The term ‘Distributed Denial of Service Attack’, or DDoS attack, migrated into the general vocabulary in 2012 following media attention which highlighted internet banking services in particular, brought down by these types of cyber-attacks. The DDoS phenomenon is however not a recent one, but is in fact almost as old as the internet itself.
Since 2009 we have worked with Riorey, an American vendor of a solution aimed at repelling DDoS attacks of all types and sizes. Thanks to the implementation and management of a range of Riorey appliances for our clients, at Quanza we know how to prevent DDoS attacks.
DDoS protection comes in three flavors: on-premises, in the cloud or a hybrid form. Unsurprisingly, all three types are high on the IT agenda. Different network vendor implement different anti-DDoS features in their firewalls, or develop a dedicated anti-DDoS appliance. The people of Quanza have investigated all the solutions on the market extensively and know exactly which solutions work, and which don’t.
A cloud service is often suitable for parrying a volumetric DDoS attack. Here you can assume that the cloud provider has enough bandwidth available to be able to absorb and filter the largest attacks. However, you can’t expect your cloud provider to know your website well enough to distinguish a cunning attack from a spike in regular traffic. Cheap cloud services unfortunately often do little more than filter out completely any traffic to the IP address under attack. That saves your internet uplink, but also means that the attacked website is out of action, [just like the attackers wanted].
Like every service in the cloud, exactly what’s happening with your traffic and data isn’t always fully apparent. What guarantees are in place, how do you check them, where is your data located? Many anti-DDoS services focus primarily on the American market, which could mean your visitors’ traffic first has to be routed to America and then back, which doesn’t benefit performance. Finally, there are the costs; you generally pay for a serious service on the basis of bandwidth usage. If an attack persists, it can add up substantially. So the solution is not always in the cloud.
Does one all-encompassing solution exist which provides protection? No, unfortunately not, but we will be happy to advise you on which solution is best for you and your setup.