Organizations that thrive on constant internet availability must have a DDoS defense strategy in place, but choosing a cloud DDoS protection provider is not easy.
The following eight questions were designed to help organizations that are considering switching to a new volumetric (L3/L4) DDoS protection provider or have never worked with one in the past. We posed them to edge security evangelist Stephen Gates, who explained how Oracle Dyn’s DDoS detection and mitigation services work.
These questions are primarily technical in nature, because DDoS attacks impact technology first and bottom lines next. They can help organizations make the best selection when considering competing DDoS protection providers.
How much time does it take you to detect a DDoS attack?
We can detect an attack within seconds of it being launched. Because we continuously monitor flow data and SNMP from your border routers, we’ll know immediately of any DDoS attack in progress.
How much time does it take to divert incoming traffic to your cloud DDoS protection services?
We can divert all traffic destined to the netblock (IP block) under attack to our scrubbing centers in less than 60 seconds. From there, all DDoS traffic will be scrubbed from the incoming traffic streams, and the legitimate traffic will be returned to its original destination.
How can you divert traffic so quickly?
We preprogram our DDoS detection and mitigation services with all of your netblocks (IP blocks) and redirect the BGP route for the netblock under attack to our cloud, by advertising that route from our scrubbing centers. This causes all traffic destined to that netblock to route to one or all of our scrubbing centers first. This happens within seconds of detecting an attack.
What traffic reinjection options do you offer to return the legitimate traffic that was diverted to your scrubbing centers back to customer networks?
We offer two different options. The first is an always-on GRE tunnel between our routers and your routers to be used for both DDoS detection and good-traffic reinjection. The second is an always-on L2 connection between our network and yours, which is quite feasible because of the large number of locations where we have facilities.
What technologies have you deployed in your scrubbing centers, and who operates these technologies?
We have implemented leading DDoS detection and mitigation technologies in our scrubbing centers. These technologies are operated by our battle-hardened DDoS detection and mitigation experts. Each expert has at least five years of experience detecting and mitigating DDoS attacks for our customers daily.
Can customers analyze, track, and report on the DDoS attacks they’re experiencing and offload the logs to their SIEM or log collectors?
We have a web-based customer portal that provides all of this functionality.
How much time does it take to onboard an organization in your cloud DDoS protection service to ensure that the proper defenses are in place, tested, and ready to engage?
We have a well-defined and proven process. Emergency onboarding is measured in minutes or hours, while non-emergency onboarding takes no longer than a few days. The standard process begins with a conference call with our subject matter experts and requires some information-sharing concerning the IP address space your organization owns. In addition, there will be an agreement in place that permits us to automatically redirect your traffic to our cloud, for the netblock that comes under attack.
Is there any upcharge in pricing based on the frequency, duration, and magnitude of the DDoS attacks an organization may experience?
We do not adjust our pricing based on any of these factors. Your attacks are now our problem, and you will not be charged any differently, even if you under attack daily. The price is a budgetable, flat cost that will not fluctuate based on your DDoS attack activity.
Although there are likely more questions you’ll have, the answers to these eight are critical to ensuring the cloud DDoS protection provider you choose is capable of immediately detecting and mitigating volumetric (L3/L4) attacks against your networks, websites, and applications.