DDoS attacks themselves haven’t changed that much since Forrester’s last DDoS protection Forrester Wave™ in 2017.The DDoS protection market, however, certainly has. There are three major trends in the DDoS protection market. First, 75% of surveyed global security decisionmakers want to consume DDoS protection as a service instead of racking hardware themselves. Second, applications have continued their migration out of the private data center and into the cloud, shrinking the market for on-premises DDoS solutions largely to those that provide it as a service. And last, but most significantly, in 2017 most public cloud service providers (CSPs) didn’t offer DDoS mitigation services for general availability, but now they all do.
As a result of these trends, DDoS protection customers should look for providers that:
– Protect cloud assets. Every application owner and developer moving their application to a public CSP will, of course, be interested to see how well that CSP is positioned to protect their applications. Leveraging the CSP’s DDoS protection infrastructure seems like a no-brainer; the CSP is already trusted with the application, the data, and its availability.
– Can defend layer 7 without a WAF. Determined attackers can make life messy at layer 7 with heavy queries or malformed requests. For years, the “solution” offered by the market was to use a web application firewall (or WAF). But not all assets are web applications, and WAFs require far more maintenance than DDoS protection. WAFs are also incompatible with the on-demand model.
– Automate not just detection but response. Let’s face it; the internet is a toxic wasteland of malicious automation. Ask anyone who has ever stood up a public-facing SSH server how long it takes for brute force attacks to appear in their logs (spoiler: it’s often less than a minute). DDoS is the original malicious automation, and attackers leverage it all day long. To keep the most malicious automation attacks from overloading your own humans, look for providers that can automate all mitigations, even the zero-day DDoS attacks that occur every year.
Longtime DDoS protection vendor Radware is making the jump from on-premises protection to cloud-delivered and hybrid. As one of the two vendors in this Forrester Wave offering a hardware appliance, Radware brings forward its deep technical understanding and mitigation of DDoS attacks. The vendor has a detection and response capability that can detect zero-day attacks and create real-time, custom signatures to mitigate them within 18 seconds or less.
VNCS is official distributor of Radware in Vietnam. Contact us for more information.