Distributed denial-of-service attacks (DDoS) are industrial-strength sabotage of corporate websites to render them unavailable. They are "distributed" in the sense that multiple hosts are uniting in the attack. Oftentimes, the hosts consist of botnets summoned to attack the target website. There are various motives and methods.
Some attackers are blackmailers who attack first and then demand a sum of money to stop the attack. Sometimes blackmailers warn the victim prior to an attack that, in exchange for payment, they can avert a scheduled attack. Some hacking groups then follow up with any victim who pays to avoid an attack and offer to attack one of the victim's competitors for a fee, which brings us to a different DDoS attack motivation: competition. If a company can rain DDoS misery down on a competitor's online presence, it costs the victim the eCommerce lost during the attack and damages public perception, which reduces traffic even after the attack is over.
Some DDoS attacks are not for financial or competitive reasons, but are to protest and register ideological disagreements. These activists, or hacktivists, often use DDoS as an act of electronic civil disobedience. Some hacktivists argue that DDoS should be a legal form of protest.
Whatever the motives, DDoS attacks barrage a website and its servers with nonstop requests using a variety of sophisticated techniques. Some attacks go after the network infrastructure. Some are protocol attacks that hurt the servers. Some attacks gun for the web application. Unless your IT department has the time to keep up with the latest DDoS mitigation procedures, it would probably make more sense to use a DDoS protection service such as Incapsula Enterprise, Radware Attack Mitigation System or Verisign DDoS Mitigation Service. Learn more by reading articles about DDoS protection.
Look for a DDoS prevention service that has some history mitigating denial of service attacks for customer infrastructures. Know when they began to prevent DDoS attacks for their clients and how many denial of service attacks have they successfully mitigated for their customers. In our review, we delve in some detail into many more ways to vet DDoS attack services. We address the following questions: How is the service set up and managed? What infrastructure and technologies does it offer? What kind of help and support does the service include?
Setup and Management
Setup options might include whether the service uses the Domain Name System or the Border Gateway Protocol. You should know how long it takes to implement protection. Some services take minutes to set up, and some take hours. If you have the in-house expertise and want to mitigate an attack as fast as possible, then it is also useful to understand whether there is a self-service option. Examples of management features are whether the service provides you with an online portal, whether you can conduct real-time monitoring and whether there are any customization options.
Infrastructure and Technologies
There is no mystery to determining which network infrastructures and technologies make one DDoS protection service better than another. If the provider also sells content delivery network services, there are synergies with DDoS mitigation and it is more likely that the provider has multiple scrubbing centers dispersed geographically. In terms of network capacity, the threshold of goodness begins at about 250Gbps. Less is not great. More is better.
There are many technologies to consider, depending on your specific organization. Do you want automatic triggering of protection, or would you like a human to decide each time? What level of control would you like your IT department to have? Would you feel safer with a provider that has an OWASP Top10 web application firewall? Do you need to maintain PCI compliance? Our review matrix lists many more important technologies in detail. We recommend that you consider one by one whether a prospective DDoS mitigation service supports them or not.
Help & Support
Denial-of-service attacks can be so emotionally gut wrenching to receive and technically tricky to throttle that you will need to give considerable attention to how a DDoS protection service provides help and support. If the security operations center is not live 24/7, what does that mean for your eCommerce operation? If you cannot contact support at any time, would that be acceptable? How would you like to be able to reach support? Is telephone okay? Would live chat be preferable? Your attackers will come at you at any hour, so your DDoS protection service should always be there for you.
There are armies of bad guys plotting to bring your website to a standstill. Whether they are competitors, blackmailers or hacktivists, they will attempt to breach your network, compromise your server or decapitate your web application. You could install some appliances, attempt to over-provision your network and train your IT staff to respond to DDoS attacks. Or you could enlist the services of cloud-based DDoS mitigation providers that maintain the network capacity to give you always-on service with automatic detection and triggering of DDoS protection. DDoS protection services divert malicious traffic before it ever gets to you.
At TopTenREVIEWS We Do the Research So You Don't Have To.™