Every time I read another report about distributed denial of service (DDoS), I find myself either cringing or smiling. That’s the easiest way to boil down my reactions. Much in the same vein of “each data breach cost one bajillion dollars!” while making my best Dr. Evil face. The scoring, or the methodology used, in general usually causes me to pause if it isn’t immediately clear how the scores were arrived upon. Then there are reports where the ledes can get buried. The juicy pieces that might not seem immediately clear.
Last week the Forrester research team released their Forrester Wave report as it pertained to DDoS Mitigation Solutions. It made for an interesting read. Kudos to all of the companies that scored well in the report. Naturally, each company released their respective “we’re number one” press releases, my own company included. It makes perfect sense that they would all do this as they all have that to be proud of. Beyond that, what jumped out me as I read the report was that 1) appliances don’t scale, 2) the ability to react and respond is paramount and 3) the ability to scale is key.
I was at a conference earlier this year where I had some time to walk the vendor floor. There were two prevalent themes that I took away from this stroll. There were dozens of ransomware protection related startups that were vying for customers attention. But, more relevant to my interests was the swath of ‘DDoS mitigation’ companies that were there. One in particular, who was not on the Wave report, trumpeted that they could afford their customers 1.5 GB of protection from DDoS attacks…with their appliance.
Let that soak in for a moment. This was a company that was using the idea of holding up gauze in front of a semi-truck and hoping it would offer some sort of protection (Hat tip to the late great Robin Williams). When we take into account that there have been documented DDoS attacks in excess of 600 Gbps this seems cold comfort.
A couple years ago I was speaking with a customer that had an appliance-based solution in place. I asked them how they would deal with an attack that exceeded their stated capacity and the response was “we’d buy more boxes.” This ranks right up there with having a line in your disaster recovery report that says you will go to
Best Buy to purchase laptops in the event of a calamity.
The Wave report had this passage, “Akamai received favorable feedback on its ability to detect new attack types while yielding few false positives. Reference customers remarked on the company’s responsiveness, expertise, and ability to immediately stop attacks.” A wonderful endorsement from Akamai’s customers. This is important when you have a company that is service based. You can’t just get a signed P.O., drop the product off, and ride off into the sunset. This happened to me back in the 90s when I deployed a security system and I made the naive inquiry as to how we could update the software and how often the updates would be made available. This was met with a slack jawed look from the sales representative. You need to live in the shoes of your customer.
As a customer, you need to be an advocate for your company. You need to be able to ask the tough questions. How will the product scale? How are updates handled? What sort of bench strength does your company have to support my organization? Does the vendor have an acceptable use policy? You don’t want to have the uncomfortable realization that you might be sharing a platform or service with criminal hackers.
A DDoS mitigation solution should be a partner. This isn’t a line item on a budgeting spreadsheet after staplers and coffee creamer. No matter what sort of industry report you might be reading be sure to peel back the layers. You need to advocate for your company and ensure you are getting the best of breed service and support – and are not playing the catcher position on the javelin team!