DDoS Attacks (Part III)

Every organization’s Internet service provider should be considered a resource. Nevertheless relying on your ISP is a quick fix, and not always the best one.

The problem with most ISPs is that their core business competency is focused on providing backup services and getting data packets from one location to another. Even if they offer DDoS mitigation services, you should be double checking their claims and ask: can they conduct deep-packet inspection? Do they have the specialized DDoS mitigation tools available? Can they mitigate 100-plus gigabit-per-second attacks?

The content delivery network

Then there’s the content delivery network, or CDN, option. This is the strategy of having server farms deployed offsite, and it’s particularly popular with content-heavy companies, just as those in media and e-commerce. CDN providers cache static content on their own servers, so that visitors get content from them instead of you. But, just because they offer savings during enhancing core performance, it doesn’t mean they’re the best defense against DDoS attacks.

Finally, there’s the cloud-based DDoS mitigation provider. In a business environment, it offers the best defense against most DDoS attacks.

Going one level deeper, the provider needs to have diversity in its bandwidth sources — that’s the only way to handle attacks that feature hundreds of gigabits of data. It needs to have connectivity from many providers in order to ensure resiliency. And it needs to be fully aware of new attack modes, along with new technologies to deal with them.

The Senior Product Manager of Neustar

Miguel Ramos is the Senior Product Manager of Neustar, Inc., a provider of real-time information and analysis to the Internet, telecommunications, entertainment, advertising and marketing industries throughout the world.