© 2015 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential.

Level 3® DDoS Mitigation

Marva BennettEnterprise Account Manager

(512) 431-6390

Anthony S BombaSecurity Specialist

2016

© 2015 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential.2

Level 3sm Network Protection – How it worksUpstream Mitigation: ACL Filtering, Firewall, Command & Control Take Downs

Level 3 Network Protection Features: Basic Network Protection• BGP router filtering, null routing, transit interface protection and SOC triggered Blackholing.

Rate Limiting • Maximum rates may be specified based on a number of criteria.

Custom Filter Creation • Level 3’s Security Operations personnel will work with customers to identify attack actors

and develop/apply appropriate filters.

Permanent Access Control Lists • Filters applied will be placed into service permanently, providing on-going protection. • ACL is 50 lines or less.• Up to two changes per month, per service.

SLA: 30-Minute Time to Respond• A high percentage of attacks are volumetric in nature with identifiable signature patterns.

Level 3 delivers a 30-minute SLA for time respond for these attacks.

Reporting upon Request • Upon request, Level 3 will provide a limited amount of logging information and reporting.

© 2015 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential.

• Network-based, unlimited mitigation• Always-On or On-Demand options• Route determined by BGP configuration• For customers with a maximum of 1 Gbps.

of peak inbound traffic• Volumetric and application layer attack mitigation

(Layers 3-7)• Optional proactive monitoring and alerting

Service Highlights

GRE Solution

Attack TrafficClean Traffic

Routing redirects traffic to global redundant scrubbing centers

GRE tunnels over public Internet

Clean Traffic

Customer Datacenter(s)

Uses GRE tunnels over public Internet as a forward from Level 3 scrubbing center to customer datacenter(s) for clean traffic

Level 3 scrubbing centersAttack traffic dropped.Clean traffic returned to customer.

3

SYNFlood

Clean

NTP

© 2015 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential.4

Benefits of GRE SolutionQuick start, lower cost Internet connection option

• Reduces CostsProvides a cost-effective solution for smaller off-net locations

• Ease of DeploymentFaster to deploy as compared to private connection solution

• Full IP Address ProtectionProtects IP address space against DDoS attack vs. protection of website using the proxy based DDoS mitigation

Improved Time to Deploy

Reduced costs foroff-net locations

Full IP Address Space Protection

© 2015 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential.5

Proactive monitoring and alerting

Flow-Based Monitoring Option

• Monitors customer edge routers and detects anomalies and changes in volumetric flows

• Detects Layer 3 & 4 DDoS attacks and provides alerts to Level 3 SOC and Customer- Netflow, Sflow, Jflow

• 24x7 monitoring and alerts backed by SLAs

• Additional forensic evidence for faster mitigation

• 24/7 Monitoring:Level 3 Security Operations Center

• Non-Intrusive: No hardware inserted into the network

• Improved Analytics: Into user activity and applications

Solution Benefits

© 2015 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential.6

Flow-based Monitoring Expansion

Collecting NetFlow from Level 3 infrastructure for attack detection

• Simplified provisioning by reducing dependency on collecting flow data from customer equipment

• NetFlow data delivery not impacted by congestion of the customer circuit due to the attack

• Competitive feature parity with facilities based providers and competitive advantage over cloud providers

• Eliminates concerns with customers whose security policies do not allow for sending the flow data from customer equipment to the provider (e.g. financial sector)