19 July 2022
High-quality protection against DDoS attacks: What's the fair price?
As you know, quality is very rarely cheap. The protection StormWall offers is no exception: we invest thoughtfully to achieve high quality of our DDoS protection service while keeping fair prices - far from the highest on the market. Thanks to the chosen strategy, we offer a very favorable price-quality ratio.
Is it even worth paying for protection? Let's assess the risks
If DDoS attacks have not done much damage to you yet, you are probably asking yourself the question: is it even worth defending against them, or would it be better, easier, cheaper to just accept the risks involved?
Since DDoS protection solutions belong to the field of information security, they are usually evaluated not in terms of payback, but in terms of risk mitigation and minimization of potential damage. Insurance costs, for example, are analyzed in a similar way.
In the case of information security, we are dealing with cyber risks. Their relevance for a given company grows with the increasing dependence on IT. That is why, by the way, special attention is paid to them in digital business.
We keep pointing out DDoS risks and their increasing relevance. These risks can be divided into four main categories: Financial risks, reputational risks, SEO risks, and risks associated with a decline in information security.
- Financial risks are primarily associated with customer outflow, contract termination, claims for damages by dissatisfied and aggrieved customers, and their demands for compensation and fines. The easiest way to assess financial risks is in connection with lost profits due to downtime of attacked Internet resources.
- Reputational risks include a decline in customer loyalty and the emergence of a lot of negative news, including in the media and social networks. They also affect profits, but not directly and rather indirectly. Nevertheless, they must be taken into account in order not to face a shambles one day.
- By SEO risks we mean, first of all, a decline in positions in search queries (SEO ratings), as well as a violation of the correctness of the operation of website visit counters. Again, these risks do not have an immediate impact, but they are significant: the decline in Internet search query positions has a direct impact on website traffic and, consequently, on the cost of attracting new customers and retaining existing ones.
- Finally, there is a component to DDoS risks that is directly related to information security. First, a resource that is not protected from DDoS attacks is more open to intruders: it is easier to look for vulnerabilities and choose points of attack. Second, DDoS attacks are often used as one of the directions of multi-vector attacks - usually as a distraction: while the information security team is busy fixing the unavailable resource, attackers can try to hack either the resource itself or the neighboring systems of IT. If the resource is reliably protected against DDoS attacks, then the information security team has much more chances to detect a hack attempt in time and take the necessary actions.
All of the listed risks should be assessed with your specific circumstances in mind. Once you have an objective assessment, you will be able to understand what to do with them and how to manage them.
Cheap protection: saving or wasting?
There are many cheap anti-DDoS services on the market. Some hosting, Internet and cloud providers offer them completely for free - in addition to their other services. But is it worth chasing cheapness? Will it not turn out that a cheap service will only give the illusion of protection, but will not protect your resources from DDoS attacks?
For example, in the spring of 2022, we were approached by a reputable domain name registration company that was using anti-DDoS services from two different providers, but they were unable to protect it from a serious DDoS attack on DNS servers. As a result, not only these servers became unavailable, but also the customers' Internet resources connected to them, and the situation could only be handled after StormWall protection was connected. All subsequent DDoS attacks were also successfully repelled.
We have already talked about how to choose a reliable anti-DDoS provider, so we will only discuss one feature of cheap protection services: They usually provide only a reflection of those DDoS attacks that take place at the network (L3 according to the OSI model) and transport (L4) layers. If you need protection for mobile and Internet applications (attacks on these applications take place at the L7 layer), it is unlikely that it will be possible to make them more secure and accessible with cheap anti-DDoS services. And even if a cheap service seems to provide filtering at all layers (L3, L4 and L7), it is by no means certain that its functionality is sufficient to protect your resources.
High quality services are the result of serious investments
Professional protection provided by a specialized company like StormWall costs more than cheap services offered by providers of a wide range of services or only small providers of anti-DDoS solutions. This is quite natural, because a high-quality protection service is not created in a day and not by magic.
First, we regularly invest in research and development. The foundation of our protection service is our own innovative software development, which has absorbed the best ideas in the industry that have appeared in recent years. In the 9 years of our presence in the market, we have invested in them a variety of technologies, approaches and opportunities. In particular, we have incorporated artificial intelligence and machine learning mechanisms, our own traffic filtering mechanisms at the L3-L7 levels of the OSI model, and protection against attacks via botnets. To combat "intelligent" attacks at the L7 level, we have anti-bot (proactive protection), which is part of the anti-DDoS service, as well as WAF, when advanced hacking protection features and various automated influences are required.
We have learned a lot, and we can still do a lot. For example, to protect services that meet the requirements of the PCI DSS payment system standard, or systems that exchange sensitive data (including personal), we provide protection against DDoS attacks without disclosing the private SSL/TLS keys and without installing software or hardware on the customer's platform through intelligent analysis of HTTP protocols. Not all professional providers can offer something similar to their customers.
Second, we are investing in datacenter infrastructure that filters traffic and defends against attacks. At the end of last year and the beginning of this year, we significantly expanded the capacity of our data centers so that we can fend off even the strongest DDoS attacks known to date.
Third, we are investing in processes thanks to which we have built perhaps the best technical support in the industry, with incident response times of 1 second in automatic mode and 1 minute in manual mode.
Fourth, and finally, we invest in human resources - in the search, training and professional development of our specialists. We are constantly working to improve the level of their skills.
All this together allows us to create and develop one of the best DDoS protection services in the world, which can reliably protect our customers from DDoS-related risks.