eco
04.08.2025

DDoS Protection Reimagined: AI and Automation as the Answer to Modern Attacks

Link11 has been working to secure digital infrastructures for two decades – a journey initiated by a serious DDoS attack on the company itself. In this interview, Jens-Philipp Jung discusses the company’s beginnings, technological paradigm shifts in IT security, and the widening gap between security requirements and corporate reality.

Link11 is celebrating its 20th anniversary this year. Where are the company’s roots? Which market did you enter at that time?

Link11’s roots go back to 2005. We originally established the company as a managed service provider for latency-critical network and server applications. My personal passion for technology played a major role in my decision to enter this market. I learned at an early stage just how important stable and high-performance networks are.

How did your original portfolio come to be expanded to include cybersecurity solutions? When and why did the focus eventually shift entirely to security?

The shift towards cybersecurity, and DDoS protection in particular, was rather unplanned. We ourselves became victims of massive DDoS attacks that paralysed our infrastructure. As we could not find a suitable solution on the market, we decided to develop our own. My co-founder, Karsten Desler, programmed our own DDoS protection solution, which was so effective that other companies approached us about it. This led to our current focus and, ultimately, the establishment of Link11 as a European provider of DDoS protection.

The latest BKA situation report indicates a growing number of DDoS campaigns. You offer customers patented DDoS protection utilising machine learning and automation – why is this issue still such a problem for so many companies and institutions today?

DDoS has been a perennial cyber threat for over 20 years. Despite all technological advances, it remains a problem for many companies because DDoS attacks have continued to evolve in both structure and impact.

Firstly, modern attacks have reached an entirely new scale and bandwidth. Today, we regularly see attacks that not only paralyse target servers, but also push entire peering connections and upstream providers to their limits. In the past, it may have been acceptable to filter DDoS traffic within your own network. Today, this is simply no longer practical because the traffic is too large, too fast and too distributed. That is why companies should rely on specialised infrastructures designed for these requirements.

Secondly, the complexity of attack methods has changed. Whereas Layer 3 and Layer 4 attacks were common in the past, the focus today is more on the application level, i.e. Layer 7. These targeted attacks are more difficult to detect and can paralyse entire web applications without generating large amounts of data. This requires a comprehensive security architecture, intelligent behaviour analysis, TLS inspection and in-depth analysis. Traditional network protection is no longer sufficient, especially for demanding customers who provide digital services in real time and must be available around the clock.

DDoS is no longer simply a bandwidth problem, but an IT security risk. However, it can be managed with intelligent, scalable and holistically designed solutions.

What role does the shortage of skilled workers play in IT security – and how can digital solutions help to counteract this?

The shortage of skilled workers is a structural problem that is being exacerbated by the increasing complexity and pace of IT security. Small and medium-sized enterprises, in particular, often lack the necessary personnel to keep up with the latest threats. AI-supported systems can now take over many repetitive tasks, enabling scarce resources to be targeted more specifically at critical issues.

In your view, what have been the most significant changes and paradigm shifts in IT security over the past 20 years?

I see three key paradigm shifts. Firstly, the integration of artificial intelligence, both on the attack and defence side. Attackers use generative AI for deceptively realistic phishing campaigns or to develop new attack scenarios. Secondly, the so-called shift-left approach: security is increasingly being integrated into development processes at an early stage. This means moving away from pure end-to-end security towards secure applications from the very first line of code. And thirdly, the concept of zero trust. In the past, the network was trusted per se, but today every application, every user and every device must constantly re-authenticate itself. This development is essential to protect against lateral movements by attackers.

What topics are cybersecurity experts currently focusing on? Which topics are most important to IT professionals in companies? Where might there be a gap between theory and everyday business?

The expert community is currently focusing on topics such as AI-based forms of attack, zero trust architectures and automated incident response. Companies, especially those in the mid-market, often face completely different challenges: outdated systems, insufficient budgets, a lack of awareness and the desire for simple, holistic solutions.

There is often a gap between expectations and reality. While highly complex security concepts are being developed in research and by providers, many companies primarily want a stable, easily integrable platform solution that covers as many risks as possible without overwhelming their staff. This is also one of the reasons why we at Link11 are much more broadly positioned today than a few years ago, as customers now demand platforms instead of isolated solutions.

DDoS Protection Reimagined: AI and Automation as the Answer to Modern Attacks