If your organization is discussing the benefits of DDoS protection devices over DDoS debugging services, the following is a brief description of the key differences between these types of managed ddos services.
Before we begin, here is some basic information. Until now, organizations only had two options to handle DDoS attacks. It is a black hole or scrub. Blackholing requires an operator or ISP to block the IP address of a DDoS victim so that all traffic destined for that IP address is removed by upstream peers. This protected everyone else in the operator's infrastructure, but the victim was completely closed. In fact, this represents a complete denial of service and is not a true mitigation.
Another traditional method is cloud-based laundering that uses a separate DDoS traffic cleanup engine. The solution starts with a perimeter router that monitors the flow of the Internet to your website for anomalies. These can take the form of increased connections or bandwidth usage. Once an attack traffic explosion has been identified, a human analyst will most likely visit the site to determine if intervention is required.
Disadvantages of cloud-based DDoS cleanup:
It can be expensive. If the analyst decides to enable response, traffic is generally redirected to the scrubbing center. Typically, they are hosted in the cloud, capturing DDoS streams, removing as much enemy traffic as possible, and getting clients up and running again. The cost associated with this approach is substantial, as human intervention is required at existing out-of-band scrub centers. By switching to the cloud at each instance of a subsaturation, the short-term DDoS attack can metaphorically "break".
Companies typically pay a monthly fee for on-demand cleaning service and then an additional fee for cleaning service as needed. This can lead to unpredictable and costly DDoS attack budgets, depending on the volume of DDoS attacks. Businesses can buy "always on" cloud services, but that approach tends to be too costly for most corporate IT budgets.
Human intervention is not very effective. Human intervention adds delay to the remediation process. The average time from detection to mitigation at the scrubbing center is 30 minutes. Even the best-equipped organizations can't get it in less than 15 minutes. Additionally, companies that do not have the resources of large companies can take days to complete the mitigation work. In an always-on world where downtime is an issue, this can have serious consequences.
Another problem is if IT security personnel are aware of DDoS attacks. Corero's study found a low threshold increase, short duration, multiple vectors and very effective fast DDoS attacks. Such attacks are generally "under the radar" of traditional scrubbing solutions. Therefore, by the time the clean-on-demand defense is in place, the damage has already occurred and it is too late to repair it.
Traditional cleaning does not support multi-layered attacks. Attackers increasingly implement techniques to outline the defensive nature of security defenses on the target network, and then take advantage of these techniques to create a second or third design designed to circumvent an organization's layered protection strategy. Implement the attack. To counter these advanced attacks, you need detailed analytics capabilities to customize your detection filters and immediately block attacks.
The ideal solution is an on-site DDoS protection device, such as Corero's SmartWall® threat defense system, which can be combined with the wash-on-demand solution if desired. Corero's SmartWall has a software-defined online architecture that provides automatic threat detection and online mitigation. Detects and clears traffic that passes through the system in milliseconds. Eliminates the need to manually analyze events and redirects all traffic to redirect and clean it before returning to the network. Also, unlike a hosted janitorial center, the device itself cannot be "DDoS enabled."
Advantages Of The DDoS Protection Device:
- Online detection and blocking, in real time, 365/24/7
- No waiting / no delay. Immediate relief
- Precisely and precisely remove all types of DDoS threats
- Programmable filters targeting zero-day attacks and multiple vectors
- 10GB expansion capacity to required level
- Unmatched analysis and visibility of DDoS events.
- As DDoS attacks are clearly becoming
As DDoS attacks are clearly becoming more common and growing in volume, IT security professionals must address DDoS threats and determine the best solution for their organization. The solution depends on total cost of ownership, security effectiveness, and performance.