CenturyLink

Danny Bradbury

7 Questions to Ask a Potential DDoS Mitigation Provider

Distributed denial of service (DDoS) attacks are a CIO’s nightmare. Launched by hacktivists and online extortionists, they can bring a network to its knees. DDoS mitigation services offer peace of mind by detecting and dealing with attacks, but they are not all created equal. Here are some questions to ask potential service providers.

What is your deployment model?

Ensure that your prospective DDoS mitigation provider’s deployment model makes sense for you. There are three approaches:

Cloud-based. Mitigate DDoS attacks via scrubbing centers that catch traffic before it reaches your network. It requires no installation of on-site hardware.

On-site. An on-site appliance examines traffic as it reaches your network. It can be better at detecting stealthy “low and slow” attacks.

Hybrid. Mix cloud and on-premises approaches for the best of both worlds. The on-site appliance can signal the cloud component to take over if it becomes overwhelmed.

Your deployment model will depend on your appetite for on-site installations, your risk profile, and the expected attack type.

Which attack types can you protect against?

There are many kinds of DDoS attacks, spanning different layers of the technology stack. Each attack type carries its own threats and mitigation techniques.

Your DDoS provider should be able to mitigate attacks at layers three and four, where attackers can flood a network switch with data packets. It should also be able to handle attacks at layers further up the stack, which use more protocols such as ICMP, TCP, and UDP. Some higher-layer attacks use compression and encryption protocols such as SSL to tunnel HTTPS attacks against the server. Layer seven (application layer) attackers can even use HTTP GET and POST requests to choke server traffic. Pick a provider that can easily deal with all of these.

How much network visibility and control do you have?

A provider that owns a backbone network with many peering points can identify and neutralize DDoS traffic early, even if it originates in many places. A service provider that doesn’t control its own network either won’t have the same network visibility or must rely on a core network infrastructure owner. Pick a company that has sufficient scrubbing centers and which controls its own backbone network, ideally spanning multiple continents. A company that can support multi-carrier circuits will also provide you with more flexibility as your enterprise wide-area networking strategy evolves.

What is your network capacity?

Your service provider should have the network capacity to absorb such attacks. Capacity involves more than network throughput. Ask your would-be DDoS mitigation provider about its processing capability. How quickly can its scrubbing centers analyze and forward network packets? It should give you this figure in millions of packets per second. This is a key factor in determining traffic latency in a cloud-based traffic scrubbing solution.

What is your response time?

When a DDoS attack hits, you want to recover as quickly as possible. Ask your provider how quickly it detects an attack and diverts incoming traffic to its DDoS protection service.

What will you need from us?

The less time and effort you need to spend setting up the solution, the better. Talk to your potential DDoS provider about the onboarding process. Will you need to change your ISP or alter your configurations with your existing service provider? Will you need to install hardware on your own premises, and if so, how difficult will this be to set up? How long will it take to begin service after signing the contract?

What is your pricing structure?

DDoS mitigation pricing models vary, with some companies focusing on the time or bandwidth spent repelling each attack, and others charging a flat monthly fee. Examine your own risk profile to see what makes most sense for you. A high-profile company that is constantly under attack from hacktivists or online extortionists may find a flat fee more appropriate, for example. Just be sure that your DDoS mitigation provider offers simple, flexible pricing options that match your business needs.

These questions will prepare you for conversations with your potential DDoS service provider. There are no right or wrong providers, but there are services that make the most sense for your company. Consider a provider that offers multilayered DDoS services, combining network mitigation with threat intelligence so that it understands specific DDoS attackers’ modus operandi. Also, ensure that your DDoS mitigation provider offers extra intelligence in the form of detailed traffic analytics, and flow-based monitoring services that give you a comprehensive picture of what is happening on your network.

For more information about how to choose a DDoS mitigation service, download this excerpt of the IDC MarketScape: Worldwide DDoS Prevention Solutions 2019 Assessment.

This blog is provided for informational purposes only and may require additional research and substantiation by the end user. In addition, the information is provided “as is” without any warranty or condition of any kind, either express or implied. Use of this information is at the end user’s own risk. CenturyLink does not warrant that the information will meet the end user’s requirements or that the implementation or usage of this information will result in the desired outcome of the end user.