Misconceptions about Hybrid DDoS Protection: It’s Costly and Complicated.

A common misconception that we see a lot in the marketplace is that hybrid DDoS protection, a combination of on premise and cloud DDoS protection, is prohibitively expensive and difficult to manage.

That’s simply not the case.

And it’s certainly not true for the segment of the market seeking “always-on” protection. Before getting too deep into the specifics, let’s reestablish some basic points about hybrid protection.

It’s essentially a unanimous decision on the part of industry analysts that hybrid protection provides the most complete DDoS solutions for protection from today’s complex cyber-attacks. Since Radware introduced the hybrid model in 2012, we have seen an endless wave of competitors implement their flavor of hybrid, some more true to the concept than others. We still maintain a significant lead on others in terms of delivering a single-vendor hybrid solution, but that’s a blog post for another day.

The major benefits of hybrid DDoS protection, detailed more fully in our recent eBook, include:

  • Full, always-on mitigation of ALL attack types; not limited to volumetric and/or what’s detected by Netflow
  • Avoids peace-time latency issues inherent in always-on cloud models
  • Avoids collateral damage risks of always-on cloud models
  • Eliminates burden on the customer for attack detection and traffic redirection
  • Speeds time to mitigate and effectiveness of mitigation when volumetric attacks are swung to the cloud

So, this assumption that hybrid solutions are expensive?

Certainly, providers of cloud-only solutions have a vested interest in promulgating this misperception. But in my experience it generally boils down to a lack of research on the part of the buyer. Obviously, the price point for various on premise products is going to vary significantly. That’s not only true when you’re talking vendor-to-vendor, but also model-to-model. Some on premise devices are made to handle extremely high traffic throughput and attack mitigation throughput, and are built largely for large network operators, carriers, etc. However, if you’re working with a provider that offers a wide range of on premise options and flexibility in terms of licensing for clean traffic models or attack models, a very reasonably priced on premise device that can deliver the above benefits is within reach for most.

Another concern often heard from prospects looking at different options is the management of the on premise component of the hybrid DDoS solution. A terrible misconception I’ve run into (including from some analysts) is that managing any on premise device requires someone on the security or network operations team to keep up with the highly dynamic and constantly evolving attack landscape. Again, the level of manual intervention required for effective protection from on premise devices varies from vendor-to-vendor. At Radware, we strongly encourage prospects to look deeply at the automation capabilities of the solutions they explore so they can see this wide variance first hand. It is an accurate statement by analysts that most operations teams will struggle to maintain the more manual solutions on the market. But the automation capabilities of many, such as Radware’s Real-Time Signature technology that provides automated protection from zero-day attacks, largely remove the management responsibilities for these devices.

And finally, for an increasing number of customers the best option is to go with a fully managed service to manage the on premise along with cloud-based elements of the hybrid solution. A growing number of vendors are introducing a fully managed service options around their DDoS solutions. Obviously, the cloud-based component is going to be a managed service. But the management of the on premise device is also an option, often at a price much more effective that putting a percentage of someone’s time against the management. When exploring the managed services options out there, prospects should carefully consider the depth of security and DDoS threat management experience held by the team doing the device management.

Download the “Cloud vs. On-Premise Security: Striking a Balance For Optimal Protection” E-Book

Ben Desjardins

Ben Desjardins drives the development of vertical and use-case specific solutions for Radware’s Security Product Portfolio. In this role, Ben focuses extensively on the competitive landscape for anti-DDoS, WAF and anti-scraping technologies. Ben has extensive experience across a wide array of security technologies and disciplines, including DDoS, DNS, SSL, Threat/Vulnerability Management, IAM and PCI-DSS and he brings nearly two decades of marketing management experience to his work at Radware, including over 12 years focused on the information security and cyber threat arenas. Additionally, Ben has led global go-to-market efforts across many industries including retail, Ecommerce, financial services, public sector and healthcare/life sciences.

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program


An Online Encyclopedia Of Cyberattack and Cybersecurity Terms

What is WAF?
What is DDoS?
Bot Detection
ARP Spoofing

Get Social

Connect with experts and join the conversation about Radware technologies.

Security Research Center