Qrator Labs

Qrator Labs (formerly Highload Lab) is a company specializing in the study and creation of comprehensive measures to counter DDoS attacks.

According to 2016 data, Qrator Labs is the number one service in the field of DDoS counteraction in Russia (according to the IDC report'Russia Anti-DDoS Services Market 2016-2020 Forecast and 2015 Analysis').

Areas of activity

For 2017, the company provides anti-DDoS services in conjunction with WAF (Web Application Firewall) solutions, organized using the technology of partner company Wallarm. To effectively counter DDoS attacks, Qrator Labs uses data from its own global Internet monitoring service, Qrator.Radar.

Qrator technology uses an algorithm-based DDoS protection scheme, in which all traffic to a customer's site is previously passed through a specialized Qrator network, where it is analyzed and filtered in multilevel, and then sent directly to the customer's network via VPN or via the public Internet. All DDoS traffic is blocked on the Qrator network and does not reach client resources.

The Qrator filtering network covers Russia, the USA, the EU and Asia well, which, along with its own filtering algorithms, is the company's competitive advantage.

The Qrator Labs team is constantly improving unique filtering algorithms that are built using machine learning technologies. This allows filters to respond quickly to new types of threats automatically.

Among Russian clients in 2017, the company names: bank Tinkoff Credit Systems"," payment systems Qiwi(,, CyberplatElexnet""), e-commerce sites (Lamoda,,, Ulmart Dorado OZON,, Wildberries Citylink), media (MIA "," Russia Today radio station "Echo," Moscow Regnum, TV channels "Zvezda," TNT, "," ") and Rain NTV Plus many others.

History

2021

South American Market Entry

On April 6, 2021, Qrator Labs announced its entry into the South American market. The Russian company has launched a traffic purification center in Brazil to provide services to counter DDoS attacks in the region.

According to the press service of Qrator Labs, opening a traffic cleaning center in Brazil, the company is increasing the coverage of its network throughout the South American region, and therefore the DDoS protection service will be provided to customers with minimal traffic delays. This will help companies connect to the Qrator Labs cloud solution at an acceptable cost and protect themselves from distributed network attacks, the press release said.

According to the founder and CEO of Qrator Labs Alexander Lyamin, the Latin American market has very great potential in terms of traffic growth and Internet infrastructure development, so the company, in his opinion, took a logical step by opening a traffic clearing center in São Paulo.

Following our mission to make Runet a safer space, we want to offer our cloud service to as many South American companies as possible in order to increase the overall security of the region and fault tolerance of the infrastructure of any business, he said.

The company noted that the South American market is experiencing rapid growth in technology: online services are massively launched, a large number of telecom operators appear, and traffic is growing rapidly. At the same time, DDoS attacks are one of the most serious threats in South America, since the infrastructure of not all businesses has the necessary level of protection, which gives attackers many opportunities to carry out attacks for ransom or organize DDoS attacks to order.

Lyamin added that Qrator Labs plans to expand its network in a southeast direction, particularly by opening a new filtering point in India.^[1]

Opening of Dubai Traffic Cleanup Centre

On March 2, 2021, Qrator Labs, specializing in ensuring the availability Internet of resources and counteraction, DDoSto the attacks announced the opening of the next Traffic Purification Center in the market Middle East to provide services to counter DDoS attacks. This point of presence of the company was launched in Dubai.

The Middle East region is undergoing a serious transformation process, the integral part of which is the formation of an ecosystem of technological innovations. Spending on the information technology META region, which includes Turkey Africa IDC the Middle East, and is projected to increase by 2.8% to reach 77.5 billion dollars in 2021.

In this regard, the tasks of ensuring the availability and security of resources are one of the highest priorities for an increasing number of companies in the Middle East. There is growing concern among organizations in the Middle East about DDoS attacks. Many companies in the Gulf region not only see denial-of-service attacks as one of the main business threats, but also recognize the need to organize comprehensive protection against them. In the context of a difficult economic situation and the transition to online by an increasing number of companies, risks in cyberspace will continue to grow, losses from them will increase, which means that business is under a special blow.

The opening of a DPT in Dubai is becoming an important stage in the development of the Qrator Labs filtering network and the company's global expansion strategy. With this point of presence, the company significantly increases the coverage of its network, providing low delays for customers within the Middle East region interested in ensuring the continuous operation of their business.

