Qrator Labs

Qrator Labs (formerly Highlight Lab) is a company specializing in the study and creation of comprehensive measures to counter DDoS attacks.

According to 2016 data, Qrator Labs is the number one service in the field of countering DDoS in Russia (according to the report of IDC 'Russia Anti-DDoS Services Market 2016-2020 Forecast and 2015 Analysis').

Activities

For 2017, the company provides anti-DDoS services in conjunction with WAF (Web Application Firewall) solutions organized according to the technology of Wallarm partner company . For effective counteraction to the DDoS-attacks of Qrator Labs uses data of own service of global monitoring internetaqrator.Radar.

Qrator technology uses a DDoS attack protection scheme built on an algorithm in which all traffic to the customer's site is previously passed through a specialized Qrator network, where it undergoes analysis and layered filtering, and after that it is sent directly VPN to the customer's network via the Internet or through the public network. All DDoS traffic is blocked on the Qrator network and does not reach the client resources.

The Qrator filtering network covers Russia, the USA, the EU and Asia well, which, along with its own filtering algorithms, is a competitive advantage of the company.

The Qrator Labs team is constantly improving unique filtering algorithms that are built using machine learning technologies. This allows filters to respond quickly to new types of threats automatically.

Among the Russian customers in 2017, the company names: bank Tinkoff Credit Systems"," payment systems Qiwi(,, CyberplatEleksnet""), e-commerce sites (Lamoda,,, Ulmart El Dorado OZON,, Wildberries Citilink), media (MIA "," Russia Today radio station "Echo," Moscow Regnum, TV channels "Star," TNT, ",") and Rain NTV-Plus many others.

History

2021

Entering the South American Market

On April 6, 2021, Qrator Labs announced its entry into the South American market. The Russian company launched a traffic clearing center in Brazil to provide services to counter DDoS attacks in the region.

According to the press service of Qrator Labs, opening a traffic clearing center in Brazil, the company increases its network coverage throughout South America, and therefore the DDoS attack protection service will be provided to customers with minimal traffic delays. This will help companies connect to the Qrator Labs cloud solution at an acceptable cost and protect themselves from distributed network attacks, the press release said.

According to the founder and CEO of Qrator Labs Alexander Lyamin, the Latin American market has very great potential in terms of traffic growth and the development of Internet infrastructure, so the company, in his opinion, took a logical step by opening a traffic clearing center in São Paulo.

Following our mission to make Runet a safer space, we want to offer our cloud service to as many South American companies as possible in order to increase the overall security of the region and the fault tolerance of the infrastructure of any business, "he said.

The company noted that the South American market is experiencing rapid growth in technology: online services are being massively launched, a large number of telecom operators appear, and traffic is growing rapidly. At the same time, DDoS attacks are one of the most serious threats in South America, since the infrastructure of not all businesses has the necessary level of protection, which gives attackers many opportunities to conduct ransom attacks or organize DDoS attacks on order.

Lyamin added that Qrator Labs plans to expand its network in a southeast direction, in particular by opening a new filtration point in India.^[1]

Opening of the Dubai Traffic Clearing Centre

On March 2, 2021, Qrator Labs, specializing in ensuring the availability Internet of -resources and counteracting - DDoSto the attacks announced the opening of the next Traffic Clearing Center in the market Middle East to provide services to counter DDoS attacks. This point of presence of the company was launched in Dubai.

The Middle East region is undergoing a serious transformation process, the integral part of which is the formation of an ecosystem of technological innovation. Spending on information technology in the META region, including the Middle East, Turkey and Africa, is projected by IDC to increase by 2.8% to $77.5 billion in 2021.

As a result, resource availability and security are becoming a top priority for an increasing number of companies in the Middle East. There is growing concern among Middle Eastern organizations about DDoS attacks. Many companies in the Persian Gulf region not only consider denial-of-service attacks one of the main business threats, but also realize the need to organize comprehensive protection against them. In the context of a difficult economic situation and the transition to online by an increasing number of companies, risks in cyberspace will continue to grow, losses from them will increase, which means that the business is under special attack.

The opening of the data center in Dubai is an important stage in the development of the Qrator Labs filtering network and the company's global expansion strategy. With this point of presence, the company significantly increases the coverage of its network, providing low delays for customers within the Middle East region interested in ensuring the continuous operation of their business.

