Denial of Service Attack Mitigation Platform


Are you or your customers under attack?

We provide an extensive DDoS mitigation solution that can protect services located within our datacenters, servers in other locations not operated by Nexeon, and entire remote networks.


Malicious network traffic targeted against enterprises and network providers have cost organizations millions of dollars in downtime of mission critical services. Protect yourself against these attacks today by allowing our highly automated and efficient DDoS-Defense suite to mitigate these attacks for you. We utilize in-house protection methods alongside specific scrubbing appliances like RioRey gear to shield our clients against malicious layer 3, 4, and 7 DDoS attacks.

We protect against all 25 classes of DDoS attacks; see RioRey’s Taxonomy of DDoS Attacks for more information about the various forms of malicious attacks.

Instant Filtering

DDoS-Defense analyzes traffic around the clock to ensure that there is no delay in mitigation, a common flaw found in other filtering services.

Guaranteed Protection

We provide a 99.9% uptime SLA on services protected by DDoS-Defense within the subscribed protection size.

Downtime Denied

Our heuristic based scrubbing enables defense against all known threats, including those common against game servers, websites, and more!

Benefits of DDoS-Defense™ True Mitigation

  • Prevent service disruptions during attacks.
  • Reduce revenue loss due to attacks causing service outages.
  • Minimize latency caused by packet analysis and cloud filtering.
  • Prevent massive bandwidth overage charges caused by volumetric DDoS attack traffic against your network.
  • Pricing includes all IP addresses in an allocated block, unlike many competitors who charge per IP.
  • Attack logs are stored in your client panel for full transparency.

Frequently Asked Questions

What does the DDoS-Defense™ Platform protect against?
Our enterprise DDoS Protection protects against ALL known DDoS attack types, including:

  • UDP Flood
  • TCP Flood
  • SYN Flood
  • ICMP Flood
  • DNS Reflection Flood
  • All Layers: 1 through 7
What are the requirements for Remote Protection?
Many mitigation service providers require that you have your own BGP router and /24 or larger IP prefix in order to activate remote protection over a GRE tunnel. Although we do support this functionality, it is not a requirement and we can support smaller users who require IP space from us and do not operate their own BGP network.
Can we announce and withdraw prefixes over BGP with Remote Protection?
Yes! We allow the dynamic announcement and withdrawal of prefixes over BGP, giving you control of when an IP prefix should be routed through instant filtering in our scrubbing centers or when it should be routed normally on your network. Please note that the smallest size prefix that can be announced over BGP is a /24.
Under attack?

Contact us using this form and we will do our best to get in touch with you ASAP.

Interested in our services or have more questions?