DDoS Protection

Nextgen Group’s Internet DDoS Protection service detects and defends against Distributed Denial of Service (DDoS) attacks which can materially disrupt your web-based business systems.


Nextgen Group’s Internet DDoS Protection service comprises both attack detection and attack mitigation services. The detection service identifies a DDoS attack in the Nextgen Group Internet network and provides alarms to the Nextgen Group Service Management Centre (SMC). When a suspected DDoS attack is detected, Nextgen Group’s SMC calls the customer to verify the authenticity of the attack. This allows the customer to confirm if the suspected attack is genuine traffic or not, thus avoiding any unnecessary disruptions.

With customer agreement, Nextgen Group then takes action against the attack by blocking the ‘attack’ traffic that would otherwise congest and potentially disable the customer site or service.

Nextgen Group DDoS Protection Service components and process


Nextgen Group configures the DDoS protection service to look for traffic targeted at the customer’s specific IP addresses.


Once configured, the service automatically begins to collect data to characterise the customer’s normal traffic. This baseline mdiscovery process takes approximately four (4) weeks.


Nextgen Group’s DDoS Protection service uses NetFlow data to continually monitor traffic destined for the customer’s IP addresses. The NetFlow samples are used to look for patterns of behaviour outside of what is expected as normal from the baseline exercise.


When the platform detects traffic that falls outside of the mpreset thresholds, it sends an alert to Nextgen Group’s Service Management Centre (SMC). The SMC will call the customer with notification of the attack.


If agreed by the customer, the SMC enables attack mitigation by advertising the targeted IP address on the Nextgen Group Threat Management System (TMS). All traffic destined to this IP address will then be routed through the TMS. “Clean” traffic is allowed to continue to the customer’s connection via a different IP address as nominated by the customer.

“Attack” traffic is discarded. Mitigation is typically enabled for 24 hours, at which time the SMC revisits the platform to check if the attack is still underway.
Should the attack cease, the routing is restored to normal.

If the attack is still ongoing, the process continues for another 24 hours and is repeated until the attack is over.

Key Features

Detects and cleans DDoS attacks

• Blocks attack traffic from congesting the customer network

• Customer control allowing you to confirm that suspected traffic is hostile before blocking

• 24×7 service including monitoring and access to help desk

• Service level guarantee with rebate backed protection.

Key Benefits

• Business continuity support in the event of a DDoS attack

• Business Reputation underpinned with reliable on-line service availability