Properly implemented DDoS mitigation is what keeps websites online during an attack. Explore the process of DDoS mitigation and the essential characteristics to look for in a mitigation service.
What is DDoS mitigation?
DDoS mitigation protects a targeted server or network from a distributed denial-of-service (DDoS) attack. A targeted victim can mitigate the incoming threat using specially designed network equipment or a cloud-based protection service.
There are four stages of mitigating a DDoS attack using a cloud-based provider:
- Detection – to stop a distributed attack, a website must distinguish an attack from a high volume of regular traffic. If a product release or other announcement has a website swamped with legitimate new visitors, the last thing the site wants to do is throttle them or otherwise stop them from viewing the website’s content. IP reputation, common attack patterns, and previous data assist in proper detection.
- Response – in this step, the DDoS protection network responds to an incoming identified threat by intelligently dropping malicious bot traffic and absorbing the rest of the traffic. Using WAF page rules for application layer (L7) attacks or another filtration process to handle lower level (L3/L4) attacks such as Memcached or NTP amplification, a network can mitigate the attempt at disruption.
- Routing – By intelligently routing traffic, an effective DDoS mitigation solution will break the remaining traffic into manageable chunks, preventing denial of service.
- Adaptation – A good network analyzes traffic for patterns such as repeating offending IP blocks, particular attacks from certain countries, or improper protocols. A protection service can harden itself against future attacks by adapting to attack patterns.
Choosing a DDoS mitigation service
Traditional DDoS mitigation solutions involved purchasing equipment that would live on-site and filter incoming traffic. This approach involves purchasing and maintaining expensive equipment and relies on a network capable of absorbing an attack. If a DDoS attack is large enough, it can remove the network infrastructure upstream, preventing any on-site solution from being effective. When purchasing a cloud-based DDoS mitigation service, specific characteristics should be evaluated.
- Scalability – a practical solution needs to adapt to the needs of a growing business and respond to the growing size of DDoS attacks. Attacks larger than two terabits per second (Tbps) have occurred, and there’s no indication that the trend in attack traffic size is downward. Cloudflare’s network is capable of handling DDoS attacks considerably larger than have ever occurred.
- Flexibility – creating ad hoc policies and patterns allows a web property to adapt to incoming threats quickly. The ability to implement page rules and populate those changes across the entire network is a critical feature in keeping a site online during an attack.
- Reliability – much like a seatbelt, DDoS protection is something you only need when you need it, but when that time comes, it better be functional. A DDoS solution’s reliability is essential to any protection strategy’s success. Ensure the service has high uptime rates and site reliability engineers work 24 hours daily to keep the network online and identify new threats. Redundancy, failover, and an expansive network of data centers should be central to the platform’s strategy.
- Network size – DDoS attacks have patterns across the Internet as particular protocols and attack vectors change over time. A large network with extensive data transfer allows a DDoS mitigation provider to analyze and respond quickly and efficiently, often stopping attacks before they occur.