One of the primary capabilities to consider when evaluating
DDoS mitigation services is time to mitigate. Specifically, how quickly can effective DDoS attack mitigation be enabled once a DDoS attack is detected? The immediacy of DDoS mitigation is important for one very obvious reason: downtime costs companies money and many modern attacks create immediate downtime when they hit. The faster a DDoS attack can be mitigated, the faster the site is back up and the less financial impact to the company.
Another reason DDoS mitigation immediacy is important is that an increasing number of DDoS attacks stay below the threshold of detection and exhaust very specific resources within a network. For these attacks, on-premise attack detection and DDoS attack mitigation solutions provide the best DDoS protection. Then when combined with cloud-based protection for large DDoS attacks, often called hybrid protection, companies have the ideal architecture to protect against sophisticated multi-vector attacks.
But not all hybrid DDoS mitigation solutions, both on-premise and cloud resources, are created equal in terms of time to mitigate capabilities. More advanced hybrid DDoS mitigation solutions feature Defense Messaging, a sharing of key information between the resources on-premise and in the cloud. Providing an automated exchange of information such as normal traffic patterns, attack traffic patterns, pipe saturation levels, and attack footprint, can significantly improve the efficiency of DDoS attack mitigation when traffic is rerouted to the cloud.
Another recent dynamic with cyber-security attacks is the combination of DDoS and non-DDoS attack vectors. While DDoS attacks tend to dominate the headlines, statistics show that they make up around 25% of attacks, but the combination of Cross-Site Scripting (XSS) and SQL injection together exceed this percentage. These types of attacks are typically mitigated using a
Web Application Firewall, which looks for attacks against application logic. For an added level of sophistication in DDoS attack mitigation, look for capabilities which enable defense messaging across DDoS protection devices, both on-premise and cloud, and web application firewall (WAF) technologies.
Be wary and thoroughly explore vendor claims of time to mitigate. Some vendors may quote statistics related to the time their product takes to initiate the first mitigation tactic, but might not include the time required to determine the ideal DDoS mitigation tactics for a given attack. This will vary by vendor, but should be considered when assessing time to mitigate capabilities.