Companies, Internet service providers/cloud providers or other players in the digital transformation market nowadays face a common problem: Distributed Denial of Service (DDoS) attacks. These attacks are becoming more and more sophisticated and are increasing exponentially. Today, the question is not whether you will suffer a DDoS attack, but when. To respond to the increasingly present and complex DDOS attacks, and in the face of the emergence of multiple vectors of aggression, efficiency, visibility and expertise are more than ever essential assets to your security strategy. In order to effectively strengthen the defence of your business, Proximus NXT provides you with comprehensive support against all types of attacks through its anti-DDoS solution adapted to your various business challenges.
Advanced DDoS Mitigation
Our solution has the advantage of supporting a mitigation architecture called "diversion/reinjection". Thanks to this operating mode, only traffic flows carrying DDOS attacks are redirected to the mitigation centre through routing updates
Centralized Multi-Site Protection
Our centralized mitigation architecture enables protection of multiple sites, links, or data centers through a single interface. It streamlines the deployment of your security policies, optimizes BGP updates, and reduces the attack surface across your infrastructure.
Rapid DDoS Attack Detection
Your network traffic is continuously analyzed using a behavioral detection engine combined with a global threat intelligence feed. The solution identifies DDoS attacks at an early stage—even stealthy ones—and triggers real-time alerts to ensure immediate response.
Immediate reactivity
Minimize downtime by proactively detecting threats. Our solution allows you to quickly diagnose threats that may impact the availability of your services
Ease of processing
Automatically delete only attack traffic without interrupting the legitimate traffic flow
Protection service available 24/7
Surgical initiation
Single point of contact
Tailored "mitigation strategy”
Customer support in setting up procedures to be adopted in the event of an attack
Analyses and statistics targeted on your infrastructure
Threat detection
Attack and Mitigation Report
Using BGP Flow Spec for routing updates
Protection service available 24/7
Surgical initiation
Single point of contact
Tailored "mitigation strategy”
Customer support in setting up procedures to be adopted in the event of an attack
Analyses and statistics targeted on your infrastructure
Threat detection
Attack and Mitigation Report
Using BGP Flow Spec for routing updates
FAQ - Anti-DDoS Protection
What is the difference between DDoS detection and mitigation?
Detection is the process of identifying signs of a DDoS attack by analyzing network traffic for anomalies or spikes. Mitigation follows immediately to block malicious traffic while ensuring legitimate users can still access your services.
Does your solution support real-time mitigation?
Yes. Thanks to a diversion/reinjection mitigation architecture and continuous monitoring, our system automatically activates mitigation as soon as suspicious activity is detected.
What types of attack vectors or protocols are covered?
Our solution protects against a wide range of DDoS threats, including volumetric attacks (UDP flood, TCP SYN flood, ICMP), protocol-based attacks (DNS, NTP, LDAP amplification), and application-layer attacks (HTTP GET/POST flood, slowloris). It is designed to counter even sophisticated multi-vector attacks.
Can multiple sites or data centers be protected with one solution?
Absolutely. Our centralized, multi-tenant platform enables efficient protection of several environments through a single interface, simplifying DDoS management across your entire infrastructure.
What kind of reports are provided after an attack?
Following each incident, you receive a detailed mitigation report including the timeline of the attack, types of vectors detected, traffic volume blocked, duration of the event, and mitigation actions taken.
What are the technical requirements to deploy your solution?
Our anti-DDoS solution uses BGP FlowSpec for routing updates, requiring that your network equipment supports BGP and that you operate under an Autonomous System Number (ASN). Our team provides full support during the deployment process.