increases on Internet access lines, network equipment, or servers, and clients do not have to make a huge investment in line equipment or more servers to defend against DDoS attacks, as they have in the past. From the initial consultation to installing, operating, and maintaining equipment and submitting reports, IIJ's expert engineers oversee all stages of the process, enabling a fully outsourced service for defending against DDoS attacks.

As part of the service upgrade, we have added highly scalable defensive equipment on the IIJ backbone to be able to defend against even larger attacks. We are now capable of repulsing attacks of up to 3 Gbps, and with scalable equipment we can immediately increase this capacity to deal with attacks that exceed our future expectations. We have also increased the number of types of attacks that can be detected, as well as our accuracy in detecting them, to more efficiently protect the client's network environment from DDoS attacks.

In recent years, DDoS attacks against companies has increased, as has the number of portal sites and corporate websites that have been shut down by DDoS attacks, which is having a major impact on business*2. IIJ pioneered this field in Japan with the release of the IIJ DDoS Solution Service in December 2005, providing services mainly to clients in government and the financial industry. By providing the IIJ DDoS Protection Service, we hope to head off even larger DDoS attacks and contribute to the stability of our clients' businesses.

We plan to provide IPv6*3 compatibility in the future, and use our expertise to roll out a richer array of features.

*1 In a DDoS attack, multiple computers and servers distributed over a network are used to direct an overwhelming flow of communications at a specific server, and this overwhelms and paralyzes the targeted server or network, thus denying service to legitimate users.

*2 For information on trends in DDoS attacks, see IIJ's technical report "Internet Infrastructure Review".

*3 The next-generation Internet protocol. It is based on the existing Internet protocol IPv4 but provides a larger address space and additional security functions.

IIJ DDoS Protection Service Highlights

Item Description
Initial Consultation
  • IIJ's expert security engineer meets with the client for discussion and then develops an access control policy for the client's environment
Operation and Maintenance
  • Operational status is automatically monitored 24 hours a day, 365 days a year
  • Maintenance performed on system software
  • Equipment installation, configuration, maintenance and repair
Attack detection and alert
  • Previously defined attacks are automatically detected
  • Anomaly detection is used to automatically detect attacks that are difficult to predict
  • When an attack is detected, a description of the attack and the response status is reported via e-mail
Communications control and attack interruption
  • Communications are cut off when an attack is detected and only normal communications are allowed
Regular reporting
  • Attack status and response status are updated regularly