When shopping around for distributed denial of service (DDoS) mitigation services, enterprises would be wise to determine which kind of protection their business needs. Some companies are motivated to look for DDoS protection because they have experienced a volumetric attack; i.e., a large-scale attack that crippled a web application or website.
Other companies seek a solution to small, sub-saturating DDoS attacks, the kind that can strain network resources or—more importantly—mask a dangerous security breach. Other companies may experience both types of DDoS attacks. Regardless, every company should worry about the sub-saturating attacks that often go unnoticed and are dismissed as “noise” in the network.
5 Essential Qualities to Look For in a DDoS Mitigation Solution
- It's Always On. Corero has found that the majority of DDoS attacks on our customers are short, sub-saturating attacks, less than five minutes in duration and under 1 Gbps – these shorter attacks typically evade detection by most legacy and homegrown DDoS mitigation tools, which are generally configured with detection thresholds that ignore this level of activity.
- It's Cost-effective. Legacy anti-DDoS solutions are usually out-of-band scrubbing centers. In this approach, IT security teams observe suspicious/attack traffic and re-route the bad traffic to a scrubbing center, and return the good/legitimate traffic to its intended target. There’s often a lengthy delay between detection of the attack and when the actual remediation efforts begin. This approach is resource-intensive and expensive because it costs a lot of personnel time to monitor traffic 24/7.
- It's Automated. Any solution that depends heavily on human IT security staff is fallible; humans cannot possibly observe or catch every DDoS attack, because often the attacks are short in duration and small in volume.
- It Works in a Granular Way. Look for a solution that automatically blocks only the bad traffic, and allows good traffic to pass through, using granular, closed-loop detecting and blocking filters. These rules should leverage heuristic and closed-loop policy, allowing for rapid creation and deployment, thereby providing you with the ability to respond rapidly to the evolving nature of sophisticated DDoS attacks.
- It Provides Visual Results. Comprehensive security visibility into an organization’s network activity is essential, not only to quickly combat DDoS threats but also to enable compliance reporting and forensic analysis of past threats.
Companies can purchase an on-premises solution, or deploy a hybrid combination of an on- premises appliance and a scrubbing center. In addition, there is a third option; enterprises can get protection from their hosting provider or Internet service provider, because nowadays more and more Internet service providers offer DDoS Protection as a Service (DDPaaS), which simplifies life for enterprise IT security teams. It’s like outsourcing your DDoS protection; the ISP guarantees that you get clean traffic delivered to your network.
For more information, contact us.