A cross-section of retail companies with e-commerce websites participated in the survey, spanning many business sectors, including consumer electronics, healthcare, online payment processing, fashion and apparel, toys and gifts, heating and plumbing, and software-as-a-service. The respondents included online retailers from the United States, Europe and Asia.
"There was a nearly unanimous belief among respondents that their company websites are at mid-to-high risk of being targeted by DDoS attacks over the next 12 months," said Stuart Scholly, president at Prolexic. "Moreover, the majority of respondents indicated DDoS mitigation services from ISPs and content delivery networks were ineffective in providing the preferred level of protection e-Commerce companies require and expect."
Survey responses show that online retailers:
- Find content delivery networks (CDNs) and Internet service providers (ISPs) to be the least effective of DDoS protection services, and especially ineffective against direct-to-origin DDoS attacks and application-layer attacks.
- ISPs were ranked least effective for mitigating DDoS attacks by 42 percent of respondents, while 8 percent ranked ISPs as most effective.
- CDNs were ranked least effective for mitigating DDoS attacks by 58 percent of respondents. No respondents ranked CDNs as most effective.
- On-site DDoS mitigation appliances were ranked least effective by 33 percent of respondents. No respondents ranked appliances as most effective.
- Prefer a mature, pure-play DDoS mitigation service provider with proven competence and capabilities that can scale to stop the largest DDoS attacks on the Internet, with low false positives, and the fastest mitigation backed by a service level agreement (SLA). They also want a mitigation provider with a proven track record of ensuring the client's site availability and business continuity during a DDoS attack.
- Seek a total DDoS protection solution that only a specialist in DDoS mitigation services can provide. e-Commerce companies want network protection for all IPs with a single DDoS mitigation solution, not add-on services from multiple ISPs or CDNs. They want a total-protection provider that sits in front of all IPs and carriers and provides routed protection against all avenues of attacks.