DDoS Protection by CyberSecurity CDNs

The CyberSecurity CDNs are in a great position for mitigating all flavors of DDoS attacks. While amplification based attacks test the CDNs bandwidth capabilities, the zero-day attacks test the CDNs capabilities in stopping OWASP Top 10 attacks. Nowadays, the DDoS attacks are multi-vector, where a volumetric-based attack might be cover for a slowloris type attack. Although there are many DDoS Protection Service Providers and MSSP’s, how many of them can handle a large scale volumetric attack. The most recent large scale DDoS attack was recorded at 400Gbps against CloudFlare. By year end, its possible we might see 600Gbps to 800Gbps DDoS attacks. There are very few service providers that can handle an attack of that scale. However, the CyberSecurity CDNs are ready now, and will be in the future, even once we start seeing 1Tpbs DDoS attacks. Here is a snapshot of the CyberSecurity CDN and different attack types.

Goals of a DDoS Protection Service
  • Extensive monitoring, detection and mitigation capabilities for Layer 3, 4 and 7 attacks
  • Filter good traffic from bad, allowing legitimate packets entry
  • Use a behavioral -based system that builds a baseline of normal activity, then monitors traffic against that baseline identifying anomalies vs signature-based matching/predefined signatures
  • Protect from known and unknown attacks
  • 24×7 Monitoring, NOC and Always On DDoS Services