3 min read

Comparing protection: Not all DDoS mitigation is created equal

11 November 2020

DDoS (Distributed Denial of Service) attacks totally bypass firewall security and intrusion prevention systems, with the potential to shut down your entire computer system and network. Having proper DDoS protection in place is an essential part of your cyber security management, but different mitigation products can be difficult to compare.

[For effective cyber security, learn why you need to store your backup offsite]

Cyber security blue padlock

What is DDoS?

A Distributed Denial of Service attack overwhelms a company’s servers with a volume of traffic that their IT cannot cope with. This effectively shuts down the system and prevents the legitimate traffic from being able to reach it.

In recent history the IoT (Internet of Things) has led to DDoS attacks growing in their effectiveness, since IoT devices are often unprotected and are useful tools for attackers to increase the size of their DDoS attacks.

There are three main types of DDoS attack, that are important to understand since different DDoS protection can handle them differently: 

  • Flood/Volumetric attack: This is an attack revolving around an overwhelming volume of traffic, taking up the entire bandwidth of your internet connection.
  • Resource starvation attack: This is a more targeted attack that uses specific types of traffic to try and crash your operating system or network stack/
  • Application attack: This is another targeted attack, this time working at layer 7 of the OSI model, with specific traffic working to crash your application or the server it sits on.

Attackers will use a DDoS attack on a company for a wide variety of reasons, but the most common motivations are:

  • Using the DDoS attack to mask another attack - Malware and Trojans are often coupled with a DDOS attack to be delivered. This infiltration can then be used in a number of ways (stealing data, ransomware attacks, etc.) to further attack a company's system.
  • Sabotaging the competition - Companies can take advantage of DDOS tools to launch attacks on their competitors, shutting down their business until the attack can be stopped.
  • Script kiddies - Kids experimenting with the free DDoS tools available will shut down a company's system just to prove that they can. They do not have any malicious intent towards the company being targeted, but are just as disruptive.

What is DDoS protection?

DDoS mitigation is a specialist solution which protects against DDoS attacks and can come in a wide variety of forms, but the most common are:

  • DDoS Mitigation Appliance: You purchase this protection from a vender and install it in front of your system to filter traffic. They're relatively cheap to initially install, however they will require further investment if your system grows, and they can easily be overwhelmed by a flood attack that exceeds your bandwidths capacity. (Some data centres will offer this as their cheapest DDoS solution, but if it is an appliance-led solution, this is what they will be providing.)
  • DDos Service from ISP: Internet Service Providers can also provide DDoS solutions to their clients by filtering all of the incoming traffic. This can be very effective and cost-effective since it filters all traffic before it even meets your IT system, but has serious limitations protecting against certain attacks tailored to your application, or if you are using several ISPs.
  • DDoS protection from your data centre: This protection is well equipped for flood attacks since data centres are equipped with enough resources to handle the volume of traffic, and has the added bonus of being installed by the engineers already responsible for your IT infrastructure. It also becomes part of the existing operational cost of your IT. 
  • DDoS protection from a third-party/cloud Service provider (CSP): Third parties can protect your IP addresses on your behalf, meaning your internet traffic hits their network first and they can filter it. This family of DDoS protection is on the rise, since cloud resources can scale massively on demand. 

As you can see, there is a wide variety in DDoS protection options, and your final choice depends on your risk profile and your budget, but there are still criteria which you can use to compare the different types of protection.

What are the requirements of good DDoS mitigation?

An effective DDoS protection needs to be able to identify the attacking traffic in a DDoS attack and filter it out. How well it does this depends on three factors which you can use to compare different types of DDoS protection.

1. Capacity

DDoS attacks are only growing stronger over time, and your DDoS protection needs to be able to cope with the amount of traffic it is being sent. DDoS attacks of over 1Tbps have been reported, and while you will probably not need that much capacity, research from Comparitech shows that average DDoS attacks are over 1Gbps right now.

Ensure that your DDoS protection has over 1Gbps capacity as standard, but also has the ability to be scaled up if you are subject to a larger attack.

2. Protection for every layer of attack

DDoS attacks can come in a variety of forms depending on how they amplify their traffic and what they use to overwhelm the target computer system. These different types of attacks are labelled depending on which layer of the data transfer process they are attacking.

Your DDoS protection should cover every layer of DDoS attack possible, otherwise you are taking an unnecessary risk.

The OSI model simple layer explainer

3. Speed of response

Even the best DDoS protection in the world won’t be able to protect you if it isn’t turned on. Your DDoS mitigation provider needs to demonstrate to you what the process is for it activating, and that it will happen promptly enough to avoid disruption.

An “always-on” solution is what is says on the tin: all traffic going to your system is being filtered by your DDoS protection, so an attack is mitigated the moment it begins. However, this is a resource-intense way of operating and has costs attached to it.

While “always-on” is the ideal deployment for DDoS mitigation, the minimum you need is for your DDoS protection provider to display the ability to deploy your DDoS protection quickly when an attack begins, and not leaving you vulnerable.

How much should you pay for DDoS mitigation?

A DDoS protection package can cover the three above factors in a variety of ways, and so there is a variety of price points for DDoS mitigation. However, the general rule of “you get what you pay for” applies here, and you should check through the specifications of any cheap DDoS mitigation you’ve been offered, seeing how they handle the three factors: capacity, layer protection, and speed of response.

Most likely a cheap option for DDoS protection, like a mitigation appliance, will have considerably lower capacity than other options, meaning it can’t handle flood attacks of the same size as these other options.

Establish what comes as standard in your DDoS protection, and what will only be supplied at an extra cost. If you opt for a cheap DDoS protection package, and then an attack exceeds its capabilities, you might be forced into paying your provider an extortionate fee for dealing with the attack. Things you might end up being charged extra for include:

  • A DDoS attack that is delivering more data per second than your protection has capacity for

  • Several DDoS attacks in one month, of any size, might not be covered in your package

A flat-rate charge for DDoS protection will protect you from this, as you will be charged a standard amount each month, regardless of how many DDoS attacks you are subject to, or their size.

How to choose the right DDoS protection?

Any company has the potential to fall victim to a DDoS attack, so it’s important you get DDoS protection in place. The level of protection you should choose depends on how disruptive it would be for your clients and your staff to lose access to your systems.

The most convenient way of getting DDoS protection in place is to have your data centre provider put one in for you, since they already handle your network connection. They will explain to you the capabilities of their different options, and how they handle the three key factors. What DDoS protection a data centre can provide is definitely a factor to take into account when choosing where to host your IT.

4D’s DDoS protection has the capacity to protect against attack that are up to 1Tbps and can be integrated into any of our other services. If you would like to learn more, get in touch.

Graphic the advantages of colocation