Key Criteria for Evaluating Distributed Denial of Service Protection Solutionsv2.0

1. Summary

Although ransomware is making all the headlines today, it’s not the only kind of attack that businesses should arm themselves against. Distributed denial of service (DDoS) attacks, in which a target website or application is overwhelmed with spurious traffic, have become increasingly common and are growing in size.

Websites and online applications are critical to the way businesses communicate with their customers and partners. If those websites and applications are not available, there’s a dollars and cents cost to the business, both directly in lost transactions and indirectly through loss of reputation. The attackers’ motivations don’t matter to the users of the website—whether the attacker has a political point to make, wants to hurt the business financially, or is motivated by ego—if the website is unavailable, users are not happy.

A DDoS protection platform must inspect all of the traffic destined for a protected site or application and discard or absorb hostile traffic while allowing legitimate traffic to reach the site.

Often, an attack simply aims vast amounts of network traffic at the operating system under the application. These “volumetric” attacks usually occur at network Layer 3 or 4 and originate from compromised computers called bots. Recent DDoS attacks have used thousands of compromised computers, and they can involve hundreds of gigabits per second of attack bandwidth. The largest DDoS attack to date peaked at 2.3 terabits per second.

Few companies have enough internet bandwidth to mitigate an attack of this magnitude on-premises, so DDoS protection needs to be distributed to multiple data centers around the world to be effective. The sheer scale of infrastructure required means that most DDoS platforms are multitenant cloud services.

Other attacks target the application itself, at Layer 7, with either a barrage of legitimate requests or with requests carefully crafted to exploit faults in the site. These Layer 7 attacks look superficially like real requests and require careful analysis to separate them from legitimate traffic.

Attackers don’t stand still. As DDoS protection platforms learn to protect against one attack method, attackers will find a new way to take down a website. So DDoS protection vendors can’t stand still either. Using information gathered from all of their protected sites, vendors are able to develop new techniques to protect their clients.

This GigaOm Key Criteria report details the criteria and evaluation metrics for selecting an effective DDoS protection platform. The companion GigaOm Radar report identifies vendors and products that excel in those criteria and metrics. Together, these reports provide an overview of the category and its underlying technology, identify leading DDoS protection offerings, and help decision-makers evaluate these solutions and decide where to invest.