Benefits of DDoS Protection from Your ISP or Hosting Provider
Every organization that relies on Internet-facing applications and services to conduct its business should now also have specific protection against distributed denial of service (DDoS) attacks. While it is true that some industries or organizations are more likely to be the target of a DDoS attack, nearly any organization can be targeted today, because cybercriminals are increasingly indiscriminate about who they attack.
Because there are many DDoS protection solutions to choose from, ranging from cloud to on-premises, and hybrid combinations of both, the process of vetting the various options can be daunting, time-consuming, and fraught with error. Your organization’s IT and business management teams need expertise and alignment to make those decisions. Plus, hiring and retaining experienced IT security staff is increasingly challenging and expensive.
For the above reasons, often the most sensible and cost-efficient approach for an organization is to purchase DDoS Protection as a Service (DDPaaS) from their hosting and/or Internet Service Provider (ISP). DDPaaS simplifies life for enterprise IT teams because it completely outsources your DDoS protection, with the ISP guaranteeing that you get only clean traffic delivered to your network. Increasingly, hosting and service providers are offering DDoS protection as a service, for an additional service fee. So, look for a provider that has DDoS protection as part of their overall managed service offerings and ask whether that service also provides insight into the attempted attacks so you can conduct forensic analysis.
Choose Your ISP and Hosting Provider Carefully
When choosing a hosting provider or ISP, organizations should at least be sure that it has effective DDoS mitigation for its own network – otherwise, attacks against that provider’s other customers could still cause collateral damage. ISPs and hosting providers are more often subjected to cyberattacks because of the large number of end-user organizations they serve. An attack on them has a trickle-down effect on their customers; when a DDoS attack strikes a cloud service provider’s data center, it may be aimed at a particular tenant, but it basically pollutes or chokes the service provider’s funnel, and your organization (and other tenants sharing that cloud) could suffer collateral damage. Do your homework and ask the provider if they have a dedicated, always-on DDoS protection service so that only clean traffic enters their network and data centers.
Providers are in the best position to block DDoS traffic because they can filter it out closer to the source and at a much larger scale, avoiding the need to blackhole attacks, or divert them to a third-party cloud for scrubbing. For many organizations, DDoS protection as a service makes a lot of sense in terms of budget and value.
For over a decade, Corero has been providing state-of-the-art, highly-effective, real-time automatic DDoS protection solutions for enterprise, hosting and service provider customers around the world. Our SmartWall® DDoS mitigation solutions protect on-premise, cloud, virtual and hybrid environments. For more on Corero’s diverse deployment models, click here. If you’d like to learn more, please contact us.
Sean Newman is VP Product Management for Corero Network Security. Sean has worked in the security and networking industry for twenty years, with previous roles including network security Global Product Manager for Cisco, who he joined as part of their acquisition of cyber-security vendor Sourcefire, where he was Security Evangelist and Field Product Manager for EMEA. Prior to that he was Senior Product Manager for endpoint and network security vendor Sophos, after having spent more than 12 years as an Engineer, Engineering Manager and then Senior Product Manager for network infrastructure manufacturer 3Com.