The Middle East market is heavily monopolized, so ensuring acceptable connectivity in the region is not easy. However, we managed to build our network in such a way as to increase fault tolerance and increase the geographical distribution of the Qrator Labs network and provide direct access to customers and partners in the region, "comments Maxim Beloenko, director of Qrator Labs in the Middle East region. - The development of the infrastructure of our cloud solution allows us to provide customers with a service to counter DDoS-attacks with minimal network delays at an acceptable cost.

TSOT in Dubai became the 13th in the global infrastructure of Qrator Labs. As of March 2021, the Qrator filtration network includes three nodes in Russia, two in the United States, three in the EU, four in Asia and one in the Middle East.

2020: Opening of the Traffic Filtering Center in Japan

On April 28, 2020, Qrator Labs, specializing in ensuring the availability Internet of -resources and counteracting - announced DDoSto the attacks the opening of the Traffic Filtering Center Japan in Osaka - to provide services to counter network attacks to even more customers.

Asia is a key region for the Qrator Labs business, and the launch of another point of presence is part of the company's strategic plan to expand into markets in which it sees great potential.

Japan has one of the most progressive markets in terms of technology adoption, and IT development is supported by strategic initiatives of the state.

The BGP-anycast open filtering platform, connected to the channels of the largest backbone ISPs, complements the cloud solution by expanding the company's infrastructure.

The introduction of this Traffic Center has increased Qrator Labs network capacity, increased fault tolerance and reduced network delays for clients. As of April 2020, the Qrator filtration network has 12 nodes: three of them in Russia, two in the USA, three in the EU and four in Asia. The total capacity of the Qrator network is more than 2 TB.

This point in Osaka significantly increases the coverage of our network in terms of delays. Previously, to provide a service to protect against DDoS attacks in this region, Japanese customer traffic was sent through Hong Kong, which affected the performance and speed of data exchange. The development of our cloud solution infrastructure in Asia makes it possible to directly provide our service to customers to counter DDoS attacks. In the future, we plan to focus on regions such as the Middle East, India and South America, commented by Qrator Labs CEO and founder Alexander Lyamin

2019: Opening of an office in the United Arab Emirates

On January 15, 2019, Qrator Labs announced the expansion of its geographical presence and the opening of an office in the United Arab Emirates. The office in Dubai will work to develop the company's business in the markets of the Middle East.

The Middle East IT market is one of the fastest growing and most promising. Over the past few decades, Dubai has become an international center of business with a dynamic economy, and the United Arab Emirates has taken a leading position in the ranking of countries in the world with a high level of technological development and a rapid pace of IT evolution. Innovation in information technologies and ensuring a high degree of digitalization of many sectors of the economy have become a priority state of policy in the UAE, and therefore increased requirements have begun to be placed on ensuring accessibility and - safety Internet resources.

The start of work in the United Arab Emirates opens up access for Qrator Labs to very important markets in the region and creates additional prospects for development, providing opportunities for the company to interact directly with partners and customers in the Middle East.

We see a high interest on the part of our partners from the Middle East in Russian technologies and, in turn, are ready to share the expertise and experience gained over the past 10 years of research into DDoS attacks in an aggressive environment and help customers protect against constantly evolving cyber threats. Markets in the Middle East are focused on attracting high-tech organizations, and there are many opportunities for active expansion in the region. I am sure that the opening of an office in Dubai will allow us to achieve great success by offering our service to customers of the Middle East countries, which guarantees the availability of customer resources for users in conditions of maximum load.

2018

Cooperation with Internet Society

On December 24, 2018, it became known that Qrator Labs, specializing in countering DDoS-to the attacks and ensuring accessibility Internet- of resources, announced the signing of a Memorandum of Cooperation with an international professional organization Internet Society that promotes the open development and evolution of the Internet. The goal of cooperation between organizations will be to increase the level of security of global routing and monitor traffic interceptions between telecom operators. More. here

Joining the ISP Working Group at ICANN

On December 21, 2018, Qrator Labs specializing in countering - and DDoSto the attacks ensuring accessibility Internet of - resources, announced that the international non-profit domain name and IP address management organization ICANN approved her application to join the working group on representing the interests of the Internet providers in the global Internet community in order to ensure open interaction between ICANN and communication service providers.

