The cyber industry offers a plenitude of DDoS mitigation solutions. Competition may be misleading as providers highlight terms such as mitigation capacity, layered protections or time-to-mitigate.
DDoS Mitigation Strategies in a Nutshell
There are several options from which you can choose a DDoS mitigation strategy.
1) On Premises DDoS Appliance
A DDoS detection and mitigation device installed in front of the firewall in your data center. It offers immediate mitigation of all types of attacks, including SSL attacks, but offers limited protection against volumetric attacks that saturate your internet pipe.
2) Always-On Cloud DDoS Protection Service
A cloud service wherein your traffic is constantly routed through the provider’s scrubbing center for attack detection and mitigation.
3) On-Demand Cloud DDoS Protection Service
A cloud service that kicks in only when you are under attack by diverting your traffic to the providers’ scrubbing center.
4) Hybrid DDoS Protection Solution
This is the best of both worlds: an on-premises device that integrates with a cloud mitigation service (can be on-demand or always-on cloud service).
How to Choose a DDoS Mitigation Plan?
There are a few guidelines that can help simplify your selection process, simply by asking the following questions:
1) Can you afford a few minutes of downtime when under DDoS attack?
If the answer is YES, then go for the On-Demand Cloud DDoS Protection Service. This is the lowest cost solution and offers effective mitigation against DDoS attacks. The payoff is extended time-to-mitigate of several minutes which is driven by the need to re-route your traffic to the provider’s scrubbing center.
If the answer is NO, then select the Always-On Cloud DDoS Protection Service. This option provides immediate mitigation (within seconds) of DDoS attacks.
2) Do you process HTTPS traffic extensively?
If YES, then you need the Hybrid DDoS Protection solution, where the on-premises device mitigates HTTPS attacks and the cloud service mitigates volumetric attacks.
3) Are you frequently attacked?
If YES, then you need an Always-On Cloud DDoS Protection Service. An On-Demand service may overwhelm your network with extensive diversions of your traffic.
There are several flavours from which to choose when selecting an effective DDoS mitigation strategy. Most enterprises opt for one of the cloud protection flavours (always-on or on-demand). Financial service providers, health care or utilities typically go with hybrid solutions, due to the nature of their business: they require utmost application availability and process SSL traffic extensively.
The author is Vice President & Managing Director – India , SAARC , Middle East & GSI at Radware. Views are personal.