We’re thrilled and honored to be selected as the 2017 Market and Technology Leader in the Global DDoS Mitigation Market by Quadrant Knowledge Solutions. And not only because of all the other solutions against which our solution was compared, but also for Quadrant’s recognition of our end-to-end, multi-tier architecture centered around the principle of hybrid DDoS mitigation.
Most solutions that offer any form of cloud capability, including those investigated by Quadrant, have no on-premise component. And the inverse is true for most appliance-based solutions. In some cases, this requires the customer to independently identify the presence of a DDoS attack and then call in to request a cloud mitigation. This can delay the time-to-mitigate due to human involvement as well as increase the level of stress and aggravation for those tapped to make the call.
However, in cases where DDoS attack detection is automated, most simply perform all operations in the cloud. This approach has several drawbacks. For one, to detect DDoS attacks, traffic must be permanently diverted through the cloud mitigation provider’s network (characterized as Always-On), whether an attack is present or not. This permanent diversion increases average latency degrading the user experience. As many cloud-based DDoS mitigation providers make use of reverse proxies to receive the traffic and process the attack, service protection is generally limited to HTTP or HTTPS (SSL), limiting the protection available to targeted services using other application protocols. Also, DDoS attacks can take many forms, shifting attack vectors to non-HTTP protocols and potentially overwhelming individual proxy nodes leading to partial outages. Further, acting as a proxy, the proxy server node must be able to reach the targeted service to retrieve content and supply user data. This means the targeted service is still on the internet and directly reachable by attackers if they discover its true address allowing attackers to completely bypass the cloud mitigation providers network. And finally, as an Always-On service, many cloud mitigation providers understand they’ll be mitigating every DDoS attack no matter how small even though their costs are built around the operational overhead for each attack. This means they price their service presuming each customer will be attacked frequently, leading to high monthly or annual fees and an overall poor total cost of ownership for the customer.
Arbor Networks’ hybrid approach to DDoS defense starts with the understanding that the clear majority of DDoS attacks will be small enough to be best mitigated on-premise, whether physical or cloud, and that a one-time price best captures and extends that value into the future. Also, keeping the traffic out of a third-party network and solely connected to the internet preserves the ideal traffic paths for reduced latency and optimal user experience for all the times a service is not under attack. Arbor’s DDoS mitigation technologies are multi-protocol, and hence multi-vector aware, meaning they’ll detect and mitigate whatever attackers throw at the targeted service. And being integrated into the network means they surgically remove attack traffic at the lowest level and without most people knowing they’re even there. And for the rare occasion when a DDoS attack is large enough to saturate the in-bound internet circuit, the on-premise technology will automatically signal Arbor Cloud to temporarily divert traffic to one or more scrubbing facilities filtering out terabits of attack traffic before securely delivering clean traffic to the target network. For compatible networks, Arbor Cloud offers a traffic diversion method that requires all traffic directed at the targpieted service to pass through the cloud scrubbing facilities and removes the ability for attack traffic to bypass defenses. With the understanding that 95% of DDoS attacks will likely be completely mitigated by on-premise technology and not require cloud mitigation, Arbor Cloud service is structured to provide extra value by including a predicted number of mitigations per year. This can result in huge savings compared to Always-On cloud mitigation services.
As described and confirmed by Quadrant, Arbor delivers on the promise of hybrid DDoS mitigation that combines the value of on-premise DDoS mitigation with the power of cloud mitigation resulting in complete DDoS protection.