Top 10 Distributed Denial of Service (DDoS) Protection Vendors

Distributed denial of service (DDoS) attacks can cripple an organization, a network or even an entire country. DDoS attacks make up a considerable percentage of security threats, and recent attacks have been larger and more complex than ever.

While there are some things security teams can do to lessen the impact of DDoS attacks, the growing sophistication of such attacks has sparked strong growth in the market for DDoS solutions. Research firm IDC expects the DDoS prevention market to grow 20 percent each year through 2021.

The vendors listed here scored well in the Forrester DDoS Wave or the Quadrant Knowledge Solutions DDoS report – or both. In addition to handling traditional DDoS attacks, they incorporate cloud, mobile and IoT features. Each vendor summary links to a detailed analysis, including target markets and use cases, features, metrics, intelligence, use of agents, security certifications, product delivery (cloud, software or hardware) and pricing. There’s also a chart at the bottom of this article comparing the solutions.

Core DDoS solution features include detection of the early stages of an attack, the scale to absorb the volume of traffic, and the ability to mitigate the source of the attack. This can be done via static or custom rules, or through an evolving set of defensive actions as the attack morphs toward additional targets.

Jump ahead:

Akamai DDoS mitigation

Akamai’s DDoS mitigation solution can include CDN-based, DDoS scrubbing, and DNS components, depending on each customer’s requirements. Akamai mitigates DNS-based DDoS attacks (e.g., DNS amplification), as well as protecting DNS services from DDoS attacks. It incorporates automated rate controls, custom web application firewall (WAF) rules, monitoring tools, traffic profiles and workflows that avoid unnecessary mitigation actions.

See our in-depth look at Akamai DDoS Mitigation.

Verisign DDoS Protection Services

When Verisign’s monitors detect a DDoS attack, support personnel immediately notify customers about it and recommend a mitigation strategy. In addition to monitoring, the company offers on-demand mitigation. It also has an OpenHybrid API that enables organizations to use their existing security systems to send threat information to Verisign’s cloud-based service for possible mitigation.

See our in-depth look at Verisign DDoS Protection Services.

Radware DDoS Protection

Radware DDoS protection solutions and web application security offerings provide integrated application and network security. Its Attack Mitigation Solution is a hybrid DDoS protection solution that integrates always-on detection and mitigation with cloud-based volumetric DDoS attack prevention, scrubbing, and 24×7 cyberattack and DDoS security.

See our in-depth look at Radware DDoS Protection.

Cloudflare DDoS Protection

Cloudflare’s cloud-based DDoS protection system can deal with layer 7 attacks as well as layer 3 and layer 4 attacks. Instead of using dedicated anti-DDoS hardware, every machine in its global network takes part in DDoS mitigation. It has over 15 Tbps of capacity.

See our in-depth look at Cloudflare DDoS Protection.

Arbor Networks APS

Arbor Networks utilizes hybrid, multi-layer defenses to protect against all types of DDoS threats. On-premises protection is delivered by Arbor’s APS, which addresses application-layer and TCP state-exhaustion attacks. It incorporates detection and mitigation technology for fast, automatic blocking of attacks.

See our in-depth look at Arbor Networks APS.


Nexusguard’s solution mitigates all types of DDoS attacks and cyberthreats. This encompasses protection against level 3 to level 7 attacks, including DDoS attacks, brute force, connection flood, ping of death, Smurf, SSL flood, zero-day attacks and more.

See our in-depth look at Nexusgard.

DOSarrest DDoS Protection

DOSarrest focuses on HTTP/HTTPs and protecting websites, APIs and mobile application servers on TCP ports 80 and 443. It offers cloud-based security that includes DDoS protection, a web application firewall, a CDN for enhanced performance, website monitoring and support. All are integrated using its big data analytics engine.

See our in-depth look at DOSarrest.

F5 DDoS Protection

F5 protects against DDoS traffic targeting the cloud, networks and applications, as well as DNS attacks. It can examine network layers 3-7. F5’s DDoS Hybrid Defender addresses blended network attacks and sophisticated application attacks, while enabling SSL decryption, anti-bot capabilities and advanced detection.

See our in-depth look at F5 DDoS Protection.

Neustar SiteProtect NG

Neustar SiteProtect NG is a DDoS protection service with cloud-based and hybrid options for scrubbing malicious traffic. It can put countermeasures in place to limit exposure, protect a site’s uptime and provide automated mitigation across multiple attack vectors.

See our in-depth look at Neustar SiteProtect NG.

Imperva Incapsula

Imperva Incapsula takes a multi-tier approach to blocking DDoS traffic. It filters traffic through a web application firewall, a DDoS rules engine and a series of progressive challenges that are invisible to legitimate traffic.

See our in-depth look at Imperva Incapsula.

Top DDoS Protection Vendors

Drew Robb
Drew Robb has been a full-time professional writer and editor for more than twenty years. He currently works freelance for a number of IT publications, including ServerWatch and CIO Insight. He is also the editor-in-chief of an international engineering magazine.

Top Products

Top Cybersecurity Companies

Related articles