Keep It Simple: Choosing the Right DDoS Mitigation Strategy

The cyber industry offers a plenitude of DDoS mitigation solutions. Competition may be misleading as providers highlight terms such as mitigation capacity, layered protections or time-to-mitigate.

Let me simplify your decision flow.

DDoS Mitigation Strategies in a Nutshell

There are several options from which you can choose a DDoS mitigation strategy. Let me first explain them briefly:

On Premises DDoS Appliance: A DDoS detection and mitigation device installed in front of the firewall in your data center. It offers immediate mitigation of all types of attacks, including SSL attacks, but offers limited protection against volumetric attacks that saturate your internet pipe.

Always-On Cloud DDoS Protection Service: A cloud service wherein your traffic is constantly routed through the provider’s scrubbing center for attack detection and mitigation.

[You may also like: Designing DDoS Mitigation Solutions for Simplicity & Speed]

On-Demand Cloud DDoS Protection Service: A cloud service that kicks in only when you are under attack by diverting your traffic to the providers’ scrubbing center.

Hybrid DDoS Protection Solution: This is the best of both worlds: an on-premises device that integrates with a cloud mitigation service (can be on-demand or always-on cloud service).

Now How Do I Choose My DDoS Mitigation Plan?

There are a few guidelines that can help simplify your selection process. Ask the following questions:

Can you afford a few minutes of downtime when under DDoS attack?

  • If the answer is YES, then go for the On-Demand Cloud DDoS Protection Service. This is the lowest cost solution and offers effective mitigation against DDoS attacks. The payoff is extended time-to-mitigate of several minutes which is driven by the need to re-route your traffic to the provider’s scrubbing center.
  • If the answer is NO, then select the Always-On Cloud DDoS Protection Service. This option provides immediate mitigation (within seconds) of DDoS attacks.

Do you process HTTPS traffic extensively?

  • If YES, then you need the Hybrid DDoS Protection solution, where the on-premises device mitigates HTTPS attacks and the cloud service mitigates volumetric attacks.

Are you frequently attacked?

  • If YES, then you need an Always-On Cloud DDoS Protection Service. An On-Demand service may overwhelm your network with extensive diversions of your traffic.

There are several flavors from which to choose when selecting an effective DDoS mitigation strategy. Most enterprises opt for one of the cloud protection flavors (always-on or on-demand). Financial service providers, health care or utilities typically go with hybrid solutions, due to the nature of their business: they require utmost application availability and process SSL traffic extensively.

Read Radware’s “2019-2020 Global Application & Network Security Report” to learn more.

Download Now

Ron Meyran

Ron Meyran leads the marketing activities, partner strategy and Go-to-Market plans for Radware’s alliance and application partners. He also works to develop joint solutions that add value proposition and help drive sales initiatives – designed to increase visibility and lead generation. Mr. Meyran is a security and SDN industry expert who represents Radware at various industry events and training sessions. His thought leadership and opinion pieces have been widely published in leading IT & security industry magazines and he holds a B.Sc. degree in Electrical Engineering from Ben-Gurion University and a MBA from Tel Aviv University.

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program


An Online Encyclopedia Of Cyberattack and Cybersecurity Terms

What is WAF?
What is DDoS?
Bot Detection
ARP Spoofing

Get Social

Connect with experts and join the conversation about Radware technologies.

Security Research Center