How to Fight DDoS and Ransomware Attacks with Interconnection

Being able to move data where it needs to go—quickly, reliably and securely—is essential to addressing these key cybersecurity use cases

Guido Coenders
Michel Ludolph
How to Fight DDoS and Ransomware Attacks with Interconnection

The cybersecurity threats facing today’s digital businesses are complex and always changing. Companies rely on their digital infrastructure more than ever before, which means the risk of falling victim to a cyberattack has never been higher. At the same time, businesses are increasingly using distributed digital infrastructure to get closer to end users at the edge, creating a much larger attack surface for them to protect.

To address security vulnerabilities across their distributed digital infrastructure, businesses need a distributed security strategy that includes the right capabilities, delivered by the right partners in the right places. Only by implementing such a strategy can businesses keep up with the constantly evolving threat landscape they face on a daily basis.

A key aspect of any effective cybersecurity strategy is being able to move data where it needs to go— quickly, reliably and securely—and this is where direct, private interconnection can help. In this blog post, we’ll take a closer look at how interconnection can support two key cybersecurity use cases: distributed denial-of-service (DDoS) mitigation and backup air-gapping for ransomware protection.

Connect digital infrastructure at software speed

Increase the speed, flexibility and agility of your digital infrastructure

Download Now
Equinix Fabric™ Data Sheet front cover

Moving scrubbed data via interconnection enables more reliable DDoS mitigation services

Today’s DDoS attackers are nothing if not innovative, and the current threat landscape is practically unrecognizable from that of years past. According to research from our partners at Akamai, the top five vectors represented 90% of all DDoS attacks in 2010; last year, they accounted for only 55%.[i] This shows that attackers are experimenting with new vectors to diversify their approach.

A DDoS attack is a simple thing when you really look at it: Attackers launch a coordinated wave of traffic at the victim’s network, many times the volume of traffic the network would ordinarily receive. The attack traffic overwhelms the network and prevents legitimate traffic from getting through. If DDoS attacks are deceptively simple, then so too are the means used to fight them. If an attacker aims a massive volume of traffic at your door, you need to divert that traffic to a partner that has a much bigger door—one that can absorb the traffic without letting it cause disruption.

This is where DDoS mitigation providers come in. Before attack traffic can reach customers’ applications or infrastructure, these providers divert it to scrubbing centers, where the malicious traffic is identified and removed. The remaining legitimate traffic is then passed on to the customer’s network, thus allowing their operations to continue as normal.

This still leaves the question of how to get clean traffic back to customers with as little disruption as possible. Traditionally, DDoS mitigation providers  have returned scrubbed traffic using the public internet. This is not ideal for a number of reasons: For one, traffic crossing the internet does not follow a predefined path from source to destination, therefore limiting performance and reliability. This reduces the SLAs providers can offer on their services. Also, transporting scrubbed traffic using GRE and/or IPSec can create additional performance issues.

Today’s DDoS mitigation providers have a better option: Private, dedicated interconnection services offer proven performance benefits while also bypassing the vulnerabilities of the internet. Moving traffic from scrubbing centers to customers via private interconnection allows DDoS mitigation providers to offer a more reliable service, backed up by strong SLAs.

Several leading DDoS mitigation providers use Equinix Fabric®, our software-defined interconnection solution, to move data from scrubbing centers to customers. Examples include:

  • Akamai Prolexic: This cloud-based DDoS detection and mitigation solution uses Equinix Fabric to build a global interconnected network with dedicated high capacity that can help protect against even the most sophisticated DDoS attacks. Akamai also hosts many of its scrubbing centers on Platform Equinix®, strategically located in proximity to both customer networks and public clouds worldwide.
  • Cloudflare Magic Transit: Cloudflare can offer its DDoS mitigation service to our joint customers around the world, without those customers having to be physically colocated in the same data center as Cloudflare. Customers can simply create virtual connections on Equinix Fabric to access the Cloudflare service directly and privately from wherever they are.
  • NaWas: Our newest DDoS mitigation partner, NaWas is an on-demand service originating from the nonprofit Dutch National Internet Providers Organization. We believe the community-based concept behind NaWas is a unique and powerful way to fight back against DDoS attacks. We’re proud to say that Equinix Fabric now supports wider availability of NaWas throughout Europe in a simple and cost-effective way.[2]

Virtual connections protect against ransomware attacks via backup air-gapping

Just like DDoS attacks, ransomware attacks are evolving and growing more sophisticated every day. For instance, the most recent threat landscape report from the European Union Agency for Cybersecurity (ENISA)[3] noted that phishing is now the most common initial attack vector for ransomware. Attackers are capitalizing on phishing because it’s cheap, and difficult for organizations to protect against, as it requires each individual within the organization to be vigilant at all times.

The ENISA report also notes a shift in the ways that attackers are carrying out their ransoms: In the past, it was common for attackers to keep their actions secret while they negotiated ransom payments with victims. Now, they’re increasingly naming their victims publicly, with the goal of shaming them into paying quickly. Protecting against ransomware attacks has always been important; in this new reality, it’s become both a business imperative and a public relations imperative.

Another new factor in the evolution of ransomware is that attackers are increasingly targeting backup data. This is particularly problematic because companies often use backup data sets as part of their first line of defense against ransomware attacks: Rather than paying a ransom to restore compromised data, victims could simply wipe their systems clean and then restore data from their backup environments. Of course, they can’t do this if their backup data is also compromised.

Once again, Equinix Fabric can play an important role in addressing this issue. Businesses need to create a “moat” separating their backup from their primary storage environment, thus preventing ransomware attacks from carrying over from one environment into the other. The process of creating this separation is known as “air gapping.”

Equinix Fabric can act as the digital “drawbridge” that spans the air gap and connects the two environments as needed. Rather than leaving a connection in place at all times, Equinix customers can set up an on-demand virtual connection (VC) any time they need to back up data, and then immediately delete the VC once the backup is complete. Equinix customers can even use API calls or Terraform providers to automate the creation and deletion of VCs on Equinix Fabric. The backup air-gapping solution on Equinix Fabric can be used alongside managed services from our ecosystem of storage partners.

Start your interconnection journey today

To learn more about how software-defined interconnection supports a wide variety of digital use cases, including but not limited to cybersecurity, read the guide to Equinix Fabric today.

To find out how you can start implementing the specific use cases covered in this blog post, contact your Equinix Global Solutions Architect.


[1]The Relentless Evolution of DDoS Attacks”, Akamai, June 23, 2022.

[2]NaWas anti-DDoS services now available on Equinix Fabric”, NBIP, November 24, 2022.

[3]ENISA Threat Landscape 2022”, European Union Agency for Cybersecurity, October 2022.

Avatar photo
Guido Coenders Director, Global Solution Architecture
Avatar photo
Michel Ludolph Global Solutions Architect (GSA)
Subscribe to the Equinix Blog