A definitive trend in the cyber-security market is the movement towards “hybrid” DDoS protection solutions. In Radware’s 2014-2015 Global Network & Application Security Report, we can see that many information security practitioners have either already implemented hybrid technologies (36% of survey respondents), or plan to by the end of 2015 (48%). Hybrid DDoS protection solutions are defined as those using a combination of on-premise detection and mitigation technology along with cloud-based scrubbing services to handle volumetric attacks.
Why the need for the cloud-based resources? It’s quite simple, really. When a volumetric network attack hits a network, it often reaches a size that exceeds the inbound link capacity of the data center hosting the targeted applications. When this occurs, even the on-premise mitigation devices are unable to filter malicious traffic and pass through legitimate traffic. The Internet pipe just isn’t large enough to handle the volume of malicious traffic. In the same Radware report, respondents for the first time identified Internet pipe saturation as the #1 failure point within the network resulting from attacks.
Why not rely solely on the cloud-based scrubbing resources? This is not an effective strategy, even though volumetric network attacks are increasing, because sophisticated non-volumetric application attacks still constitute roughly half of attacks. These attacks do not flood the network with traffic, and as a result they generally evade detection mechanisms that are looking for an increase in certain traffic. This is where the on-premise mitigation is critical for effectively blocking attacks that won’t saturate the Internet pipe, but can exhaust more specific resource capabilities deeper within the network or application infrastructure.
The research firm IDC recently added some additional momentum behind the hybrid DDoS movement through their new report entitled “Optimizing DDoS Mitigation Using Hybrid Approaches.” The report goes into great detail on the benefits of hybrid DDoS protection solutions, and in particular, discusses the benefits of getting hybrid DDoS solutions from a single vendor. Most importantly, a single vendor solution will ensure consistency across the technology used for on-premise and cloud mitigation which, in turn, can speed up attack protection as the cloud-based resources take on the attack.
Organizations exploring their options for DDoS and other cyber-security attack protection would do well to follow the lead of their peers and the advice of leading industry analysts by looking closely at hybrid DDoS protection solutions.