This time we discuss the types of DDoS protection solutions.
There are three types of solutions:
Let us discuss the on-premise today.
This type of solution can be installed either by a customer or by his ISP. Both software and hardware appliances (specialized network devices) are available.
THE ADVANTAGES OF ON-PREMISE SOLUTIONS
- Minimal impact on latency thanks to local installation.
- The ability to flexibly integrate the solution into the existing infrastructure. You are the absolute master of your filtering system.
- The ability to configure protection as you need.
LIMITATIONS AND DRAWBACKS
- High cost. The cost of ownership of on-premises anti-DDoS solutions is usually higher than of cloud-based ones.
- The need to hire or train your own specialists to work with the solution, monitor threats, and respond to incidents. You are the owner and you are responsible for the solution efficiency.
- Limited functionality. On-premises solutions typically allow you to protect yourself only from packet flood (L3-L5 layers of the OSI). But they probably won't help you to protect from HTTP botnets (L7 filtering is required to protect web applications).
- Limited bandwidth of the solution itself and available communication channels. If, for example, you have only 40 Gbit/s bandwidth then the local solution will not be able to repel an attack of 50 Gbit/s.
Telecom operators (cloud and Internet service providers) and datacenters that can afford to have their own Anti-DDoS service and are able to cope with powerful (hundreds of gigabytes) attacks and also offer Anti-DDoS service to their customers.
Next time, we'll talk about cloud and hybrid solutions.