The Middle East market is highly monopolized, so it is not easy to ensure acceptable connectivity in the region. However, we managed to build our network in such a way as to increase fault tolerance and strengthen the geographical distribution of the Qrator Labs network and provide direct access to customers and partners of the region, - comments Maxim Beloenko, director of Qrator Labs in the Middle East region. - The development of the infrastructure of our cloud solution allows us to provide customers with a service to counter DDoS attacks with minimal network delays at an acceptable cost.

The Dubai DPT was the 13th in Qrator Labs' global infrastructure. As of March 2021, the Qrator filtering network includes three nodes in Russia, two in the United States, three in the EU, four in Asia and one in the Middle East.

2020: Opening of the Center for Traffic Filtering in Japan

On April 28, 2020, Qrator Labs, specializing in accessibility and Internet countermeasures - DDoSto the attacks announced the opening of the Traffic Filtering Center Japan in (Osaka) - to provide services to counter network attacks to even more customers.

Asia is a key region for Qrator Labs business, and the launch of the next point of presence is part of the company's strategic expansion plan in markets in which it sees great potential.

Japan has one of the most progressive markets in terms of technology adoption, and the development of the IT sphere is supported by strategic initiatives of the state.

The open filtering platform, functioning according to BGP-anycast and connected to the channels of the largest backbone Internet providers, complements the cloud solution, expanding the company's infrastructure.

By entering this Traffic Center, Qrator Labs network capacity increased, fault tolerance increased, and network latency for customers was reduced. As of April 2020, the Qrator filtering network has 12 nodes: three of them in Russia, two in the USA, three in the EU and four in Asia. The total capacity of the Qrator network is more than 2 TB.

This point in Osaka significantly increases the coverage of our network in terms of delays. Previously, to provide a service for protecting against DDoS attacks in this region, the traffic of Japanese customers was sent through Hong Kong, which affected the performance and speed of data exchange. The development of the infrastructure of our cloud solution in Asia makes it possible to directly provide customers with our service to counter DDoS attacks. In the future, we plan to focus the main development focus on regions such as the Middle East, India and South America, comments CEO and founder of Qrator Labs Alexander Lyamin

2019: Opening an office in the United Arab Emirates

On January 15, 2019, Qrator Labs announced the expansion of its geographic presence and the opening of an office in the United Arab Emirates. The Dubai office will work to develop the company's business in the markets of the Middle East.

The Middle East IT market is one of the fastest growing and most promising. Over the past few decades, Dubai has become an international business center with a dynamic economy, and the United Arab Emirates has taken a leading position in the ranking of countries in the world with a high level of technological development and rapid pace of IT evolution. Innovation in information technology and ensuring a high degree of digitalization of many sectors of the economy have become state a policy priority in the UAE, and therefore increased requirements for accessibility and safety Internet resources have begun to be presented here.

The start of work in the United Arab Emirates opens up access for Qrator Labs to very important markets in the region and creates additional prospects for development, providing opportunities for the company to directly interact with partners and customers in the Middle East.

We see high interest from our partners from the Middle East in Russian technologies and, in turn, are ready to share the expertise and experience accumulated over the past 10 years of research on DDoS attacks in an aggressive environment and helping customers protect against constantly evolving cyber threats. The Middle East markets are focused on attracting high-tech organizations, and there are many opportunities for active expansion in the region. I am confident that the opening of an office in Dubai will allow us to achieve great success by offering our clients in the Middle East our service, which guarantees the availability of customer resources for users in conditions of maximum load.

2018

Collaboration with Internet Society

On December 24, 2018, it became known that Qrator Labs, specializing in countering DDoS-to the attacks and ensuring the availability Internet of - resources, announced the signing of a Memorandum of Cooperation with an international professional organization Internet Society that promotes the open development and evolution of the Internet. The goal of cooperation between organizations will be to increase the level of security of global routing and monitor traffic interceptions between telecom operators. More. here

Joining the ISP Working Group at ICANN

December 21, 2018, Qrator Labs specializing in countering - and DDoSto the attacks ensuring the availability Internet of - resources, announced that the international non-profit organization for domain name and IP address management ICANN approved its application to join the working group on representing the interests of the Internet providers in the global Internet community in order to ensure open interaction between ICANN and communication service providers.

