Enterprises face a dilemma when it comes to defence against today’s modern DDoS attacks. Do they trust the surgical precision of an on-premises DDoS protection solution or go with a DDoS cloud scrubbing solution? IT managers have a tough decision to make.
Whichever option is chosen, it will be the companies way of protecting themselves from cyberattacks. But, why even choose between the two?
Enterprises need all the help they can get when it comes to defending from cyberattacks. So, why not have the best of both worlds and go with an all-encompassing hybrid DDoS defence solution? That way, you get the power of the cloud with the context-aware on-site protection needed to battle sophisticated DDoS attacks. This is the solution that makes the most sense. Enterprises really need to cover all their bases but if you aren’t convinced then allow me to elaborate.
Cloud alone is not enough
Cloud scrubbing is a solid option when it comes to enterprise DDoS protection, but it’s not perfect. Clean pipe services and cloud scrubbing are critical when attacks exceed your internet capacity. But, such services only achieve partial DDoS resilience. This is because enterprises must also defend their value-generating applications and availability for valid users. (Although, isn’t that the whole value prop of a DDoS defence solution? Maintaining availability while thwarting DDoS attacks?) Distinguishing valid accesses and which are initiated as part of a slower, but equally deadly, network is important. Application resource exhaustion attacks require contextual awareness of the unique characteristics of on-premises network, application and normal user behaviour.
Cloud scrubbing is incredibly effective when attack volumes exceed the capacity of an enterprise’s internet pipe. However, enterprises must compliment their solution to defend against application and, slow and low attacks. This is important when 75 percent of attacks IT managers see target specific elements of their infrastructure.
At the same time, cloud scrubbing traffic swings can be disruptive and costly. More than three-quarters (77 percent) of attacks peak at 10 Gbps or less. In addition, nearly half of all attack volumes are less than 1 Gbps. The most common attack sizes are best deflected by an always-on on-premises solution.
DDoS attacks are mostly brute-force, but DDoS defences must be precise. It also needs the ability to easily distinguish legitimate users from bots. Strategies like Remote Triggered Black Hole (RTBH), and service rate limiting leave a wake of collateral damage against legitimate users. This happens in the form of false positives and false negatives.
So why a full spectrum hybrid DDoS protection?
Both forms of hybrid DDoS protection have their benefits and negatives. However, a full spectrum enterprise hybrid protection defends against DDoS attacks of all types and sizes. It will guarantee that any threats to your network, your revenue and your reputation are dealt with.
Combine the power of on-demand, all-encompassing, cloud DDoS scrubbing solution with the more precise on-premises DDoS protection solution. The power of two allows them to cancel out each other’s weaknesses and supply greater protection to the enterprise.
DDoS cloud protection delivers cloud-scale hybrid DDoS protection against volumetric attacks that exceed your enterprise’s internet bandwidth. On-premises DDoS defence minimises false events with source-based mitigation. It protects enterprise personnel and customers. It also enforces protection via the use of a cyber threat intelligence service and multiple traffic behaviour indicators. The latter is used to increase mitigation accuracy.
A powerful hybrid solution also delivers automated policy-based mitigation escalation making frontline defenders more effective. With a team of trained IT professionals, a DDoS cloud scrubbing solution can easily redirect traffic to the cloud. This is useful when an attack threatens to overwhelm an enterprises total internet bandwidth.
Going for a hybrid model is also cost effective. In addition, hybrid solutions make it easier to protect legitimate traffic. This means that enterprises only pay for the protected traffic and the number of times cloud-scale scrubbing is required. With two on-premises DDoS solutions working together businesses can deflect attacks that fall under your on-premises internet bandwidth. This defence is the most surgically effective and economical way to protect your enterprise from DDoS attacks.
A10 Networks (NYSE: ATEN) is a provider of intelligent and automated cybersecurity solutions, providing a portfolio of high-performance secure application solutions that enable intelligent automation with machine learning to ensure business critical applications are protected, reliable and always available. Founded in 2004, A10 Networks is based in San Jose, Calif., and serves customers in more than 80 countries with offices worldwide. For more information, visit: www.a10networks.com and @A10Networks
