The must-haves for DDoS protection were, at one time, delightfully simple. A bit of scalability, some rudimentary traffic inspection capabilities, always-on deployment for higher-risk targets, bing bang boom you were protected.
However, the time when this was all a website or business needed to be shielded from the distributed denial of service attack threat was well over five years ago, otherwise known as a lifetime when it comes to the internet, yet a lot of DDoS protection has failed to keep pace. Attacks are bigger, more complex and more rapidly evolving than ever, and to stay protected websites and businesses need protection that is bigger, more complex and more rapidly evolving than ever.
Here are a few of the questions that will help clarify the DDoS and DDoS protection situation in 2018 and beyond.
Where do I start when it comes to choosing DDoS protection?
The more things change, the more they stay the same. As dangerous and evolved as the current DDoS landscape is, we’re still seeing the same two basic types of attacks: gigantic network-layer attacks, and sophisticated application attacks. What’s changed is the size, ingenuity, frequency and persistence of attacks, and those things have all increased dangerously, as have the associated damage costs. That’s not even mentioning the problem with encryption.
To begin with, look for cloud-based DDoS protection for infinite scalability and granular traffic analysis capabilities including deep packet inspection.
Let’s go back to the problem with encryption. What is it, and what can be done?
In terms of DDoS attacks, the problem with encryption is that attackers are better able to obscure attack traffic using it, hiding it amongst legitimate encrypted traffic and making it much harder to detect malicious activity.
As a result, any DDoS protection you would think about using needs to be able to quickly unencrypt, inspect, then re-encrypt all encrypted traffic to catch suspicious or malicious activity. Encryption is already a necessity for any website that accepts any kind of data from users, and it’s increasingly becoming a necessity for all websites. If you don’t already use encryption, you will soon, and your DDoS protection has to be equipped to handle it.
Do I only need DDoS protection on my website?
That depends. If all you need to protect is a website or web application, then yes, DDoS website protection should be sufficient. However, if you have any other network assets, underlying server infrastructure or backend business processes, you also need DDoS infrastructure protection because DDoS attacks have the power to take it all down, with consequences lasting much longer than your site’s downtime. Infrastructure protection isn’t a big scary thing that’s going to hugely increase your monthly bill; it’s a pretty standard inclusion in DDoS protection packages and a necessity for basically all businesses.
Let’s talk stats. What are the numbers a service needs to boast before I give them my money?
One of the first quantitative claims you’re going to want to look for is a time to mitigation: how long it takes a service to get going once an attack attempt begins. In order toprobably avoid anyDDoS-induced downtime, your protection service needs to provide a time to mitigation that comes in under 30 seconds. In order to definitely avoid any downtime, you need 10 seconds or less. Right now, 10 seconds or less is industry-leading. Regardless of if you go with under 30 or under 10, make sure the time to mitigation is guaranteed in your service level agreement.
How about processing power?
We live in a hideous time of the Terabit distributed denial of service attack. Therefore, when looking at a DDoS protection service’s mitigation muscle you’re going to want to see a global network with multi-terabit scrubbing capacity capable of processing tens of billions attack packets every second. This kind of power is what keeps attack traffic from ever reaching its target, no matter how much is being launched from an IoT botnet, and it’s also what keeps legitimate users from having their site performance affected while an attack attempt is ongoing.
What kind of site performance should my users get while an attack is being mitigated?
The numbers aren’t so cut and dried here, but generally a leading service should be able to give the vast majority of your users or customers a roundtrip time to your server that clocks in under 50 milliseconds even while an attack is ongoing. This is exceptionally fast.
Where are DDoS attacks going from here?
That is, unfortunately, impossible to say with any level of specificity, although a pretty safe bet would be even bigger, even more complex, and even more rapidly evolving. The above-mentioned capabilities are essential for DDoS protection services, but perhaps even more important is a reputation for excellence in research, innovation and strategy. Find this in a distributed denial of service protection provider and you won’t be scouring the internet for a new protection FAQ two years from now.
