Data and securityCyber SecurityDDoS Defence Demands a Hybrid Approach

DDoS Defence Demands a Hybrid Approach

Ronald Sens, EMEA Director, A10 Networks outlines why a hybrid approach to DDoS Defence  that marries cloud and on-premise protection is the best way forward

Just imagine that a DDoS attack is crushing your network. Your enterprise’s internet pipe is under siege and almost to capacity. There is nowhere else for the traffic to go, making it impossible for legitimate user traffic to get through. So, what is the result? The attack is successful, your network or services fall down, you lose productivity and revenue, your brand is irrefutably damaged and all you can do is pick up the pieces.

It doesn’t have to be this way though. Had the enterprise in this scenario employed a hybrid approach to its DDoS Defence, it would’ve been back to business as usual once the attack was mitigated. How does it do this, you ask? By swinging traffic to the cloud to get a good scrub down. The most effective way to battle DDoS attacks is with a hybrid approach that marries cloud and on-premise protection that can stand up to attacks of any type and any size.

Why Hybrid?

Hybrid DDoS defence is the best of both worlds. It combines cloud scrubbing with the surgical precision and context-aware controls of an always-on, instant on-premise DDoS solution. When DDoS attack volumes grow beyond the capacity of your internet pipe, it diverts traffic to the cloud maintaining service availability.

With this powerful combination, you can defend against frequent smaller and sophisticated attacks that target applications, services and security devices, and the colossal 1 Tbps volumetric attacks that crush companies and make for compelling headlines.

According to Verisign’s DDoS Trend Report for the first quarter of 2017, 41 percent of DDoS attacks are less than 1 Gbps and 77 percent are less than 10 Gbps. These attacks are more effectively mitigated with surgical, on-premise DDoS defence, while the cloud is available on-demand for when attack volume grows beyond the capacity of your internet pipe.

Blending cloud and on-premise DDoS defence ensures network exhaustion and application layer attacks are caught, and it eliminates mitigation errors that cause collateral damage to legitimate traffic and users. This is the whole point of DDoS defence, to ensure legitimate traffic and users get through.

Hybrid DDoS users also get the benefit of cloud scrubbing while maintaining the operator control of an on-premise solution, which delivers the application protection that cloud scrubbing alone cannot.

At the same time, hybrid DDoS defence eliminates the added expense of using cloud scrubbing alone. Some cloud scrubbing services charge based on the total amount of traffic diverted. That’s unnecessarily costly, because you end up paying not only for the legitimate traffic you are seeking to protect, but also for the massive volumes of attack traffic. A hybrid solution kicks to the cloud only when the always-on, on-premise, solution is overwhelmed, and you only pay for cloud scrubbing as you use it.

A Complete Hybrid DDoS Solution

For the best DDoS protection, you need to make sure you have a complete hybrid solution, including an on-demand cloud DDoS scrubbing solution that gives you the full spectrum of DDoS protection, especially when combined with other precise defence solutions.

Solutions that deliver cloud-scale hybrid DDoS protection against volumetric attacks that exceed your internet bandwidth is required for the best protection. This hybrid approach offers precision protection against all DDoS attack strategies such as volumetric, network-based, application layer, slow and low attacks and attacks missed by cloud scrubbing services.

Coupling on-demand cloud scrubbing with other on-premise DDoS defences minimises false events with source-based mitigation; protects enterprise personnel and customers; and enforces protection via threat intelligence services and more than 27 traffic behaviour indicators to increase mitigation accuracy.

Cloud DDoS protection services should be built on protecting legitimate traffic, not the amount of traffic that attacks apply. With an effective protection service, you are only charged for the protected traffic and the number of times cloud-scale scrubbing is required. Coupled with a product that deflects all attacks that fall under your on-premises internet bandwidth, your enterprise can have the most surgically effective and economical full spectrum DDoS solution on the market.

Related Articles

Room for more cybersecurity over and above GDPR

Cyber Security Room for more cybersecurity over and above GDPR

3w Jay Ashar
AI support: Outnumbered but not outgunned

Cyber Security AI support: Outnumbered but not outgunned

3w Piers Wilson
A shot in the arm for Bristol's cybersecurity

Cyber Security A shot in the arm for Bristol's cybersecurity

4w Jay Ashar
Cyber security starts with people and processes

Cyber Security Cyber security starts with people and processes

1m Austin Clark
Three-quarters of government organisations not DMARC compliant

Cyber Security Three-quarters of government organisations not DMARC compliant

1m Jay Ashar
MoD invites applications for the design phase of Cyber Risk Tooling

Cyber Security MoD invites applications for the design phase of Cyber Risk Tooling

2m Jay Ashar
How the UK’s cybersecurity skill shortage could affect the public sector’s resilience against the next WannaCry?

Cyber Security How the UK’s cybersecurity skill shortage could affect the public sector’s resilience against the next WannaCry?

2m Chris Huggett
Government announces projects to boost diversity in cyber security

Cyber Security Government announces projects to boost diversity in cyber security

3m Austin Clark