The Internet Service Providers and Connectivity Providers (ISPCP) group is part of the ICANN ecosystem, responsible for respecting the interests of telecom operators associated with the use of the DNS system, solving problems encountered by operators with the operation of the Internet address book, developing domain name management policies and ensuring the achievement of global DNS goals and system.

author '= Artem Gavrichenkov, Qrator Labs Technical Director ' The entry of Qrator Labs into the international ICANN community is a significant achievement for our team, testifying to the recognition of our activities to improve the technical component of the Internet at the global level. For 5 years, we have been providing services to protect DNS servers and domains from DDoS attacks, monitor their security and stability. Working in the ISPCP group provides an opportunity for deeper integration between the Russian community of Internet providers and the international DNS community.

ISPCP membership imposes a number of obligations on Qrator Labs. First of all, this is the use of technical expertise Qrator Labs to improve the functioning parameters of the domain name system as a whole. Since one of the services of Qrator Labs is the protection of DNS servers and the study of the domain name system, the company plans to collect data on incorrect server operation around the world, and then submit this information to ICANN for discussion. Among the problems of DNS servers may be such as the lack of support for Cyrillic characters, problems with the distribution of root domains, etc.

The second important task of Qrator Labs in the framework of the ICANN working group will be to strengthen the security of the DNS Internet address book and solve problems related to the development of Internet of Things attacks. The increase in attacks can exceed the ability of the root server operator community to provide protection and threaten the stable functioning of the domain name system. Therefore, it is important to establish active interaction between Internet service providers in each region and to bring to the global level issues related to Internet of Things threats and the possibility of their solution in the future.

I am pleased to welcome Qrator Labs to join ISPCP, one of the GNSO working groups, an organization within the global ICANN community that supports the development of general-purpose top-level domain management policies. ISPCP represents the interests of Internet providers and providers of other communication services and unites telecom and Internet companies from around the world, but so far no Russian company or the interests of other stakeholders in our region have been represented in it. I am sure that the experience and expertise of the Eastern European technical community have great potential and can bring a lot to the development of the world domain space.

Start a traffic center in the Netherlands

Qrator Labs, specializing in countering DDoS attacks and ensuring the availability of Internet resources, in January 2018 announced the opening of Europe's third Traffic Processing Center to provide services to counter DDoS attacks. The company's point of presence was launched in Amsterdam, the Netherlands.

It is expected that the newly launched traffic processing center will expand the presence of Qrator Labs in the European market. As of January 2018, the Qrator traffic filtering network has points of presence in three countries in Western Europe: Germany, Sweden and the Netherlands.

The traffic filtering site in Amsterdam uses modern 100GbE interfaces at the junctions with higher-level operators. In general, due to the launch of a traffic processing center in Europe, fault tolerance has increased and the geographical distribution of the Qrator network has increased.

We note the high demand for solutions to neutralize DDoS attacks from European companies, and the area of ​ ​ countering distributed denial of service attacks in this region has great potential for growth. In this regard, we continue to actively expand in Europe, increase capacity and not only open new Traffic Processing Centers, but also conclude partnership agreements with European suppliers. So, in parallel with the opening of the point of presence in the Netherlands, we concluded an agreement on technological cooperation with Pragma Security in France, "said Alexander Lyamin, CEO and founder of Qrator Labs. "The development of our cloud solution infrastructure in Europe and working with IT companies gives us the opportunity to provide even more customers of this region with our service to counter DDoS attacks, which many companies from various business sectors in Russia and abroad have already been able to evaluate."

2017

Opening of a point of presence in Hong Kong and Singapore

Qrator Labs announced on October 24, 2017 the opening of a point of presence in Hong Kong and Singapore. This was made possible by a partnership agreement with NTT Communications, a provider of information and communication technology solutions in Asia.

NTT Communications is a subsidiary of Nippon Telegraph and Telephone Group (NTT Group). The creation of a connection to the NTT Communications network in Hong Kong and Singapore is another stage in the development of Qrator Labs infrastructure in Southeast Asia, opening up opportunities for further expansion of the Qrator cloud solution, the company emphasized.

As of October 2017, the Qrator filtering network has three nodes in the United States, two in Russia, two in the EU and two in Asia. Qrator network nodes are connected to the channels of the largest trunk ISPs.

Opening a point of presence in Hong Kong and Singapore will allow us to improve connectivity in the region and increase the fault tolerance of the network. We plan to continue to actively develop cooperation with major operators around the world to provide services to counter DDoS attacks to customers from different countries. In the future, the main focus will be on such regions as the Middle East, South Korea, Japan, "said Alexander Lyamin, CEO and founder of Qrator Labs.

