1. technology and computing
2. computer security
3. antivirus and malware

DATA SHEET
VERISIGN OPENHYBRID™
AS DDoS ATTACKS PERSIST IN VOLUME AND SEVERITY AND ORGANIZATIONAL NETWORKS
BECOME MORE DISTRIBUTED ACROSS PRIVATE AND PUBLIC CLOUD ENVIRONMENTS, ENSURING
BUSINESS UPTIME IN THE FACE OF CRIPPLING DDoS ATTACKS IS BECOMING INCREASINGLY
COMPLEX.
Verisign OpenHybrid architecture helps organizations
protect their critical assets and applications across
distributed environments from DDoS attacks. By
integrating intelligence from existing security defenses,
Verisign OpenHybrid ensures faster detection and
mitigation of DDoS attacks, while providing increased
visibility of DDoS threats across multiple environments
such as datacenters and public clouds.
Verisign OpenHybrid redefines DDoS monitoring by
enabling intelligence sharing and DDoS signaling across
an organization’s entire security perimeter, including:
•• Public cloud environments (e.g. Amazon Web Services,
Microsoft Azure, etc.)
•• Dedicated DDoS appliances
•• Other security devices and platforms (e.g. routers,
firewalls, intrusion detection systems, etc.)
Verisign OpenHybrid enables monitoring for resource
exhaustion at various points within a customer’s network
preventing any single component from being overwhelmed
and causing service unavailability due to a DDoS attack.
With Verisign OpenHybrid, customer’s appliances or
VerisignInc.com
services can integrate with Verisign DDoS Protection
Services® to send signals to our cloud network, where
attack mitigation can be started immediately, restoring the
customer’s critical services in a matter of minutes.
Restful APIs
Verisign’s OpenHybrid API allows us to receive signals
from customer on-premise devices and cloud-based
services, through a REST API interface. Verisign customers
can utilize the APIs to automatically signal to Verisign’s
DDoS Protection cloud when pre-defined thresholds are
breached for customer’s appliances/services. DDoS
attacks are more than just volumetric in nature. Complex
application layer attacks can exhaust customer resources
at a variety of levels. To accommodate this, Verisign
provides customers increased flexibility in signaling
thresholds that can be defined based on a variety of
system, resource or platform constraints. These thresholds
may include compute capacity, bandwidth limitations and
application scaling events in addition to custom metrics
depending on the cloud environment.
Verisign Public
Customer Applications & Services
ATTACKER
Customer Benefits
Faster detection and mitigation
Interoperability with any device
Interoperability with any cloud environment
(public and private)
Public Cloud
DDoS
Appliances
Router
USER
Customer Data
Center
Signaling Open
Standards
& APIs
Firewall
Private Cloud
Threat
Intelligence
Signals
Service Components: Verisign OpenHybrid
Use Cases
Signals Sent to Verisign
On-premise DDoS
appliance(s)
Threat signals can be sent to the Verisign cloud when a DDoS attack reaches a volumetric
threshold.
On-premise network or
security appliances
Routers, firewalls, IDS/IPS, etc. are not designed to withstand volumetric DDoS attacks and
can suffer exhaustion/overutilization.
The Verisign API can consume signals from various layers within a network environment to
achieve a more comprehensive security posture.
Public cloud environments
and monitoring platforms
2
Public cloud environments and associated monitoring services can signal platform
performance impacts due to a potential DDoS activity.
Verisign Public
The APIs generate an alert on the Verisign DDoS portal,
enabling Verisign’s technical support teams to begin
attack mitigation immediately in the cloud when required,
minimizing any critical service downtime. Organizations
can signal threat information from any device that may
already exist in their network such as firewalls, routers,
IDS and DDoS protection appliances.The signals-based
intelligence is used to monitor the threat levels of customer
network assets and initiate a preemptive response to
DDoS attacks that threaten the availability of critical
services on the customer network.
Purpose-built DDoS Appliance API Connectors
While customers can easily make REST API calls to
the Verisign service, Verisign also provides custombuilt API connectors for dedicated appliances and
cloud environments that allow customers to integrate
with Verisign’s API in an easy manner with minimal
configuration required. Customers can use the API
connectors to integrate with the pre-defined set of vendor
solutions and/or write their own. The API connectors are
delivered to customers in the form of software code or
virtual machines.
Key Benefits
Faster DDoS detection to mitigation
API-based threat signaling that enables applications starved of resources or under DDoS attacks to automatically generate alerts.
Consolidated view of DDoS threats
Unified DDoS alerting and reporting on Verisign’s customer portal provides a unified view of threats across various network
environments (datacenter/cloud).
Interoperability with multiple devices and public or private cloud environments
Open standards and APIs enable protection of critical services across distributed environments using a single solution.
Minimum service interruption and downtime
Resource exhaustion signaling at every layer of network infrastructure (e.g. routers, firewalls, web servers, applications,
databases, etc.) protects network and resources for legitimate users.
Improves security ROI
Leverage and combine existing security infrastructure investments with a scalable DDoS cloud network for comprehensive DDoS
protection without new Cap-Ex or vendor lock-in.
Verisign Public
3
SUMMARY
ABOUT VERISIGN
As organizations migrate critical assets to public and
private cloud environments and deploy a wide range of
network security elements, Verisign OpenHybrid offers
a cloud-based DDoS platform that monitors for, and
provides a consolidated view of, DDoS threats across a
diverse set of security components deployed in-house and
in the cloud combined with mitigation capabilities that can
scale to the largest and most complex DDoS events.
Verisign, a global leader in domain names and Internet
security, enables Internet navigation for many of the
world’s most recognized domain names and provides
protection for websites and enterprises around the
world. Verisign ensures the security, stability and
resiliency of key Internet infrastructure and services,
including the .COM and .NET domains and two of the
Internet’s root servers, as well as performs the root-zone
maintainer functions for the core of the Internet’s Domain
Name System (DNS). Verisign’s Network Intelligence and
Availability services include intelligence-driven Distributed
Denial of Service Protection, iDefense Security Intelligence
and Managed DNS. To learn more about what it means to
be Powered by Verisign, please visit VerisignInc.com.
LEARN MORE
For more information about Verisign DDoS Protection
Services or Verisign OpenHybrid, contact a Verisign
representative by phone at 866-367-0095 or
1-703-948-4140, by email at [email protected]
or visit us at www.VerisignInc.com/ddos.
VerisignInc.com
© 2015 VeriSign, Inc. All rights reserved. VERISIGN and other trademarks, service marks, and designs are registered or unregistered trademarks of VeriSign, Inc. and its
subsidiaries in the United States and in foreign countries. All other trademarks are property of their respective owners.
Verisign Public
VRSN_OpenHybrid_DS_201503