WEDOS Protection – Comprehensive Defense Against DDoS and Other Threats

1. Introduction and Key Benefits

WEDOS Protection is a multi-layer solution designed to ensure high availability and resilience against a wide range of attacks, from the network (L3/L4) to the application (L7) layer.

• Shields against volumetric DDoS attacks as well as advanced web application exploits.
• Employs a global infrastructure with distributed Points of Presence (PoPs) and anycast routing, effectively distributing malicious traffic and delivering fast response worldwide.
• Through multi-level inspection (L3, L4, and L7), malicious traffic is filtered out before it reaches your server.

2. Anycast vs. Unicast

A key component of WEDOS Protection is how traffic is routed:

• Anycast: Traffic is distributed across multiple geographically dispersed nodes (PoPs), significantly reducing overload risk and increasing resilience to attacks.
• Unicast: All traffic goes to a single server, making it an easy target for attackers to overwhelm.

3. Multi-Layer Protection (L3, L4, and L7)

1. Layer 3/4 (Network Layer)
   • Filtering at the IP and TCP/UDP levels.
   • Protection against SYN Flood, UDP Flood, ICMP Flood, amplification attacks, and more.
   • Geolocation and reputation filters, blacklists/whitelists, rate-limiting, etc.
2. Layer 7 (Application Layer)
   • Deployment of a WAF (Web Application Firewall) and OWASP-based rules.
   • Detection and blocking of advanced threats such as SQL injection, XSS, Slowloris, RUDY, and more.
   • Option to enforce verification (e.g., CAPTCHA) for suspicious traffic.
   • Configurable and customizable security rules for specific applications or APIs.

4. Encryption and Data Protection

• All communication is encrypted (TLS/HTTPS or VPN).
• Temporary decryption is performed only for L7 inspection; the traffic is then re-encrypted before reaching the target server.
• Sensitive data is never stored; decryption happens exclusively on dedicated servers within a secure environment in the WEDOS data center.

5. Wide Range of Mitigated Attacks

WEDOS Protection is designed to handle dozens of different threats, including:

• Protocol Attacks (SYN Flood, ACK Flood, TCP Null Attack, RST Flood, etc.)
• Amplification Attacks (DNS, NTP, SNMP, SSDP, etc.)
• Application Attacks (HTTP GET/POST Flood, XML-RPC Flood, Slowloris, RUDY, etc.)
• Specialized Attacks (SIP Flood, VOIP Flood, QUIC Flood, Ping of Death, etc.)

This broad coverage is achieved through automated monitoring, regularly updated security rules, and adaptive mitigation methods.

6. High Availability and Performance

• Global PoPs: Multiple Points of Presence worldwide ensure low latency and traffic distribution.
• Redundancy: Each PoP operates independently; if one node fails, traffic is seamlessly rerouted.
• Load Balancing: Intelligent traffic distribution maintains optimal performance, even under attack.

7. Transparent Deployment and Management

• Enable or disable protection simply by updating DNS records (CNAME/A).
• Customer administration offers detailed configuration and custom rules (e.g., WAF settings, IP blacklists/whitelists, GeoIP filters).
• Dedicated solutions are available with private infrastructure and IP ranges, if needed.

8. Compliance with Security Standards

• Adheres to strict international standards and certifications (e.g., ISO 27001).
• Servers are hosted in certified data centers within the EU, under strict physical and logical security controls.
• Continuous monitoring and detailed logging of security events enable rapid response and thorough forensic analysis.

9. Conclusion: Why Choose WEDOS Protection

• Proven technology with extensive experience in DDoS protection.
• Comprehensive coverage from network-level to application-level attacks.
• Flexible configuration to meet specific customer needs (varying levels of protection, rules, capacity).
• 24/7 support, including VIP options for critical projects.
• An EU-based company with a strong focus on transparency and security.