Technology Partnership with ARinteg

On August 22, ARinteg, which operates in the field of integrating information security (IS) solutions, and Qrator Labs, which specializes in countering DDoS attacks and ensuring the availability of Internet resources, signed a partnership agreement. Thanks to this collaboration, ARinteg and Qrator Labs customers will be able to replenish the arsenal of security tools that ensure, along with the confidentiality and integrity of information, its availability.

As noted, it is the availability of information, the continuity of its processing and exchange that leads the rating of the IB needs of the business. ARinteg's collaboration with Qrator Labs DDoS Anti-Attack Service provides customers with the following capabilities:

• continuous traffic analysis. After connection, ARinteg client traffic is constantly sent to the Qrator network in 24/7 mode, where it is analyzed and filtered, and then "clean" traffic is redirected to the protected site. The Qrator network is built to work under the constant influence of a large number of DDoS attacks, so an attack on the resource of one of the customers does not affect the functioning of other sites;
• easy connection and further use. In particular, CAPTCHA and other annoying users of verification sites are not used;
• Automatic processing of traffic in the cloud, which does not require the participation of the customer's IT specialists and manual configuration to combat complex attacks;
• freedom to choose a software and technical architecture while preserving the customer's existing one: hosting to switch to the service, it is enough to change the site A-record domain in the name system (DNS);
• a wide range of tariffs designed for small, medium, large business.

We provide customers with the most productive, technological solutions and, by integrating them in IB systems, we achieve a synergistic effect. It is important that protection against unauthorized access, virtual private networks, firewalls, antivirus, anti-attack services and other products act in concert and provide customers with the greatest impact. Qrator Labs solutions fit optimally into this paradigm. That is why the prospects for our cooperation are extremely high, "said Dmitry Slobodenyuk, commercial director of ARinteg.

Qrator Labs, together with its partners, is actively working to create a secure Internet space where all risks from the actions of intruders are leveled. We are pleased that ARinteg has joined our partners. By working with ARinteg, we can help a range of customers - both large organizations and SMB companies - ensure business continuity and network resource protection using a progressive cloud solution that meets both today's and future cybersecurity requirements, "said Alexander Lyamin, CEO and founder of Qrator Labs.

2016

Start of technological cooperation with NGENIX

In September 2016, Qrator Labs and NGENIX announced the start of technological cooperation. Customers will benefit from using the services of two companies at the same time. NGENIX and Qrator Labs are launching a technology collaboration in which companies will exchange data in order to improve the quality of traffic filtering and the delivery of content to Internet users. For example, when ordering an anti-DDoS attack service on the Qrator Labs site, the client can indicate that he is a CDN NGENIX user, and the information received from NGENIX will be used in the future to fine-tune the filtering parameters.

Vulnerability Detection in Quagga Software BGP Daemon

In June 2016, Qrator Labs discovered a vulnerability in the BGP daemon of the Quagga (bgpd) routing software and wrote a patch to fix it.

A daemon is a computer program in UNIX class systems that is run by the system itself and runs in the background without direct user interaction. Daemons are usually started during system boot. Typical daemon tasks are network protocol servers (HTTP, FTP, e-mail, etc.), equipment management, print queue support, scheduled job execution management, etc. In a technical sense, a daemon is a process that does not have a control terminal.

Quagga is one of the most common BGP daemons for UNIX-like OS, providing global carrier availability. This implementation of the BGP protocol is also used in solutions of vendors such as Cumulus and Vyatta.

Vulnerability is structured as follows: The bgp_dump_routes_func function, which is responsible for the binary representation of routing information for a single prefix, does not check the size of this information. It attempts to write all data to an array that has a limited size. If there is not enough free space, an exception occurs and bgpd fails.

Qrator Labs engineers discovered this vulnerability as part of the project work, Qrator.Radar studying the instability of the BGP implementation in Quagga.

The Qrator Labs team independently wrote a patch to fix the vulnerability in the BGP demon Quagga and sent it to software developers. If before all prefixes received from neighbors were aggregated into one record, which may not fit in a certain buffer, then now several records are created with control of their size.

Quagga developers responded that they were going to accept the patch as part of the next update cycle. Vulnerabilities were labeled CVE-2016-4049.

Our company does not specifically search for vulnerabilities in network equipment. We simply noticed the trend, began to investigate the situation and found that the problem with the vulnerability of the BGP daemon allows attackers to organize DDoS attacks of a certain type. They found out what was the matter, notified the development community, published a patch and a description of the vulnerability. This corresponds to our mission - to make the Internet safer and more sustainable, "commented Alexander Lyamin, head of Qrator Labs.

