Traditional defenses, such as firewalls and IPS routers, are not as effective as dedicated DDoS defense systems. Detection is poor, response is ineffective and these solutions are sometimes the target of attacks themselves. Dedicated DDoS defenses – whether on-premise, off-site or a combination of the two (more on this later) – are designed specifically to detect and defend against DDoS attacks, and therefore more effective.
The keys to successfully defending against any DDoS attack are:
- The speed with which you can recognize the attack
- How fast you can begin mitigation of the attack
- A well-coordinated defense.
In multi-provider scenarios, the coordination lies with someone (either within or outside) to marshal the defenses and manage the response to the attack. In either case, pre-planning and testing are key to map out and refine processes and responsibilities. A single provider solution will have the advantage here, but it is doable in a multi-provider environment.
Next, we have layered defense versus single defense. Even though I will always argue that layers of defenses are best, for some companies a single defensive system or service is sufficient. However, let's talk worst case scenario here and break this down. The quicker the attack can be identified and defenses can come to bear, the better off you are in a DDoS attack – accurate and fast detection is the first layer of defense.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.