Ensuring Your DDoS Solutions Stays Cost-Effective Despite the Ever-Evolving Business Environment
One thing is certain about the Cyber landscape: it never rests! The Cyber landscape is constantly evolving and changing and with it also cyber security. The digital transformation that has swept the world since a few years ago, but mainly during COVID-19, has transformed many of the services and products that we consume to be digitally based (e.g., online) as opposed to physical (being served by a human being) or phone-based. While digital transformation has its obvious merits, it also increases the exposure to cyber-attacks, both for businesses as well as for individuals. Attackers never rest. They come up with new attack vectors and methods. The good thing is that cyber-security vendors do not rest as well. We come up with innovative ways to counter new and evolving attacks. The question that you should ask yourself, as a business owner, is “Am I never resting? Am I always up to speed with the latest updated solutions to protect me from cyber-attacks harming my business?” But most important, are you doing so cost-effectively?
In this blog post, we will highlight key points to help you select a DDoS solution that allows your business to grow and scale while staying cost-effective.
Starting small while ensuring cost-effective scale
Being cost-effective is obviously about purchasing and deploying exactly what you need to protect your business. Not less, and not more. But what happens when your business grows? Is your DDoS solution flexible enough to allow cost-effective business growth?
Here are a few examples:
Business growth: A small business starts with 2 DDoS mitigation devices (active-standby), managed by a single management (SOC operations) solution, able to protect against DDoS attacks of up to 5Gb. 12 to 18 months later, your business grows substantially, coupled with an exponential growth of digital services that you provide to your clients. You then realize that you need to increase your DDoS protection coverage by as much as 3-4 times. You need to ask yourself – is my initial solution capable of simply adding 4-5 more identical DDoS mitigation devices? Will my management & orchestration system be able to cope with the additional flex of telemetry data? Or will my vendor tell me that I need to replace my management system or increase HW capacity, which will lead to increasing my solution’s overall cost for no good reason.
New attack vectors: What happens if a new attack vector is becoming more popular with attackers (say – DNS or TLS attacks or new malicious IPs)? Is my vendor capable of effectively mitigating these new vectors? And how will I consume these new protections? Via a SW upgrade? A mere change of license? Or should I replace my underlying HW (mitigation devices and/or management devices)?
The two examples above emphasize the importance of selecting a DDoS solution that will allow us the most cost-effective growth and scale even if we are not fundamentally changing our deployment architecture.
Cost-effectively changing deployment mode – Inline to out-of-path
This section discusses business growth that mandates a change in the DDoS solution deployment architecture to stay cost-effective.
Let us assume that you are a small to medium sized service provider, with 6 active edge routers. You decide to protect your business against DDoS attacks by deploying 6 pairs of DDoS detection / mitigation devices in inline mode. Time goes by and your business successfully grows. You now own some 20 edge routers. You need to protect all of them from DDoS attacks. However – your analysis shows that merely increasing the number of DDoS mitigation devices by 14 additional pairs is going to be overly expensive for you. Just the mere cost of adding 14 pairs of DDoS devices is too expensive, not even considering the cost of overall management, maintenance and staff increase. You ask yourself: “is there another way, far more cost-effective for me to provide proper DDoS protection to my growing business?”
As it happens – there is such an option, and it is called “out of path” or OOP. OOP means that instead of deploying a DDoS device next to each of your edge routers, you now deploy a group of far fewer devices in a central location in your network. In addition, you rely on a piece of SW that consumes NetFlow statistics from each of the relevant routers as well as on a central automation & orchestration SW that receives all of the NetFlow indications, decides if there is an ongoing attack, which one, where (which router / segment), on what (destinations, applications) and, as a result, decides, real-time, which DDoS mitigation device to activate to effectively block the DDoS attack.
Switching from an inline to an OOP deployment architecture can literally save your DDoS protection strategy as it allows you to continue staying cost-effective even when your business grows.
There are critical questions that you should ask yourself before selecting a DDoS vendor when you know or assume that you may have to switch from inline to OOP at some point in time:
- Is my vendor proposing at all OOP solutions? If not, the cost of transitioning from one vendor to another can be overwhelming.