Opening of the Southeast Asian Traffic Center

In March 2016, Qrator Labs announced the opening of a Southeast Asian data center - a traffic processing center to provide services to counter DDoS attacks. The new point of presence opened by the company in Hong Kong supplemented the Qrator cloud solution, strengthening the main competitive advantage - the geographical distribution of its own network. The Qrator network is: three nodes in the USA, two in Russia, two in the EU, and one in Asia. The Hong Kong data center allows you to filter out garbage requests and packages from bots right on the way, thereby unloading networks in Russia.

2015

Entering the market of Kazakhstan

On November 23, 2015, Qrator Labs announced its entry into the market of the Republic of Kazakhstan in terms of providing services for countering DDoS, hacking and sustainable DNS service.

Qrator Labs provides counteraction services DDoS attacks together with the mobile operator of Kazakhstan JSC, with "Xell" which the company signed a partnership agreement.

As of November 23, 2015, Qrator Labs is the first and only  provider of such a service in this region, complying with regional legislation on the need to localize traffic in the territory of the Republic of Kazakhstan.

According to the partners, the cooperation between Qrator Labs and Kcell will make it possible to provide customer support around the clock in Kazakh, Russian and English. It is important that to protect the site there is no need to change the hosting provider or carrier: the full range of services is available to customers all the power of the Qrator Labs backbone network.

Alexander Lyamin, head of Qrator Labs, said:

"Kazakhstan's IT market is one of the fastest-growing and most promising in the CIS and generating large-scale projects, and the area of ​ ​ countering DDoS attacks in this region has great potential for growth. Since the number of DDoS  in Kazakhstan is steadily increasing, the demand for solutions to help neutralize attacks is quite high. By entering into a partnership agreement with Xell, we will be able to offer our customers our high-quality service, which guarantees the availability of customer resources at any time. The beginning of work in Kazakhstan opens an important sales channel for our company and creates new prospects for development. "

Protected Sites Availability 99.89%

The power of Qrator Labs own network structure at this time allows you to analyze and filter traffic at a rate above 1000 Gb/s. The average availability of sites protected by Qrator at the end of 2015 year was 99.89%, and the reaction time of Qrator to a DDoS attack in 97% cases does not exceed 2.5 minutes.

Qrator Labs customers at this time are more than 2000 companies around the world. The first customers of Qrator Labs were high-load web services - the Habrahabr portal and the Blogun advertising network. Many large companies from various industries, such as media (Vedomosti newspaper, Echo of Moscow radio station, the Izvestia newspaper, Dozhd TV channels, TNT-Teleset), banks (Tinkoff Credit Systems bank, Svyaznoy Bank, YuniKredit Bank, Sberbank Ukraine), the websites of electronic commerce (Lamoda, Ulmart, Enter, El Dorado, Groupon, Biglion) and others use service.

2014: Opening of Traffic Center in the USA

In November 2014, the Qrator Labs lab cluster team announced the opening of a data center - a traffic processing center to provide services to counter DDoS attacks to customers from the United States and Canada. The new points of presence opened by the company in the USA (including in Silicon Valley) supplemented the company's cloud solution, bringing the total throughput of the traffic filtering network to several hundred gigabits.

"The United States is the world's most important market for companies providing information security services. American customers are well aware of the need for services to counter DDoS attacks, are ready and can pay for the work of professionals who help to cope with this problem. But against the background of high demand for such services, there is also high competition among suppliers of such services. This is not an easy market, but we are sure that our offer is one of the most attractive in terms of technical development, quality of service provision, functionality. Our methods have been tested for years and dozens of customers, are based on mathematical scientific calculations and work on unique algorithms that can very accurately distinguish requests from bots and from ordinary users. The system is constantly evolving - we collect information about the activity of intruders every minute. I am sure that Qrator will become a popular service in the United States, "says Lyamin Alexander, head of Qrator Labs.

2010: Start Traffic Filtering Network

In 2010, the company launched the Qrator traffic filtering network as a technological basis for commercial service to protect sites from such threats. Algorithms and technologies that are used to counter attacks on customer sites are know-how companies.

2009: Foundation of Qrator Labs

In 2009, Qrator Labs was founded.

2006: Start developing measures to counter DDoS attacks

In 2006, the company created a specialized initiative group to study and develop comprehensive measures to counter DDoS attacks. The result of her work was QRATOR technology.

Notes