DDoS Protection Service
Protect your critical digital services against DDoS attacks
OVERVIEW
DDoS (Distributed Denial of Service) attacks are cyberattacks that aim to disrupt service availability by sending high volumes of traffic to target systems.
The DT Cloud DDoS Protection Service offers two different service models that provide protection against various attack types from the network layer to the application layer:
The DT Cloud DDoS Protection Service offers two different service models that provide protection against various attack types from the network layer to the application layer:
-
Volumetric DDoS Protection
Basic protection against high-volume network attacks -
Inline Advanced DDoS Protection
Advanced attack analysis and mitigation including the application layer
With these two models, organizations can implement either basic or advanced DDoS protection architectures depending on their needs.
For more information, please fill out the form and we will call you.
What is DDoS?
DDoS attacks aim to exhaust the network capacity or processing power of target systems by sending fake or malicious traffic from multiple sources.
As a result of these attacks:
- Websites may become inaccessible
- API services may fail to respond
- Applications may slow down or stop completely
DDoS attacks typically occur across three main layers:
-
1
L3/L4 (Network / Transport)
High-volume volumetric attacks -
2
L7 (Application Layer)
Attacks targeting web applications and services -
3
Bot-based attacks
Automated attempts to consume service resources
The DT Cloud DDoS service provides protection against these attacks at multiple levels.
VOLUMETRIC DDOS PROTECTION
Basic Protection Against High-Volume Network Layer Attacks
The Volumetric DDoS protection model targets high-volume attacks occurring at the L3/L4 layer.
This model is particularly effective against attacks designed to exhaust bandwidth.
This service model:
- Provides protection againstGbps/Tbps scale attacks
- Cleans attack traffic using a scrubbing center architecture
- Uses BGP diversion mechanisms for traffic redirection
-
Protected attack types
- UDP Flood
- TCP SYN Flood
- Amplification attacks (DNS, NTP, CLDAP, etc.)
-
Key features
- L3/L4 network layer protection
- Mitigation based on PPS or traffic thresholds
- RTBH (Remote Triggered Black Hole) support
- Traffic filtering via BGP Flowspec
- Rapid intervention at the edge router level
- This model provides basic volumetric attack protection, but does not cover application layer attacks.
-
Service approach
- SLA: Best Effort
- Traffic flows through normal routing
- Mitigation activates when an attack is detected
- RTBH can be applied if necessary
- Volumetric protection is positioned as a baseline security layer for internet-facing services.
INLINE ADVANCED DDOS PROTECTION
Advanced DDoS Protection Including the Application Layer
The Inline Advanced DDoS protection model is based on an always-on protection architecture, where traffic continuously passes through security devices.
This model:
- Performs attack analysis at L3, L4, and L7 layers
- Continuously monitors traffic and detects anomalies
- Filters attacks at the application level
-
Protected attack types
- HTTP GET / POST Flood
- Slowloris attacks
- HTTPS CPU Exhaustion
- Bot-based application layer attacks
-
Key features
- Always-on protection architecture
- Application-aware filtering
- Optional SSL inspection
- Bot mitigation and behavioral analysis
- Real-time attack detection
The inline model is particularly designed for critical applications such as:- E-commerce platforms
- Financial services
- SaaS applications
- High-traffic web services
-
Service approach
- SLA: Guaranteed Mitigation
- Traffic is continuously analyzed inline
- SOC-supported operational response is available
Service Model Comparison
| Feature | Volumetric Protection | Inline Advanced |
|---|---|---|
| Protection Layer | L3 / L4 | L3 / L4 / L7 |
| Traffic Flow | Normal routing | Continuous inline |
| Mitigation | Threshold-based | Behavioral analysis |
| Protection Model | Best Effort | Always-on |
| Monitoring | Netflow / sFlow | Full telemetry |
| SLA | Best Effort | Guaranteed |
Use Cases
The DT Cloud DDoS protection service is particularly critical for:
- Internet-facing web services
- API platforms
- SaaS applications
- Hosting and cloud infrastructures
- High-traffic digital services
Why DT Cloud DDoS Protection?
-
Local cloud infrastructure -
Data centers located in Türkiye -
SOC-supported operations -
Regulatory compliance
Frequently Asked Questions
DDoS (Distributed Denial of Service) attacks aim to exhaust your bandwidth and network resources by sending extremely high volumes of traffic to your services.
Volumetric attacks primarily occur at the L3/L4 (network/transport layer) and reduce service availability.
It focuses on L3/L4 level attacks (Standard Volumetric), such as UDP flood, SYN flood, and reflection/amplification attacks.
For L7 (HTTP/application layer) attacks, deployment alongside a WAF is generally recommended: While L3/L4 protection mitigates large traffic volumes, WAF manages application layer threats.
Typical volumetric DDoS coverage includes UDP flood, TCP SYN flood, ICMP flood and Reflection and amplification attacks (DNS/NTP/CLDAP, etc.)
The most common mitigation approach includes dropping malicious traffic, applying rate limits and filtering traffic based on protocol.
These mitigation actions are triggered automatically once an attack is detected.
These mitigation actions are triggered automatically once an attack is detected.
Mitigation can operate in two modes: Always-on protection, On-demand / routed mitigation.
In scrubbing architectures (such as Akamai), both approaches may be used depending on the implementation model.
In scrubbing architectures (such as Akamai), both approaches may be used depending on the implementation model.
DDoS protection solutions typically integrate into the existing network topology.
The goal is to enable protection with minimal changes on the customer side, including routing or BGP-based scenarios.
RTBH (Remote Triggered Black Hole) is a mechanism used to completely drop traffic targeting a specific destination in extreme situations to maintain network stability.
Since it may cause temporary service disruption, it is generally used as a last-resort mitigation technique.
Since it may cause temporary service disruption, it is generally used as a last-resort mitigation technique.
BGP FlowSpec enables faster and centralized implementation of filtering rules such as blocking, redirecting, or rate limiting traffic across the network.
It is commonly used in the DDoS mitigation toolsets of large-scale service providers.
It is commonly used in the DDoS mitigation toolsets of large-scale service providers.
DDoS protection mitigates volumetric attacks targeting L3/L4 network capacity. WAF protects against L7 application-layer attacks such as malicious HTTP requests
When used together, they provide end-to-end protection.
When used together, they provide end-to-end protection.
It is primarily suitable for organizations operating: Internet-facing web services, API platforms, SaaS applications, Hosting infrastructures, High-traffic digital services.
Keep up with the age with artificial intelligence technologies!
Reserve your spot for NVDIA H100 and A100 processors and catch up with AI technologies!
Reserve your Spot
-
Subscribe to our newsletter to be informed about innovations in the cloud world.
Copyright ©2025 DT. All Rights Reserved.
Subscribe to our newsletter to be informed about innovations in the cloud world.
Copyright ©2025 DT. All Rights Reserved.