Akamai to boost network-layer DDoS protection with new scrubbing centers

Content delivery network (CDN) provider Akamai said Tuesday that its Prolexic DDoS protection service will become able to handle DDoS attacks of up to 20Tbps, thanks to a new wave of construction of so-called scrubbing centers.

The company’s announcement said that this will effectively double its current capacity to handle network-level DDoS attacks, with rollouts planned for “all major regions,” which includes US East and West, Canada, Italy, Spain, Switzerland, India, Japan, Hong Kong and the Middle East. The first new centers will come online in the third quarter of this year, and will continue through 2023.

Prolexic, which was acquired by Akamai in 2014 for $390 million, represents one prong of the company’s DDoS protection strategy. Prolexic is focused on network-level attacks, which are more “volumetric” and based on large floods of data. By contrast, the company’s Kona site defender product is targeted at application-level threats, which tend to be more “low and slow” in terms of DDoS data volume.

“Kona site defender is based on their CDN, so that’s more classic Akamai, since they deliver web content,” said Chris Rodriguez, a research director at market research fimr IDC.

Prolexic’s capabilities are based on scrubbing centers, which combine numerous anti-DDoS appliances (usually made by NetScout, Radware or a similar provider) into a dedicated anti-DDoS facility. The appliances there are designed to identify threat traffic in incoming data, and block activity it flags as malicious.

“It’s the concept that you’re taking all the third-party DDoS mitigation appliances and putting all the attack traffic there, and returning it [to the client] via a GRE tunnel [or similar secure connection],” Rodriguez said.

The new scrubbing centers will be fully software-defined, using cloud-based versions of the DDoS mitigation appliances, according to Akamai. The new capabilities are a response to what the company said is an increasingly sophisticated DDoS attack landscape. Where the top five DDoS attack methods represented 90% of attacks in 2010, that figure is down to 55% in the present day—which means that there are simply more and more sophisticated techniques for DDoS attacks out there.

“Since 2020, organizations have experienced a deluge of DDoS extortion, high-profile, multi-terabit attacks, hacktivism, and an explosion of novel threats,” Akamai said in its announcement.

Prolexic pricing won’t change as a result of the new capacity, according to the company, which said that it will continue to price that protection on a per-data-center location rate, based on the “expected clean inbound traffic level.”