figures
Blog

How To Evaluate & Choose Your DDoS Protection and Mitigation Solution

Admin Globaldots
03.12.2014
image 4 Min read

The impact of DDoS attacks is much more than meets the eye. Not only can these attacks inflict huge economic losses, they can also have a serious impact on the reputation and image of the victimized company or organization. Research has shown that it takes at least 10 hours before a company can begin to resolve an attack, while it takes 4.5. hours on average before the attack even gets detected and an additional 4.9 hours before mitigation can begin. The average cost of an attack like that is $100,000 per hour, meaning that a DDoS attack can cost 1$ million before an Internet-reliant firm even starts to mitigate the attack.

A survey of North American companies operating across all verticals found that 60 percent experienced a DDoS attack during 2013—a big jump from only 35 percent the year before. 37% of the firms surveyed have reported costs of $5000-$20,000 per hour. In order to protect your company, you need a mitigation protection in place, to keep both your brand reputation and IT infrastructure out of harm’s way. Any web solution must fit the business requirements.

DDOS

Image source

Defending against DoS attacks occurring at the network layer requires a network architecture that can absorb large blasts of traffic and that filters all traffic so that only web traffic is permitted onto the network. Every business is different and requires a different approach. These are the key questions to ask when it comes to choosing a DDoS mitigation solution:

  1. Does it offer positive proteciton?
    Many DDoS attacks at the network level can be stopped by only allowing legitimate HTTP traffic onto the network. The solution should drop all other non-application traffic or UDP packets without application payloads.
  2. Does the solution absorb all attack traffic?
    Not all attacks target web applications or services. Attacks sometimes attempt to sneak in throught FTP or non-web ports; look for a solution taht can evaluate all of your traffic in order to protect the site more effectively.
  3. Is the solution always on?
    Security controls only protect your website or application if they are up and running. You need to determine the availability level promised by the solution and how it’s delivered. Does the solution provider guarantee availability with a service level agreement?
  4. Does the solution deliver scalable bandwidth to handle the volume of the attack?
    A variety DDoS attack might produce the amount of traffic a site normally receives in two years. To keep the site available, the solution needs to handle all that traffic. Many cloud service providers give you access to the extra bandwidth you need to absorb an attack when you need it. Ask the provider what peak flows it can accommodate.
  5. Does the solution stop attacks before they reach your data center?
    Cloud solutions are designed to stop an attack before it ever reaches your data center. This means you need not be concerned about DDoS attacks impacting your data center. On-premises devices protect you once the attack reaches the device, which means the attack will invade your data center.
  6. Does the solution impact performance?
    Ecommerce and media streaming applications demand excellent performance. The more traffic and the more attack types, the more rules you need and the more hardware is necessary; look for a solution that’s architected for both performance and security.Arbor_infographic_LTE

    Image source

  7. What is the total cost of ownership?
    Many security managers look at the price of a solution but not the total cost of ownership. consider the cost of the device, the cost of the redundand systems needed, and the expence of data breach compared with the effectiveness of the solution.

Traditional solutions on which many companies have relied oversize the bandwidth and adopt complex hardware such as firewalls and load balancers. This approach is considered by many experts costly and in many cases ineffective that’s why companies are choosing the cloud-based DDoS protection and direct management of DNS services optimize the response to malicious event. Another advantage of this choice is the sensible reduction of investment in equipment and infrastructure and of course the reduction of the costs of management typical of hardware solutions.

Cloud-based services live outside of a company’s data center in order to secure traffic before it reaches company infrastructure. There are two primary types of Cloud-based anti-DoS/DDoS services: those that route suspicious traffic to a centralized location where malicious traffic is filtered out, and Website Protection Services that utilize CDN to absorb and inspect malicious traffic across a distributed network of servers to shield company websites and applications.

The increase of the number and magnitude of DDoS attacks is stressing the need to adopt proper countermeasures and implement mitigation techniques. DDoS detection is a critical phase of the mitigation process, the prompt response of defense systems could limit the damage and in some cases neutralize the threat.

blog-banner-ddos

Comments

0 comments

There’s more to see

slider item
Your Innovation Feed

eBook: Don’t Fortify, Amplify: The New Cloud Security Stack

Steven Puddephatt 25.11.21

2021’s Security leaders deal with everything from cloud-native insider threats to staying one step ahead of the unknown. While the cloud is made to amplify and speed up core business processes, the pressure to fortify cloud-borne assets from possible cyber threats painfully slows things down.  GlobalDots harnessed its 17-year cloud security experience to rethink cloud […]

Read more
slider item
Identity & Access Management (IAM)

How IT can Breeze through Onboardings without Additional Hirings

Dror Arie

Which IT Nuisance Would You Automate First? Employee onboarding is one of the heaviest, most complex operations on a company’s IT. This is especially true in fast-growing companies that may see multiple onboardings per day. And, of course, the wider a company’s software tools array, the more accounts to create and permissions to manage. In […]

Read more
slider item
Cloud Workload Protection

GlobalDots Partners with CWP Innovator Lacework

Li-Or Amir 23.11.21

In its constant endeavor to enrich its cloud security offering with the latest innovation, GlobalDots has recently introduced security unicorn Lacework to its vendor portfolio. Founded in 2015, Lacework offers a cloud security monitoring platform which brings together some of today’s top needs: Workload protection, container & K8s security, compliance monitoring. Last weekend (Nov. 18th, […]

Read more

Unlock Your Cloud Potential

Schedule a call with our experts. Discover new technology and get recommendations to improve your performance.
Contact us
figure figure figure figure figure