您当前的位置是:  首页 > technology > Corporate communications > technology > Data network > solution >
Technology - Corporate Communications -Data Network Technology Channel
  Home >technology > Corporate communications > technology > Data network > solution > Radware: Choosing the Best DDoS Solution Trilogy II

Radware: Choosing the Best DDoS Solution Trilogy II

-- On-demand cloud services

2018-05-08 13:39:19 Author: Source:CTI ForumComment:0  Click:


This series of articles examines various options for DDoS protection measures and helps companies choose the solution that best suits them. The first article in this series introduced the local DDoS mitigation device. This article will outline an on-demand cloud solution. Subsequent articles will introduce always-on and hybrid solutions.
The advantages of migrating to the cloud
Compared to deploying individual hardware devices, there are many advantages to migrating to the cloud:
  • Protect Cloud Apps:Local devices cannot protect applications hosted in the cloud and therefore require cloud-based protection.
  • Greater capacity: As large-scale DDoS attacks grow in size, many attacks can easily exceed the capacity of typical enterprise-class DDoS mitigation devices. In this case, cloud services can provide spare capacity that can resolve these attacks.
  • Lower management overhead:Compared to the use of local devices, the administrative costs and personnel required for frequent use of cloud services are less.
  • Lower cost: DDoS mitigation equipment requires a large amount of upfront capital expenditure (CAPEX), and the cost of cloud DDoS mitigation services is often lower, and can be paid in a continuous subscription model. This allows customers to expand (or shrink) their services according to their needs. In addition, these expenses are often classified as operating expenses (OPEX), which is easier for many companies to allocate.
  • However, it should be noted that the convenience of the cloud is gradually reduced based on lower-level controls and potential conflicts with regulatory requirements that may limit the ability of companies to migrate to the cloud.
  • On-demand:DDoS protection enabled when needed
The first mode of cloud DDoS protection is on-demand mode. In this mode, during peacetime, traffic usually flows directly to the host (ie, it is not attacked). However, once a DDoS attack is identified, traffic is forwarded to the cloud DDoS mitigation service, which cleans attack traffic and passes only clean traffic to the source server. As the name implies, this type of protection will only start on demand when needed.
Advantages and disadvantages:
  • There is no delay in peacetime:One of the greatest advantages of on-demand services is that there will be no delay in the 'peace days' that have not been attacked. Only during the duration of the attack that was attacked will traffic be transferred.
  • Lower cost:On-demand services are often cheaper than buying dedicated DDoS mitigation devices and always-on cloud services. This can effectively protect customers who do not have a large budget.
  • easy to understand:On-demand cloud services are easy to maintain and do not need to be managed under normal conditions.
However, the on-demand model also has certain flaws:
  • Detection time:The biggest drawback of on-demand services may not be 100% protection. Most on-demand services can detect DDoS attacks based on large traffic thresholds. Only when a certain traffic threshold is reached, protection measures will be initiated, which may take several minutes to accumulate data and analyze it. During this period, the server may be exposed.
  • Forwarding time:It may take more time from the start of forwarding to the completion of forwarding. Forwarding time consists of two factors: the time it takes to start forwarding and the time it takes to propagate through BGP or DNS tables. Although forwarding times can be minimized using automated or programmable (API-based) forwarding techniques, the propagation time is often out of direct control of the provider.
  • Delay during forwarding:Once traffic begins to be forwarded, all requests to the source server are relieved through the cloud DDoS to the provider's network, which may increase transaction delays. The number of delays depends on the location of the cleaning center, the distance from the source server, and the quality of the connection. However, this delay will continue only when forwarding occurs, and once the forwarding is over, it will return to normal.
Precautions:
Just like buying a local device (and the always-online and hybrid modes discussed next), whether you choose to use the on-demand protection model depends on your company's specific use cases and requirements:
  • delay:Using on-demand services does not increase peacetime delays, so on-demand services are effective for delay-sensitive applications.
  • Attack frequency:How often does the company suffer an attack? If an enterprise is only occasionally attacked (or not attacked at all), on-demand services may be a more cost-effective solution when attacked. However, if enterprise servers are constantly attacked, then forwarding traffic without interruption may not be very effective, and always-online or hybrid services may be better.
  • Key business applications:Is enterprise application a business-critical application? On-demand services typically take several minutes to perform the detection and forwarding steps, during which the server is still exposed. If the company can resolve this risk without causing significant damage, on-demand service is good. However, if companies can't afford to lose even a moment of downtime, then an always-on or hybrid solution may be better.
What are the most suitable companies?
Taking into account the advantages and disadvantages of on-demand cloud DDoS protection model, the following types of customers (or applications) can choose this solution:
  • Not often attacked:Enterprises that are not frequently attacked and do not need continuous protection.
  • Delay sensitive:Applications that are very sensitive to latency are therefore not suitable for always-on solutions.
  • Sensitive to price:There is no large number of budgets available for DDoS protection but companies that want cost-effective protection.
However, similarly, this solution is not suitable for certain types of enterprises and applications:
  • Businesses that have continued to be attacked:Enterprises or applications that are constantly under attack often need to transfer traffic. In these cases, always-on or mixed services may be more appropriate.
  • Key business applications:Business-critical applications must always be available and cannot afford the cost of any downtime. Since on-demand DDoS protection usually takes a few minutes to detect and transfer, this can lead to a brief interruption in availability. If this is a major issue, then an always-on or hybrid solution may be better.
For enterprises that do not need continuous protection, the on-demand cloud DDoS protection model is a more cost-effective solution. For customers who need continuous protection measures, always-on and hybrid cloud services can provide them with this type of protection. The next article in this series will focus on these alternatives and which companies are best suited for use.
About Radware
Radware is a global leader in application delivery and application security solutions for virtual data centers and cloud data centers. Radware's award-winning solutions provide critical flexibility for business-critical applications, maximum IT efficiency, and complete business agility. Radware solutions help tens of thousands of companies and operators around the world quickly respond to market challenges, maintain business continuity, and reduce costs while achieving maximum productivity.
[Disclaimer] This article only represents the author's own opinion and has nothing to do with the CTI Forum. The CTI Forum maintains its neutrality in the presentation of statements and opinions, and does not provide any express or implied warranty for the accuracy, reliability or completeness of the contents contained therein. Readers are for reference only, and please bear full responsibility for yourself.

Topics