DDoS protection that keeps you online when it matters most
Soraxus filters distributed denial-of-service attacks before they reach your infrastructure. Our protection covers Layer 3 through Layer 7, and is built to absorb everything from crude volumetric floods to the sophisticated application attacks that take most networks offline.
A DDoS protection provider focused on one thing
DDoS protection is the service we build and operate every day, and it shapes every decision we make about our network. That focus is what lets us keep customers online through attacks that would take an ordinary provider down.
Our network is anycast, so an attack is pulled to the nearest point of presence and absorbed close to its source instead of being funneled toward a single choke point. Scrubbing happens in the Linux kernel using XDP, which lets us drop malicious packets at line rate while legitimate traffic passes through with no meaningful added latency. The result is protection your users should never have to think about.
Protection tailored to how you run
Gaming infrastructure and corporate networks face different threats and demand different tradeoffs. We offer a dedicated product for each rather than forcing one configuration to serve both.
Gaming DDoS Protection
Purpose-built protection for game servers, hosting companies, and communities. We keep latency low and players connected while filtering the floods and application attacks aimed at multiplayer infrastructure.
Explore Gaming protectionEnterpriseEnterprise DDoS Protection
Protection engineered around your network. From protected transit to remote mitigation for origins hosted anywhere, we design a solution to fit your topology, your traffic, and your compliance requirements.
Explore Enterprise protectionFrom attack traffic to clean delivery
Every stage runs continuously across our network. There is no separate system to wake up and no operator who has to notice an attack before filtering starts.
Detect
Traffic is inspected continuously at the network edge. Attack patterns are identified in real time, from volumetric floods to low-and-slow application attacks that imitate real users.
Mitigate
Malicious traffic is filtered in-kernel with XDP as soon as it is identified. Mitigation runs automatically, with no manual intervention required before filtering begins.
Deliver
Clean traffic is passed to your infrastructure with no meaningful added latency, whether it reaches you by direct connection or an encapsulated tunnel to your origin.
What enterprise DDoS protection should include
Always-on or on-detect
Run protection inline at all times, or have it engage automatically the moment an attack is detected. The mode is matched to what your infrastructure and traffic call for.
Layer 3 to Layer 7 coverage
We filter volumetric attacks, protocol attacks, and application-layer attacks. Coverage spans the full stack rather than stopping at raw bandwidth floods.
Application filters
Application-aware filters are tuned to your traffic, so requests engineered to look legitimate are caught without turning away the users you actually want.
Remote DDoS protection
Your servers do not need to live on our network. Traffic is scrubbed by Soraxus and forwarded to an origin hosted anywhere, whether over a physical connection or a tunnel.
Every known attack vector
New attack methods appear constantly. We monitor the threat landscape and extend our mitigation continuously so coverage keeps pace with how attackers evolve.
IPv4 and IPv6
Every protection product supports both IPv4 and IPv6, so dual-stack networks are covered without compromise on either protocol.
Talk to our network engineers
Tell us about your infrastructure and your attack history. We will help you scope the right protection for your network, whether you run a game server or a global business.
DDoS protection questions, answered
Common questions about how our DDoS protection and mitigation work.
DDoS protection and DDoS mitigation are closely related but describe different things. DDoS protection is the standing service that keeps your infrastructure reachable: continuous monitoring, filtering, and enough network capacity to absorb an attack without your users noticing. DDoS mitigation refers to the specific techniques that stop an individual attack once it is detected, such as anycast diversion, in-kernel packet filtering, and application-layer rule enforcement.
At Soraxus the two are part of one platform. Good DDoS protection is simply the outcome of continuously improving your DDoS mitigation as attackers change their methods.
Our protection covers Layer 3 through Layer 7. That includes volumetric attacks that try to saturate your bandwidth, protocol attacks that exhaust connection state on firewalls and load balancers, and application-layer attacks that target login pages, APIs, and other endpoints by mimicking real traffic.
Because new attack vectors are developed all the time, we treat mitigation as an ongoing process rather than a fixed rule set, and we update our filtering as new techniques appear.
No. If your infrastructure is hosted elsewhere, remote DDoS protection routes your traffic through our network for scrubbing and forwards the clean traffic back to your origin. Your servers can stay exactly where they are today.
We can connect to you in whatever way suits your setup, including Equinix Fabric, a cross-connect, over an internet exchange, or over a tunnel.
It depends on how your protection is configured. With inline protection, filtering is continuous, so there is no activation delay at all. With on-detect protection, traffic is analyzed continuously and mitigation typically begins in under a second of an attack being identified.
If you are being attacked right now and are not yet a customer, use the Under Attack option in the navigation to reach our team for emergency onboarding.
Yes. Gaming infrastructure has very different requirements from a corporate network, so we offer two tailored products. Gaming DDoS protection is optimized for low latency and the attack patterns aimed at game servers, while enterprise DDoS protection is designed around each customer's topology, transit needs, and compliance requirements.