What to look for when evaluating your DDoS protection solution
As we’ve covered before in previous blog posts, and as you probably can surmise yourself given the seemingly daily news reports of new and bigger Distributed Denial of Service (DDoS) attacks, your site cannot afford to forgo DDoS protection services. Given the relative ease at which a handful of users or sometimes a single person can grind your site and your entire online business to a screeching halt, DDoS mitigation should be viewed as an essential component to your website and online presence.
As with anything, shopping around can drastically improve your results when arriving at a DDoS protection provider. But for many individuals and business professionals, it can be a bit overwhelming when beginning your search. By its very nature, DDoS is a very technical aspect of the Internet and comes with a lot of jargon and heady vocabulary that can be confusing to the average user. Don’t let that stop you from pursuing proper DDoS protection – we’re here to let you know what you should be looking for and explaining these metrics in layman’s terms so you’ll have a proper grasp on the basics of DDoS and how to properly safeguard against it.
First of all, we’ll briefly define a DDoS attack (although we won’t go into too much detail, since you can read an entire blog entry devoted to this topic here). A DDoS attack is when a large amount of computers, typically controlled by only a handful of actual human beings, all bombard your website with traffic – so much traffic that your bandwidth is quickly depleted and your site is rendered inaccessible. Some site owners assume that simply purchasing more bandwidth would help to prevent against DDoS attacks, but even the world’s biggest sites with astronomically high bandwidth capabilities can be taken down with DDoS, as the number of computers the attackers can control via botnets and malware Trojans can be in the millions.
So if more bandwidth isn’t the answer, what is? There are several key elements that you must weigh when choosing your DDoS protection. First how quickly your protection provider can give you emergency assistance in case of a DDoS attack. As there is no way to 100% prevent against DDoS attacks, emergency protection is one of the most important elements to consider, as you’ll want to have a way to quickly bring your site or sites back up to full strength in the event of an attack. Make sure the provider you choose not only offers a variety of packages based on size of potential attacks, but also one that has real life human beings standing by on call 24 hours a day, 7 days a week, 365 days a year. DDoS attacks can and do happen at any time, any day of the year, and the last thing you’d want to deal with when experiencing an attack is long wait times or having to interact with automated operators.
Secondly, look closely at what type of protection packages are offered. These will typically be broken down by a bit or packet rate threshold – the more gigabits per second of protection a package offers, the more secure your site will be against potential DDoS attacks. Keep in mind that while it is true that the higher the protection rate the more safe your site will be, you may not need the absolute largest type of protection, depending on your business. One of the biggest DDoS attacks on record occurred last year against the email-filtering company Spamhaus, which was under attack at a rate of approximately 300 gigabits per second – the previous record was around 100 gigabits per second, and a typical large-scale DDoS attack (one against a large enough company or entity to get attention) usually runs in the 50 gigabits per second range. Lately, attacks have become even larger with Black Lotus mitigating NTP protocol distributed reflection denial of service (DrDoS) attacks peaking at 421 Gbps in February 2014, possibly a world record! While it’s true that it’s better to be safe than sorry, if you run a local specialty soap shop in a small rural town, you may not need a package that safeguards against the largest scales of DDoS attacks.
Thirdly, consider a DDoS protection service that offers a seamless transition to integrating its protection into your current hosting situation, regardless of your provider. As we know, every minute that your website is down is potentially lost revenue, so choosing a solution that quickly and easily can be implemented with no migration time or costs is huge. There are many different options when it comes to working with your current web hosting provider – evaluate your options based on cost and ease of transition. Look for solutions that can work seamlessly with your site, regardless of your hosting provider and regardless of your location anywhere on the globe.
Fourthly, detailed reports are crucial as they can tell you not only where any potential attacks are coming from, but what methods in which they are being carried out. Some DDoS protection providers offer real-time analysis and reporting, meaning that at any time (whether you’re currently under attack or not), you can log in and see precise and accurate data regarding your traffic and its origins. Depending on your technical expertise, find a provider that will not only include reports when you need them, but also will provide the proper context as to what the data and numbers mean.
And finally, all DDoS protection essentially boils down to filtering your inbound web traffic through high capacity “scrubbers” as they are known. A typical DDoS mitigation service will filter all inbound traffic to your website through their system of scrubbers first. Using complex algorithms, the scrubbers determine which traffic is organic and clean, and which (if any) is resulting from DDoS style attacks. What you want to see here is not only the size and capabilities of the actual scrubbers, but also some flexibility in how they operate. Having the scrubbers be scalable to your site and operation is crucial, as is the ability to select how and when this traffic is filtered. If you are a service provider with your own BGP network, look into network wide protection which can be deployed by GRE tunnel or physical cross connection, allowing you to essentially sell DDoS protection as part of your customer packages.
There are a handful of industry leaders in the DDoS mitigation space – by comparing packages, flexibility, support, and cost against your business and website’s needs, you will hopefully find the perfect protection package and provider that’s right for you.
.
