Keep It Simple: Choosing the Right DDoS Mitigation Strategy

1
2781

The cyber industry offers a plenitude of DDoS mitigation solutions. Competition may be misleading as providers highlight terms such as mitigation capacity, layered protections or time-to-mitigate.

Let me simplify your decision flow.

DDoS Mitigation Strategies in a Nutshell

There are several options from which you can choose a DDoS mitigation strategy. Let me first explain them briefly:

On Premises DDoS Appliance: A DDoS detection and mitigation device installed in front of the firewall in your data center. It offers immediate mitigation of all types of attacks, including SSL attacks, but offers limited protection against volumetric attacks that saturate your internet pipe.

Always-On Cloud DDoS Protection Service: A cloud service wherein your traffic is constantly routed through the provider’s scrubbing center for attack detection and mitigation.

[You may also like: Designing DDoS Mitigation Solutions for Simplicity & Speed]

On-Demand Cloud DDoS Protection Service: A cloud service that kicks in only when you are under attack by diverting your traffic to the providers’ scrubbing center.

Hybrid DDoS Protection Solution: This is the best of both worlds: an on-premises device that integrates with a cloud mitigation service (can be on-demand or always-on cloud service).

Now How Do I Choose My DDoS Mitigation Plan?

There are a few guidelines that can help simplify your selection process. Ask the following questions:

Can you afford a few minutes of downtime when under DDoS attack?

  • If the answer is YES, then go for the On-Demand Cloud DDoS Protection Service. This is the lowest cost solution and offers effective mitigation against DDoS attacks. The payoff is extended time-to-mitigate of several minutes which is driven by the need to re-route your traffic to the provider’s scrubbing center.
  • If the answer is NO, then select the Always-On Cloud DDoS Protection Service. This option provides immediate mitigation (within seconds) of DDoS attacks.

Do you process HTTPS traffic extensively?

  • If YES, then you need the Hybrid DDoS Protection solution, where the on-premises device mitigates HTTPS attacks and the cloud service mitigates volumetric attacks.

Are you frequently attacked?

  • If YES, then you need an Always-On Cloud DDoS Protection Service. An On-Demand service may overwhelm your network with extensive diversions of your traffic.

There are several flavors from which to choose when selecting an effective DDoS mitigation strategy. Most enterprises opt for one of the cloud protection flavors (always-on or on-demand). Financial service providers, health care or utilities typically go with hybrid solutions, due to the nature of their business: they require utmost application availability and process SSL traffic extensively.

Read Radware’s “2019-2020 Global Application & Network Security Report” to learn more.

Download Now

1 COMMENT

LEAVE A REPLY

Please enter your comment!
Please enter your name here