What you need to know before choosing DDoS protection

Why you should invest in DDoS protection – and the costs of not doing so

A DDoS attack can bring down your entire service for the duration of the attack – which could last days and even weeks.

For an attacker to launch an attack against you, it typically costs them between £100-300 per hour, and according to Netscout, in 2019 UK businesses lost £1 billion in revenue due to DDoS attacks. Meaning, a motivated attacker can cause significant damage for very little cost.

In the event of a DDoS attack, your ISP can actually turn on an “emergency” mitigation immediately, but that can cost you up to £20,000. In comparison, the average price of DDoS protection from an ISP is £1,666 per month or £2,800 per month from a cloud provider.

Damage from a DDoS attack is unique to your business. For example, businesses that are reliant on their website or network to generate revenue such as retailers or travel companies will suffer much larger monetary impacts than businesses that are not. However, financial damages are not the only costs of a DDoS attack, you can also suffer from reputational damage and can lose competitive advantage.

When choosing DDoS protection, it’s important to evaluate your risk level, the type of protection you need based on your infrastructure and platforms, and to understand the costs and damages of a DDoS attack on your business.

The three types of protection

There are three main types of DDoS protection:

1. Protection from your Internet Service Provider (ISP)
2. Protection from your Cloud Platform Provider
3. Protection from a Content Delivery Network (CDN)

When choosing DDoS protection, your main consideration should be where your applications and resources are hosted. Here is how all three types of protection differ.

Internet Service Provider (ISP)

If your applications are hosted on-premises or in a data centre, protection from your Internet Service Provider delivers the best protection. It is easy to set up, can instantly be activated by your ISP, and is extremely difficult to circumvent (as it’s tied to your public IPv4/IPv6 IP addresses).

Applications hosted elsewhere typically require a different approach.

Cloud Service Provider (CSP)

If your applications are hosted in the public cloud, protection from your cloud provider would deliver the best protection (e.g. Azure DDoS Protection Standard or AWS Shield). Cloud protection, like ISP-based protection, is easy to set up, can be instantly activated, and cannot be circumvented. This type of protection is typically for resources hosted within the public cloud.

Content Delivery Network (CDN)

Increasingly, organisations adopt a hybrid-cloud approach when deploying applications, using a blend of different public clouds and data centres. For this reason, there is a demand for flexible DDoS protection services which can be quickly deployed across many applications regardless of whether they are hosted in the cloud, on-premises, or the data centre.

CDN-based DDoS protection uses DNS (and dynamic request routing) to shield your application and is well suited in the above scenario. However, it is possible for an attacker to bypass the protection and target origin servers or other network assets (such as firewalls or load balancers) to take down your application.

If you have identified DDoS as a major threat, and have your applications hosted across different platforms, you may want to consider a multi-layered approach.