Table of Contents
- DDoS Protection Primer
- Report Methodology
- Decision Criteria Analysis
- Evaluation Metrics
- Key Criteria: Impact Analysis
- Analyst’s Take
- About Alastair Cooke
Although ransomware is making all the headlines today, it’s not the only kind of attack that businesses should arm themselves against. Distributed denial of service (DDoS) attacks, in which a target website or application is overwhelmed with spurious traffic, have become increasingly common and are growing in size.
Websites and online applications are critical to the way businesses communicate with their customers and partners. If those websites and applications are not available, there’s a dollars and cents cost to the business, both directly in lost transactions and indirectly through loss of reputation. The attackers’ motivations don’t matter to the users of the website—whether the attacker has a political point to make, wants to hurt the business financially, or is motivated by ego—if the website is unavailable, users are not happy.
A DDoS protection platform must inspect all of the traffic destined for a protected site or application and discard or absorb hostile traffic while allowing legitimate traffic to reach the site.
Often, an attack simply aims vast amounts of network traffic at the operating system under the application. These “volumetric” attacks usually occur at network Layer 3 or 4 and originate from compromised computers called bots. Recent DDoS attacks have used thousands of compromised computers, and they can involve hundreds of gigabits per second of attack bandwidth. The largest DDoS attack to date peaked at 2.3 terabits per second.
Few companies have enough internet bandwidth to mitigate an attack of this magnitude on-premises, so DDoS protection needs to be distributed to multiple data centers around the world to be effective. The sheer scale of infrastructure required means that most DDoS platforms are multitenant cloud services.
Other attacks target the application itself, at Layer 7, with either a barrage of legitimate requests or with requests carefully crafted to exploit faults in the site. These Layer 7 attacks look superficially like real requests and require careful analysis to separate them from legitimate traffic.
Attackers don’t stand still. As DDoS protection platforms learn to protect against one attack method, attackers will find a new way to take down a website. So DDoS protection vendors can’t stand still either. Using information gathered from all of their protected sites, vendors are able to develop new techniques to protect their clients.
This GigaOm Key Criteria report details the criteria and evaluation metrics for selecting an effective DDoS protection platform. The companion GigaOm Radar report identifies vendors and products that excel in those criteria and metrics. Together, these reports provide an overview of the category and its underlying technology, identify leading DDoS protection offerings, and help decision-makers evaluate these solutions and decide where to invest.
How to Read this Report
This GigaOm report is one of a series of documents that helps IT organizations assess competing solutions in the context of well-defined features and criteria. For a fuller understanding, consider reviewing the following reports:
Key Criteria report: A detailed market sector analysis that assesses the impact that key product features and criteria have on top-line solution characteristics—such as scalability, performance, and TCO—that drive purchase decisions.
GigaOm Radar report: A forward-looking analysis that plots the relative value and progression of vendor solutions along multiple axes based on strategy and execution. The Radar report includes a breakdown of each vendor’s offering in the sector.
Solution Profile: An in-depth vendor analysis that builds on the framework developed in the Key Criteria and Radar reports to assess a company’s engagement within a technology sector. This analysis includes forward-looking guidance around both strategy and product.