- What is the level of automation & orchestration that my vendor offers in his OOP solution? OOP DDoS solutions require, by nature, a great level of dynamic changes during the lifecycle of an attack. The last thing you want is to be forced to apply those changes manually. This means more headcount (handling the changes) and more exposure to human errors – all resulting in far less cost-effective business.
- Is transitioning from inline to OOP mandates a change of the mitigation devices (HW) or a change of the management solutions (SW)? (adding, “throwing”, replacing)? Or is it simply a change of license or SW upgrade? Obviously, any HW or SW that is added, thrown, or replaced is a step back from being cost-effective.
Expanding your DDoS solution to the cloud
Let’s assume that your organization deploys an on-premise DDoS solution and that this solution can definitely mitigate the level of DDoS attacks your organization suffered from in the past. Six to 12 months go by, and suddenly you start seeing a steep rise in the number of attacks and the size of the attacks your organization is suffering from. Your current, on-premise, DDoS solution cannot mitigate the overall volume of these attacks. A quick analysis of the overall additional spending that you will have to do to deal with the new volume of attacks has proven to be beyond your current budget. As an alternative, you consider expending your DDoS solution to the cloud by licensing “over the top” DDoS cloud services from your DDoS vendor. There are a few questions that you should ask yourself (well…should have asked yourself initially):
- Does my DDoS vendor offer cloud expansion services at all? If not, then the cost of complementing your DDoS solution with perpetual, self-owned complementary equipment can be overly expensive for you. Alternatively, switching to another DDoS vendor who does offer complementary cloud services, can be equally as expensive.
- Even if my vendor does offer DDoS cloud services – what is required to onboard these services? Does it mean that I must replace some or all my on-prem equipment? Buy more on-prem equipment?
- In some cases, vendors who offer cloud complementary DDoS services offer this through partnering with a 3rd party cloud DDoS provider. You should ask yourself then if your original DDoS provider is still your prime and only contact for all things DDoS related, or do you have to onboard and manage an additional vendor?
All the above has direct implications on the overall cost of expanding your DDoS solutions to the cloud as well.
Expanding your business to protect others – becoming an MSSP
As a service provider or a large enterprise, you often find that there is a business need and a justification to protect your tenants against DDoS attacks. It means that you are becoming an MSSP (managed security service provider). But such an ability requires dedicated systems that allow complete separation between your own and tenant assets and between each tenant’s assets. It also requires the ability to grant your tenants control of their own assets and actions but with limitations to ensure they do not harm the overall system. The above are just a few of the requirements and considerations of becoming an MSSP. The questions that you should ask yourself, from a cost-effectiveness perspective, are:
- Does my current (or intended) vendor offer such MSSP capabilities for me to add at any given point in time? If not – this may force you to completely change your DDoS vendor and end up in a non-cost-effective overall business.
- Is the MSSP solution that my DDoS vendor offers require heavy lifting in the form of adding substantial HW? Different SW modules? Reeducation of my DDoS staff? Or is it only a SW upgrade or merely the addition of a license and “magic…” the MSSP option is added?
- What is the overall cost of purchasing (adding) and maintaining the MSSP portion and is that economically viable Vs. the projected revenue? At Radware, we think that it is our responsibility to also ensure that we provide you with solutions that allow you to scale to meet your customer’s needs profitably.
About Radware’s DDoS solutions
Radware is a world leading DDoS solutions provider with over 20 years of hands-on practical experience in developing, selling, and deploying DDoS solutions to hundreds and thousands of customers world-wide. Many of the fortune-500 organizations as well as other large service-providers and enterprises are customers of Radware’s DDoS solutions.
Radware’s DDoS solutions support a flexible array of capabilities and deployment modes ranging from “inline” to OOP, to cloud and hybrid-cloud deployments. Radware’s DDoS solutions offer extensive, second to none, automation & orchestration capabilities that save time and money and increase reliability. Radware also offers state-of-the-art MSSP solutions for service providers and large enterprises.
To learn more about how Radware can help your organization, reach out to us at www.radware.com.
