Cloud-based DDoS Protection for Expanded VPN Networks

Today’s Work-from-Home VPN Environment

For organizations urging their employees to work from home (WFH), the pattern of user connections to the enterprise network has turned upside down. Instead of most users connecting locally, now most are connecting remotely. Organizations are conducting critical business functions across the open Internet through dozens, hundreds or even thousands of individual VPNs.

This unexpected flood of WFH connections makes networks more vulnerable to the impact and damage of a distributed denial of service (DDoS) attack. Attackers can easily identify an organization’s VPN endpoint, either by monitoring traffic or, even easier, because many enterprises use “vpn” in the URL or host name for their VPN server. From there an attacker can identify the IP address with a quick DNS lookup and launch a network protocol attack or rent a bot network for a conventional volumetric attack. Either way employees are effectively locked out, business grinds to a halt and assets are exposed.

With VPN Protect, your VPN server is protected against DDoS attacks by a purpose-built, cloud-based DDoS mitigation solution that is always on, ensuring your work-from-home workforce remains connected and productive and your business is uninterrupted.

A Heightened Risk to Critical Resources Demands VPN Protect

Companies have inadvertently multiplied the potential impact of a DDoS attack by vastly increasing the use of VPN connections to allow more employees to work from home. Your VPN traffic and servers – and through them your network and digital assets and your ability to conduct business – have never been more vulnerable.

Neustar VPN Protect is ready today to protect your VPN traffic with a VIP proxy strategy that can be quickly implemented and deployed with a minimum of disruption:

  • VPN traffic is routed through our DDoS mitigation infrastructure;
  • Malicious traffic is removed from the VPN traffic;
  • Clean traffic can be returned directly via the internet, or sent through GRE tunnels if required;
  • Your SSL certs are not required to protect the traffic

Download PDF


  • Fast. Always-on cloud-based solution with the option of automated mitigation backed by a 24/7 SOC.
  • Flexible. Tailored to your needs and your network, with the option to protect all enterprise traffic.
  • Capable. Dedicated DDoS mitigation network with massive 12+ Tbps capacity covering layers 3-7.
  • Expert. Best practices and countermeasures based on 15+ years of experience.
Related Resources