How long can your site/service endure downtime in the event of a successful DDoS attack? Would most enterprises really rather fend for themselves when it comes to security? One reputable survey seems to say so. Organizations are largely investing technology and staffing budgets earmarked for information security into related in-house skills and technology, according to a 2016 SANS Institute report on IT Security Spending Trends. That could and probably would be the topic of this article but for one little thing.DDoS security stands out as the only exception in the aforementioned report with companies spending outside their own ranks for detection and remediation. Most companies surveyed prefer cloud service-based DDoS protection when picking a provider.A list of top DDoS protection cloud services given in random order can include F5 Silverline, Arbor Networks’ Arbor Cloud, CloudFlare’s advanced DDoS protection, VeriSign DDoS Protection Service, Imperva Incapsula, Akamai Kona Site Defender, Cisco Guard, and Level3 DDoS Mitigation. There are many more such services; this list includes the best, depending on who you talk to.Risk profiles, coverage, research methods, deploymentsHere are four tips to know when preparing to select a DDoS protection cloud service. Tip No.1: Know Your Risk Profile. Determining what DDoS protection cloud service is best for your business starts with knowing the risk profile of your organization, since you will have to marry a suitable service to that profile. ISACA offers information about what to include in a risk profile. According to Tim Cullen, senior security consultant, CISSP, and chair at the Cybersecurity Simulation for the Technology Association of Georgia, here are the impact profile points you must know for your enterprise.How long can your site/service endure downtime in the event of a successful DDoS attack?What is the range of losses in revenue that would affect your company if an attack prevails?How would DDoS inflicted downtime contribute to loss of customer confidence or market share?Tip No.2: Know the protections/coverage you need. Once you have established what the weight of these pain points would be on your organization in and after an active attack, you need to establish what kinds of protections are necessary. You might, for example, need to detect and protect yourself against zero-day attacks since many DDoS attacks flood requests for services using new OS or application vulnerabilities that the vendors have not yet patched, explains Cullen. “You need to know how quickly the provider can implement the solution to protect you and whether it secures you and your data if you are currently under attack,” adds Cullen.Tip No.3: Know providers’ research methods. The methods the DDoS protection cloud service uses to gather data about attack vectors is also important to your selection. According to Cullen, you should confirm whether the provider has and uses the following abilities:Do they use their own metrics for isolating attack data?Do they rather use a cloud service to report and disseminate attack alerts and to update virus/malware signatures?Do they have a global footprint for data collection?Do they proactively research and identify new attacks as they are first appearing in the wild?The cost of some features such as a proactive security (proactive research) approach will be a factor in your selection.Tip No.4: Deployment options. Be sure to ask whether the service can be deployed in different ways so that you can select the deployment approach that leaves you feeling confident and comfortable. Choices include setups with everything going through the cloud, arrangements where you have to recognize an attack and then elect to divert traffic to the cloud manually, and setups where the system recognizes an attack and redirects traffic to the cloud service for you.Service qualities to look forCullen offers eight tips for ranking DDoS protection cloud services based on the quality of critical service capabilities.Quality No.1: Low latency. Test your applications on the service to see whether they offer low latency while they are running scans. “Published scrubbing capacity numbers peg F5 at 2Tb/sec, Imperva at 1.5Tb/sec, and Arbor Networks at 1.1Tb/sec. These three are usually on my short list of vendors to talk to about speed,” says Cullen. Quality No.2: Security track record. Ask for letters of recommendation and lists of customers whom you can question. F5, Arbor Networks, and Imperva have been in this market a long time and have many letters of recommendation to demonstrate that they perform well in securing their customers, says Cullen.Quality No.3: Remote ticketing service. Most services offer remote ticketing on your behalf. “We have had good results with vendors like F5 and Akamai for problem resolution and remote ticketing; they seem to own the problem till resolution,” says Cullen.Quality No.4: Strong UI/dashboards for self-management. Depending on your preference most any provider could come out on top here. “I like the Imperva and F5 dashboards. Arbor Networks gets an honorable mention; it was not as intuitive for us as the others,” says Cullen.Quality No.5: A Forensics Team. Such a team can help understand the specific challenges and appropriate resolutions on a case-by-case basis. “F5 was a standout vendor for this option with a research team that watches the hacking community for attacks and trends,” says Cullen. Quality No.6: Logging. Complete data records of attacks culled from logs are critical to prosecuting the culprits behind breaches. This is another option that everyone has and you may end up basing your selection on your own preference.Quality No.7. Licensing. Providers can offer licensing based on the protection options available, the amount of bandwidth you require or use, and whether you choose an onsite hardware/cloud subscription, says Cullen. Another form of licensing is access-based licensing, which applies to the means you use to access the cloud and can include all services. Akamai and F5 were the best for this last licensing option, according to Cullen.Quality No.8. Minimal impact to the local environment. Some services route all traffic to the cloud first, some allow some traffic to go to the company site first, and some let all traffic go to the company site until the time of an attack. The last option has the least effect on the local environment.More on DDoS attacks:DDoS explained: How denial of service attacks are evolvingUnlimited DDoS protection the new norm after Cloudflare announcementHire a DDoS service to take down your enemiesDDoS protection, mitigation and defense: 7 essential tipsApplication layer DDoS attacks risingSkilled bad actors use new pulse wave DDoS attacks to hit multiple targets Related content news Okta launches Cybersecurity Workforce Development Initiative New philanthropic and educational grants aim to advance inclusive pathways into cybersecurity and technology careers. By Michael Hill Oct 04, 2023 3 mins IT Skills IT Skills IT Skills news New critical AI vulnerabilities in TorchServe put thousands of AI models at risk The vulnerabilities can completely compromise the AI infrastructure of the world’s biggest businesses, Oligo Security said. By Shweta Sharma Oct 04, 2023 4 mins Vulnerabilities news ChatGPT “not a reliable” tool for detecting vulnerabilities in developed code NCC Group report claims machine learning models show strong promise in detecting novel zero-day attacks. By Michael Hill Oct 04, 2023 3 mins DevSecOps Generative AI Vulnerabilities news Google Chrome zero-day jumps onto CISA's known vulnerability list A serious security flaw in Google Chrome, which was discovered under active exploitation in the wild, is a new addition to the Cybersecurity and Infrastructure Agency’s Known Exploited vulnerabilities catalog. By Jon Gold Oct 03, 2023 3 mins Zero-day vulnerability Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe