A traffic attack should not take your business offline.
Protect your servers before bad traffic reaches them. Megabit Cloud keeps DDoS protection always on, so you are not searching for an upgrade while customers are locked out.
Best for
Payment apps, ecommerce stores, public portals, APIs, and any production service where downtime costs money, trust, or regulatory trouble.
Common use cases
What attacks we absorb for you
Volumetric floods (L3)
PopularUDP floods, DNS amplification, NTP reflection, the attacks that saturate your bandwidth. Absorbed at our network edge in every region, before they reach your server.
Connection exhaustion (L4)
PopularSYN floods that fill your connection table. Mitigated before the traffic reaches your server in any of the 7 live AZs.
Application layer attacks (L7)
CommonHTTP floods, Slowloris, credential stuffing. Identified by behaviour and blocked per-flow, legitimate users in Nairobi, London, or Singapore are unaffected.
Nairobi fintech-targeted attacks
CommonAttacks targeting payment APIs, mobile money endpoints, and authentication flows, common against East African financial services running in our Nairobi facilities.
Real-time attack visibility
NewSee live traffic graphs, attack volume, and what is being blocked, in your Megabit console during any active attack across any AZ.
Pricing
What's included
Always-On Protection Across All 7 AZs, No Activation Required
Most DDoS services work by detecting an attack, then rerouting your traffic through a remote scrubbing centre, a process that takes 15 to 90 seconds during which attack traffic reaches your server unmitigated. Megabit protection is different: it is inline at our network edge, running continuously on protected IP addresses across supported Megabit zones. When an attack starts, it is already being mitigated. There is no window where you are exposed, in Nairobi or in London.
East African Fintechs Are Frequent Targets
Mobile money platforms, payment gateways, lending apps, and insurance platforms in Kenya and Rwanda experience DDoS attacks far more often than their counterparts realise. A payment platform that goes offline for four hours loses transactions, loses trust, and may receive a call from their regulator. DDoS protection is not optional for African fintech, it is infrastructure. Our protection in Nairobi reflects the actual threat landscape for East African financial services.
1 Tbps+ Scrubbing Capacity
Our combined scrubbing capacity across all live AZs exceeds 1 Tbps. Most DDoS attacks against African businesses peak well below 100 Gbps. We are sized well above the realistic threat level for all but the most targeted infrastructure. The attacks that saturate a business on a standard internet link, UDP floods, DNS amplification, are absorbed at our network edge before they reach the platform in any region.
Included at No Extra Charge, Every Region
DDoS protection is built into every Megabit Cloud server, in all 7 live AZs. You do not purchase it separately, enable it in settings, or upgrade to a protected tier. When you deploy a server in Nairobi, Kigali, London, Singapore, or Dallas, that server is behind our scrubbing infrastructure from the first second. There is no version of Megabit Cloud where your server is unprotected.
Volumetric Attack Absorption at the Network Edge
Large volumetric attacks are absorbed at our network edge before that traffic enters the platform, in every region. Your server never sees it. Your legitimate users are not competing with attack traffic for your server bandwidth. The volume is handled at infrastructure your application does not share with the attack. This applies whether your server is in Nairobi or in London.
SYN Flood Mitigation Without Server Changes
SYN floods send enormous numbers of fake connection requests, exhausting your server connection table. Our edge handles the SYN challenge and only forwards verified connections to your server. Your server application does not need to be modified, patched, or configured differently. The mitigation is transparent and works identically across all 7 AZs.
Application-Layer Protection for APIs and Websites
HTTP floods targeting your specific API endpoints, slow-connection attacks, and credential stuffing attacks against your login endpoint are identified by behavioural analysis. Attacking traffic is blocked per-flow. A Kenyan mobile banking API can be targeted with 50,000 fake login requests per second while legitimate customers continue authenticating without disruption. The same protection applies across all your deployments.
Real-Time Traffic Visibility During an Attack
The Megabit console shows you live traffic data during an attack in any region: total packets and bandwidth, attack traffic versus legitimate traffic, which mitigation layer is active, and which source countries are generating attack traffic. This matters for financial services teams that need to report to their CISO or regulator within hours of a security event, whether the attack targets Nairobi or London infrastructure.
Emergency Network-Level Isolation for Extreme Events
For the rare extreme event where attack volume exceeds scrubbing capacity, a targeted IP can be isolated at the network level, dropping all traffic to it and protecting the rest of the platform from collateral impact. This is a last resort, applied only when necessary, with customer notification and a commitment to restore service as soon as attack traffic subsides. Available in all regions.
No Latency Impact on Normal Traffic, Any Region
Inline scrubbing at hardware speed adds negligible latency during normal operation. Round-trip times from Nairobi CBD to our Nairobi servers, or from London to our London servers, are not measurably affected by the protection layer. Your application performance during normal operation is identical to an unprotected server. You gain protection without trading away speed in any of the 7 live regions.
Frequently asked questions
Always-on DDoS protection across 7 AZs. Nothing to activate. Nothing extra to pay.
1 Tbps+ scrubbing capacity protecting East African fintechs, e-commerce platforms, and government services in Nairobi, Kigali, London, Singapore, and Dallas. Zero additional cost. Zero configuration required.
DDoS protection in your market
Always-on DDoS mitigation with local payment options, regional support, and 1 Tbps+ scrubbing capacity for eligible cloud services.