ISPCP (The Internet Service Providers and Connectivity Providers continuity) is a part of the ICANN ecosystem responsible for meeting the interests of telecom operators related to the use of the DNS system, solving problems with the functioning of the Internet address book for operators, developing policies for regulating domain names and ensuring the achievement of the goals and objectives of the global DNS system.

author '= Artem Gavrichenkov, CTO, Qrator Labs ' The entry of Qrator Labs into the international ICANN community is a significant achievement for our team, testifying to the recognition of our work to improve the technical component of the Internet at the global level. For 5 years, we have been providing services to protect DNS servers and domains from DDoS attacks, monitor their security and stability. Working in the ISPCP group provides an opportunity for deeper integration between the Russian community of Internet providers and the world community of DNS.

ISPCP membership imposes a number of obligations on Qrator Labs. First of all, this is the use of technical expertise from Qrator Labs to improve the parameters of the functioning of the domain name system as a whole. Since one of the services of Qrator Labs is the protection of DNS servers and the study of the domain name system, the company plans to collect data on incorrect operation of servers around the world, and then bring this information for discussion in ICANN. Among the problems of DNS servers, such as the lack of support for Cyrillic characters, problems with the distribution of root domains, etc.

The second important task of Qrator Labs within the ICANN working group will be to strengthen the security of the DNS Internet address book and solve problems related to the development of attacks. Internet of Things The increase in the intensity of attacks may exceed the capabilities of the root server operator community to provide protection and threaten the stable functioning of the domain name system. Therefore, it is so important to establish active interaction between Internet providers in each region and bring to the global level the issues related to the threats of the Internet of things, and the possibilities of their solution in the future.

I am pleased to welcome the entry of Qrator Labs into ISPCP, one of the working groups of GNSO, an organization within the global ICANN community that supports the development of general-purpose top-level domain management policies. ISPCP represents the interests of Internet providers and providers of other communication services and unites telecom and Internet companies from all over the world, but so far no Russian company or the interests of other stakeholders in our region have been represented in it. I am sure that the experience and expertise of the Eastern European technical community have great potential and can bring a lot to the development of the world domain space.

Launch of the traffic center in the Netherlands

Qrator Labs, a company specializing in countering DDoS attacks and ensuring the availability of Internet resources, in January 2018 announced the opening of the third Traffic Center in Europe to provide services to counter DDoS attacks. The point of presence of the company was launched in Amsterdam, the Netherlands.

The newly launched traffic center is expected to expand Qrator Labs' presence in the European market. As of January 2018, the Qrator traffic filtering network has locations in three Western European countries: Germany, Sweden and the Netherlands.

The traffic filtering platform in Amsterdam uses modern 100GbE interfaces at the junctions with higher operators. In general, due to the launch of a traffic center in Europe, fault tolerance has increased and the geographical distribution of the Qrator network has increased.

We note high demand for solutions to neutralize DDoS attacks from European companies, and the area of ​ ​ countering distributed denial of service attacks in this region has great potential for growth. In this regard, we continue to actively expand in Europe, increase capacity and not only open new Traffic Centers, but also conclude partnership agreements with European suppliers. So, in parallel with the opening of the point of presence in the Netherlands, we concluded an agreement on technological cooperation with Pragma Security in France, "said Alexander Lyamin, CEO and founder of Qrator Labs. "Developing the infrastructure of our cloud solution in Europe and working with IT companies gives us the opportunity to provide even more customers in this region with our service for countering DDoS attacks, which many companies from various business areas in Russia and abroad have already been able to evaluate."

2017

Opening a point of presence in Hong Kong and Singapore

Qrator Labs on October 24, 2017 announced the opening of a point of presence in Hong Kong and Singapore. This was made possible by a partnership with NTT Communications, a provider of information and communication technology solutions in Asia.

NTT Communications is a subsidiary of Nippon Telegraph and Telephone Group (NTT Group). The creation of a connection to the NTT Communications network in Hong Kong and Singapore is the next stage in the development of Qrator Labs infrastructure in Southeast Asia, opening up opportunities for further expansion of the Qrator cloud solution, the company emphasized.

As of October 2017, the Qrator filtering network has three nodes in the United States, two in Russia, two in the EU and two in Asia. The nodes of the Qrator network are connected to the channels of the largest backbone Internet providers.

Opening a point of presence in Hong Kong and Singapore will allow us to improve connectivity in the region and improve network resiliency. We plan to continue to actively develop cooperation with the largest operators around the world to provide services to counter DDoS attacks to customers from different countries. In the future, the main focus will be on regions such as the Middle East, South Korea, Japan, "said Alexander Lyamin, CEO and founder of Qrator Labs.

