Three things you should know about DoS/DDoS attacks, performance, and the bottom line


When Strangeloop was acquired by Radware last year, one of the most exciting aspects of the acquisition, for me, was having the opportunity to learn more about security — and specifically how security intersects with performance — from some of the most knowledgeable people in the world.

Last week, we released our annual Global Application & Network Security Report, which I read with a huge amount of interest because it reveals some great new insights that are directly relevant to the performance community.

1. DoS/DDoS attacks are often incorrectly associated only with service outage.

Whether it’s a public website or an internal web-based application, most of us believe that a successful DoS/DDoS attack results in a service outage. However, our Security Industry Survey (conducted with 198 respondents within a wide variety of global companies, most of which were not Radware customers) uncovered that the biggest impact of DoS/DDoS attacks in 2013 was service level degradation, which in most cases is felt as service slowness.

2. Service degradation is felt more than twice as much as outages.

87% of respondents to our surveys stated that they experience service level issues during security attacks – 60% encountered service degradation, while 27% experienced outages.

DoS / DDoS attacks: outage vs. performance degradation

A service outage is obviously bad, but is it the worst? Research elsewhere suggests that it’s not.

3. Slowdowns can hurt much more than outages.

Eventually, every website fails. If it’s a household-name site, like Amazon, then news of that failure gets around faster than a rocket full of monkeys. That’s because downtime hurts. A lot. As a for-instance, Amazon’s 40-minute outage last August allegedly cost the company as much as $5 million in lost sales. That’s a big  number, and everybody loves big numbers. But when it comes to performance-related losses, is it the biggest number?

Moving away from our research for a second, I want to cite a fascinating study by TRAC Research. According to their survey of 300 businesses, respondents reported three very interesting things:

  • Average revenue losses of $21,000 per hour of downtime.
  • Average revenue losses of $4,100 per hour of performance slowdown.
  • Website slowdowns occur 10 times more frequently than website outages.

In other words, website slowdowns, over time, can have double the negative impact on an organization’s revenues as outages.

And let’s not forget the impact on customer retention:

Or to put it another way: The permanent abandonment rate for a slow site is more than three times greater than the abandonment rate for a site that is down.


Companies are increasingly alert to the fact that security attacks are a greater financial threat on the performance degradation front than on the outage front. While outages cost more per minute, slowdowns take up ten times more time and can ultimately cost more. An outage is like getting a blowout on the highway. Performance slowdowns are like suffering a slow, quiet leak. Either way, you end up with a flat tire.

DOWNLOAD: 2013 Global Application and Network Security Report

Related posts:


Please enter your comment!
Please enter your name here