Is a DDoS solution at the top of your ‘shopping’ list?

October 6, 2015 JP Blaho

ShoppingListIcon_221x221I just bought a new car.  I was in the market for a new car, and although I did not have a compelling reason to purchase a new vehicle, I still purchased one.  I use the word “compelling” in that previous sentence because a compelling reason, or compelling event is usually the catalyst for a new purchase.  I made the purchase in the absence of a compelling event.  So, as a marketer, I had to do a personal win analysis on my purchase.  In business, like my recent automobile acquisition, most purchases are done without drastic motivation (compelling event).  These types of purchases have a much longer sales cycle, involve more business levels in the decision-making process, and require an ask for budget to be created or carved out for the purchase.  A compelling event, like a breach, usually fast-tracks these processes so that resolution to the problem can be solved quickly.  Going back to my purchase, a compelling event could have been me totaling my vehicle (which thankfully did not happen).  Instead, my purchase was more like a traditional purchase; I realized that I had a need for something to replace my current technology, and began the process of “shopping.”

My last three blogs have been written around building a business case for DDoS, and today I am going to close out this series around describing your current landscape.  In this fourth step, you must be able to describe the fundamental strengths and weaknesses of current countermeasures to your decision makers.  This means that after you should have already:

  1. Educated your executive team on the state of the current DDoS attack environment in a “language” they can understand and relate;
  2. Illustrating the business implications that will result when and when not making a decision around DDoS protection; and
  3. Expanded the management team’s visibility into the positive impact that DDoS protection can provide.

In order to motivate a decision, it is also important to describe to the business decision makers how your current IT infrastructure supports and protects from DDoS attacks.  In this instance, you can provide them with a “state of DDoS protection” assessment that incorporates how your team faces attacks today, how the infrastructure can or cannot support those attacks, and how time/cost intensive these efforts are on a given attack period, or over the previous year.  By giving them this view, you run less of a risk of them making the choice to do nothing.

Going back to my recent car purchase…I followed a similar process.  I completed a true assessment on my previous vehicle, and determined a cost to own over the next three years for this vehicle, knowing that it needed new tires, rear breaks and a significant servicing during this period.  I then researched the types of common repairs current owners of the same vehicle experienced in their car over the next three years, and determined the chance of me experiencing some of these same problems.  From there, I looked at comparable vehicles (and others that I really liked), and did a cost-to-benefit analysis to determine if any of the cars I was interested in had a lower cost of ownership.  Three models actually made it on that list.  However, two actually had more features and options than my current mode of transportation.  My final stage was looking at how the purchase would affect my productivity, meaning how much of a time suck would each of these cars be for me.  At the end of the day, I realized that my previous car would cost more money, offered less value to me, and would consume more of my time via maintenance and repairs than purchasing a new vehicle.  Although I had no reason to believe that the car was going to die on me, or give me problems, I looked ahead, identifying a need, and performed the appropriate due diligence to determine the best course of action.  Other than the purchase type, the process is very similar to how companies make buying decisions.

If your organization is looking to incorporate or upgrade a DDoS solution into your network environment, I encourage you to read our white paper titled The New Business Imperative for DDoS Protection where it walks you through the four necessary steps for building a business case for DDoS.

The post Is a DDoS solution at the top of your ‘shopping’ list? appeared first on Arbor Insights - Our People, Products and Perspective.

Read more...

Previous Article
The Kill Chain…the Real Horror Story
The Kill Chain…the Real Horror Story

Halloween happens to be one of my favorite holidays.  As a kid, I loved to dress up in costumes, collect ca...

Next Article
Comment on Will the real Advanced Threat technology please stand up? by What happened next? Solving the 'Who Done It' mystery in security -
Comment on Will the real Advanced Threat technology please stand up? by What happened next? Solving the 'Who Done It' mystery in security -

[…] security industry talks a lot about advanced threats, a new model for Incident Response and the better ...