Technology Partnership with ARinteg

On August 22, ARinteg, an information security (IS) integration company, and Qrator Labs, a company specializing in countering DDoS attacks and ensuring the availability of Internet resources, signed a partnership agreement. Thanks to this collaboration, ARinteg and Qrator Labs customers will be able to replenish their arsenal of security tools that ensure, along with the confidentiality and integrity of information, its availability.

As noted, it is the availability of information, the continuity of its processing and exchange that tops the rating of information security needs of the business. The collaboration of ARinteg with Qrator Labs DDoS anti-attack service will provide customers with the following capabilities:

• constant traffic analysis. After connecting, ARinteg client traffic constantly, in 24/7 mode, enters the Qrator network, where it is analyzed and filtered, and after "clean" traffic is redirected to the protected site. The Qrator network is built to operate under the constant influence of a large number of DDoS attacks, so an attack on the resource of one of the customers does not affect the functioning of other sites;
• ease of connection and further use. In particular, CAPTCHA and other annoying users of verification sites are not used;
• Automatic processing of traffic in the cloud, which does not require the participation of the customer's IT specialists and manual configuration to combat complex attacks.
• freedom to choose a software and technical architecture while maintaining the hosting available to the customer: to switch to the service, it is enough to change the A-record of the site in the domain name system (DNS);
• wide range of tariffs designed for small, medium, large businesses.

We provide customers with the most productive, technological solutions and, integrating them into information security systems, we achieve a synergistic effect. It is important that anti-tampering tools, virtual private networks, firewalls, antiviruses, anti-attack services and other products act in concert and provide customers with the greatest effect. Qrator Labs solutions fit optimally into this paradigm. That is why I rate the prospects for our cooperation extremely highly, "said Dmitry Slobodenyuk, Commercial Director of ARinteg.

Qrator Labs, together with its partners, is actively working to create a secure Internet space where all risks from cybercriminals are leveled. We are pleased that ARinteg has joined the ranks of our partners. Through cooperation with ARinteg, we will be able to help a number of customers - both large organizations and SMB-segment companies - ensure business continuity and network protection using a progressive cloud solution that meets both today's and future cybersecurity requirements, said Alexander Lyamin, CEO and founder of Qrator Labs.

2016

Start of technological cooperation with NGENIX

In September 2016, Qrator Labs and NGENIX announced the start of a technology collaboration. Customers will gain an advantage while using the services of the two companies. NGENIX and Qrator Labs are starting a technological collaboration in which companies will exchange data in order to improve the quality of traffic filtering and content delivery to Internet users. For example, when ordering a DDoS anti-attack service on the Qrator Labs site, the client can specify that it is a CDN NGENIX user, and the information received from NGENIX will be used later to fine-tune the filtering parameters.

Identify a vulnerability in the Quagga software BGP daemon

In June 2016, Qrator Labs discovered a vulnerability in the BGP daemon of Quagga routing software (bgpd) and wrote a patch to fix it.

A daemon is a computer program on UNIX-class systems that runs on the system itself and runs in the background without direct user interaction. Daemons are usually started while the system is booting. Typical daemon tasks include network protocol servers (HTTP, FTP, e-mail, etc.), hardware management, print queue support, scheduled job management, etc. In a technical sense, a daemon is a process that does not have a control terminal.

Quagga is one of the most common BGP daemons for UNIX-like operating systems, ensuring global availability of carriers. This implementation of the BGP protocol is also used in solutions of such vendors as Cumulus and Vyatta.

The vulnerability is arranged as follows. The bgp_dump_routes_func function, which is responsible for the binary presentation of routing information for an individual prefix, does not check the size of this information. It tries to write all the data to an array that has a limited size. If there is not enough free space, an exception occurs and bgpd fails.

Qrator Labs engineers discovered this vulnerability as part of the work on the Qrator.Radar project, studying the instability of the BGP protocol implementation in Quagga.

The Qrator Labs team independently wrote a patch to fix the vulnerability in the Quagga BGP daemon and sent it to software developers. If earlier all prefixes received from neighbors were aggregated into one record, which may not fit into a specific buffer, now several records are created with control of their size.

The Quagga developers replied that they were going to accept the patch as part of the next update cycle. The vulnerability was assigned CVE-2016-4049 labeling.

Our company does not specifically search for vulnerabilities in network equipment. We just noticed the trend, began to investigate the situation and found that the problem with the vulnerability of the BGP daemon allows attackers to organize DDoS attacks of a certain type. We found out what was the matter, notified the developer community, published a patch and a description of the vulnerability. This is in line with our mission to make the Internet safer and more sustainable, "commented Alexander Lyamin, head of Qrator Labs.

