Distributed denial of service (DDoS) attacks can cripple an organization, a network or even an entire country. DDoS attacks make up a considerable percentage of security threats, and recent attacks have been larger and more complex than ever.
While there are some things security teams can do to lessen the impact of DDoS attacks, the growing sophistication of such attacks has sparked strong growth in the market for DDoS solutions. Research firm IDC expects the DDoS prevention market to grow 20 percent each year through 2021.
The vendors listed here scored well in the Forrester DDoS Wave or the Quadrant Knowledge Solutions DDoS report – or both. In addition to handling traditional DDoS attacks, they incorporate cloud, mobile and IoT features. Each vendor summary links to a detailed analysis, including target markets and use cases, features, metrics, intelligence, use of agents, security certifications, product delivery (cloud, software or hardware) and pricing. There's also a chart at the bottom of this article comparing the solutions.
Core DDoS solution features include detection of the early stages of an attack, the scale to absorb the volume of traffic, and the ability to mitigate the source of the attack. This can be done via static or custom rules, or through an evolving set of defensive actions as the attack morphs toward additional targets.https://o1.qnsr.com/log/p.gif?;n=203;c=204660767;s=9477;x=7936;f=201812281314300;u=j;z=TIMESTAMP;a=20392941;e=i
- Vendor comparison chart
- Akamai DDoS mitigation
- Verisign DDoS Protection Services
- Radware DDoS Protection
- Cloudflare DDoS Protection
- Arbor Networks APS
- DOSarrest DDoS Protection
- F5 DDoS Protection
- Neustar SiteProtect NG
- Imperva Incapsula
Akamai's DDoS mitigation solution can include CDN-based, DDoS scrubbing, and DNS components, depending on each customer's requirements. Akamai mitigates DNS-based DDoS attacks (e.g., DNS amplification), as well as protecting DNS services from DDoS attacks. It incorporates automated rate controls, custom web application firewall (WAF) rules, monitoring tools, traffic profiles and workflows that avoid unnecessary mitigation actions.
When Verisign's monitors detect a DDoS attack, support personnel immediately notify customers about it and recommend a mitigation strategy. In addition to monitoring, the company offers on-demand mitigation. It also has an OpenHybrid API that enables organizations to use their existing security systems to send threat information to Verisign’s cloud-based service for possible mitigation.
Get an in-depth look at Verisign DDoS Protection Services.
Radware DDoS protection solutions and web application security offerings provide integrated application and network security. Its Attack Mitigation Solution is a hybrid DDoS protection solution that integrates always-on detection and mitigation with cloud-based volumetric DDoS attack prevention, scrubbing, and 24x7 cyberattack and DDoS security.
Cloudflare's cloud-based DDoS protection system can deal with layer 7 attacks as well as layer 3 and layer 4 attacks. Instead of using dedicated anti-DDoS hardware, every machine in its global network takes part in DDoS mitigation. It has over 15 Tbps of capacity.
Arbor Networks utilizes hybrid, multi-layer defenses to protect against all types of DDoS threats. On-premises protection is delivered by Arbor's APS, which addresses application-layer and TCP state-exhaustion attacks. It incorporates detection and mitigation technology for fast, automatic blocking of attacks.
Nexusguard’s solution mitigates all types of DDoS attacks and cyberthreats. This encompasses protection against level 3 to level 7 attacks, including DDoS attacks, brute force, connection flood, ping of death, Smurf, SSL flood, zero-day attacks and more.
DOSarrest focuses on HTTP/HTTPs and protecting websites, APIs and mobile application servers on TCP ports 80 and 443. It offers cloud-based security that includes DDoS protection, a web application firewall, a CDN for enhanced performance, website monitoring and support. All are integrated using its big data analytics engine.
See our in-depth look at DOSarrest DDoS protection.
F5 protects against DDoS traffic targeting the cloud, networks and applications, as well as DNS attacks. It can examine network layers 3-7. F5's DDoS Hybrid Defender addresses blended network attacks and sophisticated application attacks, while enabling SSL decryption, anti-bot capabilities and advanced detection.
Neustar SiteProtect NG is a DDoS protection service with cloud-based and hybrid options for scrubbing malicious traffic. It can put countermeasures in place to limit exposure, protect a site's uptime and provide automated mitigation across multiple attack vectors.
Imperva Incapsula takes a multi-tier approach to blocking DDoS traffic. It filters traffic through a web application firewall, a DDoS rules engine and a series of progressive challenges that are invisible to legitimate traffic.