Opening of the Traffic Processing Center in Southeast Asia

In March 2016, Qrator Labs announced the opening of a South East Asia DPC, a Traffic Processing Center to provide services to counter DDoS attacks. The new point of presence opened by the company in Hong Kong complemented the Qrator cloud solution, strengthening the main competitive advantage - the geographical distribution of its own network. Qrator network is: three nodes in the USA, two in Russia, two in the EU, and one in Asia. The DPT in Hong Kong allows you to filter out garbage requests and bags from bots right on the way, thereby unloading networks in Russia.

2015

Entry into the Kazakhstan market

On November 23, 2015, Qrator Labs announced that it would enter the market of the Republic of Kazakhstan in terms of providing services to counter DDoS, hacker attacks and a stable DNS service.

Qrator Labs provides services for countering DDoS attacks together with the mobile operator of Kazakhstan JSC "Kcell," with which the company signed a partnership agreement.

As of November 23, 2015, Qrator Labs is the first and only supplier of such a service in this region, complying with regional legislation on the need to localize traffic in the Republic of Kazakhstan.

According to the partners, cooperation between Qrator Labs and Kcell will provide an opportunity to provide customer support around the clock in Kazakh, Russian and English. It is important that the site does not require a change of hosting provider or telecom operator to protect the site: the full range of services is available to customers all the power of the Qrator Labs backbone network.

Alexander Lyamin, head of Qrator Labs, said:

"The IT market of Kazakhstan is one of the rapidly developing and most promising in the CIS and generating large-scale projects, and the sphere of countering DDoS attacks in this region has great potential for growth. Since the number of DDoS  in Kazakhstan is steadily increasing, the demand for solutions to help neutralize attacks is quite high. Entering into a partnership agreement with Kcell will give us the opportunity to offer our customers our high-quality service, which guarantees the availability of customer resources at any time. Starting work in Kazakhstan opens an important sales channel for our company and creates new prospects for development. "

Availability of protected sites 99.89%

The power of Qrator Labs' own network structure at this time allows for traffic analysis and filtering at speeds over 1000 Gbps. The average availability of sites protected by Qrator at the end of 2015 was 99.89%, and the response time of Qrator to a DDoS attack in 97% cases does not exceed 2.5 minutes.

Qrator Labs customers at this time are more than 2,000 companies around the world. The first clients of Qrator Labs were web services that experience high loads - a portal Habrahabr.ru and an advertising network. Blogun The service is used by many large companies from various industries, such as (MEDIA newspaper, Sheets radio station, Echo of Moscow newspaper, News TV channels,), Rain(TNT-Teleset bank banks ,,,,), Tinkoff Credit Systems Svyaznoy Bank UniCredit Bank Sberbank Ukraine e-commerce sites (,,,,,) and Lamoda Ulmart others Enter. Dorado Groupon Biglion

2014: Opening of the Traffic Processing Center in the United States

In November 2014, the Qrator Labs lab cluster team announced the opening of the DPC, a Traffic Processing Center to provide services to counter DDoS attacks to customers from the United States and Canada. New locations opened by the company in the United States (including Silicon Valley) have complemented the company's cloud solution, bringing the total bandwidth of the traffic filtering network to several hundred gigabits.

"The US is the world's most important market for information security companies. American customers are well aware of the need for services to counter DDoS attacks, are ready and can pay for the work of professionals to help cope with this problem. But against the background of high demand for such services, there is also high competition between providers of such services. This is not an easy market, but we are sure that our offer is one of the most attractive in terms of technical elaboration, quality of service, functionality. Our methods have been tested for years and dozens of clients, are based on mathematical scientific calculations and work on unique algorithms that can very accurately distinguish between requests from bots and ordinary users. The system is constantly evolving - we collect information about the activity of attackers every minute. I am confident that Qrator will become a sought-after service in the United States, "says Lyamin Alexander, head of Qrator Labs.

2010: Running Traffic Filtering Network

In 2010, the company launched the Qrator traffic filtering network as the technological basis for a commercial service to protect sites from such threats. The algorithms and technologies that are used to counter attacks on customer sites are the company's know-how.

2009: Founding of Qrator Labs

In 2009, Qrator Labs was founded.

2006: Start developing measures to counter DDoS attacks

In 2006, the company created a specialized initiative group to study and develop comprehensive measures to counter DDoS attacks. The result of her work was QRATOR technology.

Notes